1:19 p.m.
I'm investigating possible options for creating javascript client that will
help mobile developers (cordova, react native) to integrate with keycloak.
The main idea will be to mimic other solutions that allow to login to the
auth server using single method (instead of redirecting to the login page)
For example:
*authbase.auth().signInWithEmailAndPassword(email, password).then(...);*
JavaScript adapter from keycloak team works fine for both Android and IOS,
but mounting login page in webview and styling login page, may be barrier
for the developers starting with keycloak.
*Questions:*
1) Is possible to use keycloak without redirect to keycloak login page?
2) Do you have any suggestions for areas were mobile experience can be
improved?
This topic was raised before on both dev and users lists before, but
without definitive answer[1]
I'm looking for any information that may be helpful.
[1] http://lists.jboss.org/pipermail/keycloak-user/2016-November/008295.html
--
WOJCIECH TROCKI
Red Hat Mobile <https://www.redhat.com/>
IM: wtrocki
<https://red.ht/sig>
1:30 p.m.
TL;DR - I'm looking to contribute to keycloak in my spare time.
I'm interested in mobile areas, mostly related with the login process.
On Fri, Dec 1, 2017 at 12:19 PM, Wojciech Trocki <wtrocki(a)redhat.com> wrote:
I'm investigating possible options for creating javascript client
that
will help mobile developers (cordova, react native) to integrate with
keycloak.
The main idea will be to mimic other solutions that allow to login to the
auth server using single method (instead of redirecting to the login page)
For example:
*authbase.auth().signInWithEmailAndPassword(email, password).then(...);*
JavaScript adapter from keycloak team works fine for both Android and IOS,
but mounting login page in webview and styling login page, may be barrier
for the developers starting with keycloak.
*Questions:*
1) Is possible to use keycloak without redirect to keycloak login page?
2) Do you have any suggestions for areas were mobile experience can be
improved?
This topic was raised before on both dev and users lists before, but
without definitive answer[1]
I'm looking for any information that may be helpful.
[1] http://lists.jboss.org/pipermail/keycloak-user/2016-
November/008295.html
5:13 p.m.
Hi !
Have you talked with Summers about this, he know he had also some ideas ?
For your first question, yes you can bypass the redirect by using Direct
Grant but it's not really a good practice and you loose most of the SSO
benefits.
Sebi
On Fri, Dec 1, 2017 at 1:30 PM, Wojciech Trocki <wtrocki(a)redhat.com> wrote:
TL;DR - I'm looking to contribute to keycloak in my spare time.
I'm interested in mobile areas, mostly related with the login process.
On Fri, Dec 1, 2017 at 12:19 PM, Wojciech Trocki <wtrocki(a)redhat.com>
wrote:
> I'm investigating possible options for creating javascript client that
> will help mobile developers (cordova, react native) to integrate with
> keycloak.
>
> The main idea will be to mimic other solutions that allow to login to the
> auth server using single method (instead of redirecting to the login
page)
>
> For example:
>
> *authbase.auth().signInWithEmailAndPassword(email, password).then(...);*
>
> JavaScript adapter from keycloak team works fine for both Android and
IOS,
> but mounting login page in webview and styling login page, may be barrier
> for the developers starting with keycloak.
>
> *Questions:*
>
> 1) Is possible to use keycloak without redirect to keycloak login page?
>
> 2) Do you have any suggestions for areas were mobile experience can be
> improved?
>
> This topic was raised before on both dev and users lists before, but
> without definitive answer[1]
> I'm looking for any information that may be helpful.
>
> [1] http://lists.jboss.org/pipermail/keycloak-user/2016-
> November/008295.html
>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
8:38 p.m.
On Fri, Dec 1, 2017 at 7:19 AM, Wojciech Trocki <wtrocki(a)redhat.com> wrote:
I'm investigating possible options for creating javascript client
that
will help mobile developers (cordova, react native) to integrate with
keycloak.
The main idea will be to mimic other solutions that allow to login to the
auth server using single method (instead of redirecting to the login page)
For example:
*authbase.auth().signInWithEmailAndPassword(email, password).then(...);*
JavaScript adapter from keycloak team works fine for both Android and IOS,
but mounting login page in webview and styling login page, may be barrier
for the developers starting with keycloak.
*Questions:*
1) Is possible to use keycloak without redirect to keycloak login page?
2) Do you have any suggestions for areas were mobile experience can
be
improved?
I don't have a JavaScript answer for you (boo!), but I have been tumbling
around in my head what it would take to make a broker that you can log in
to. A broker would basically act as a ghetto IdP and sock puppet account
mgmt in KeyCloak. That is a lot more work than just opening a web browser.
See my post here for a better version of that idea :
http://lists.jboss.org/pipermail/keycloak-user/2017-November/012404.html
Alternatively many systems have native token management that you might be
able to hook into as well. It doesn't negate the need to go to the system
browser, but if you are using the same account in multiple apps it could
give you a way to share a session without having each app log in separately.
However, the system browsers are starting to get smarter about their role
in modern authentication so you might be able to leverage them as well.
IIRC Chrome on Android treats the Google account special and I am sure you
can find something similar with safari on iOS.
This topic was raised before on both dev and users lists before, but
without definitive answer[1]
I'm looking for any information that may be helpful.
[1] http://lists.jboss.org/pipermail/keycloak-user/2016-
November/008295.html
--
WOJCIECH TROCKI
Red Hat Mobile <https://www.redhat.com/>
IM: wtrocki
<https://red.ht/sig>
3:12 p.m.
I have been able to sign into KeyCloak without writing a broker service and
using the external/internal key exchange, Google's OpenID endpoints, and
the Google Android SDK.
Basically just follow the docs here :
http://www.keycloak.org/docs/latest/securing_apps/index.html#external-tok...
to setup the server.
There are a couple caveats I discovered to making it work with Google.
First you have to create a generic OpenID Connect IdP configuration in
Keycloak instead of using the Google one. With the exception of Google's
Client ID and secret you can prefill all of the values using Google's well
known file (https://accounts.google.com/.well-known/openid-configuration).
Secondly I disabled the userInfo endpoint because Google needs a Auth token
that is not the ID Token they send you which is used in the KeyCloak key
Exchange.
You can checkout my quick and dirty Android code here :
https://github.com/secondsun/TokenExchangeDemo
(Warning, there may be code gore).
I haven't tested it with non Google IdPs, but I would imagine most OpenID
Connect services will work as well. This isn't quite your use case, but I
hope it gets you closer.
On Fri, Dec 1, 2017 at 2:38 PM, Summers Pittman <supittma(a)redhat.com> wrote:
On Fri, Dec 1, 2017 at 7:19 AM, Wojciech Trocki <wtrocki(a)redhat.com>
wrote:
> I'm investigating possible options for creating javascript client that
> will help mobile developers (cordova, react native) to integrate with
> keycloak.
>
> The main idea will be to mimic other solutions that allow to login to the
> auth server using single method (instead of redirecting to the login page)
>
> For example:
>
> *authbase.auth().signInWithEmailAndPassword(email, password).then(...);*
>
> JavaScript adapter from keycloak team works fine for both Android and
> IOS, but mounting login page in webview and styling login page, may be
> barrier for the developers starting with keycloak.
>
> *Questions:*
>
> 1) Is possible to use keycloak without redirect to keycloak login page?
>
>
> 2) Do you have any suggestions for areas were mobile experience can be
> improved?
>
>
I don't have a JavaScript answer for you (boo!), but I have been tumbling
around in my head what it would take to make a broker that you can log in
to. A broker would basically act as a ghetto IdP and sock puppet account
mgmt in KeyCloak. That is a lot more work than just opening a web browser.
See my post here for a better version of that idea :
http://lists.jboss.org/pipermail/keycloak-user/2017-November/012404.html
Alternatively many systems have native token management that you might be
able to hook into as well. It doesn't negate the need to go to the system
browser, but if you are using the same account in multiple apps it could
give you a way to share a session without having each app log in separately.
However, the system browsers are starting to get smarter about their role
in modern authentication so you might be able to leverage them as well.
IIRC Chrome on Android treats the Google account special and I am sure you
can find something similar with safari on iOS.
> This topic was raised before on both dev and users lists before, but
> without definitive answer[1]
> I'm looking for any information that may be helpful.
>
> [1] http://lists.jboss.org/pipermail/keycloak-user/2016-Nove
> mber/008295.html
>
> --
>
> WOJCIECH TROCKI
>
> Red Hat Mobile <https://www.redhat.com/>
>
> IM: wtrocki
> <https://red.ht/sig>
>
2340
days inactive
2346
days old
4 comments
3 participants
participants (3)
-
Sebastien Blanc -
Summers Pittman -
Wojciech Trocki