Hi there, I went through libraries provided by Corinne in previous mail but have few questions for implementation on android and iOS - 1. Support for existing third party libraries ? As of now, we are using ASIHTTPS (https://github.com/pokeb/asi-http-request) or AFNetworking (https://github.com/AFNetworking/AFNetworking) for iOS and Volley for android. Rather than replacing them with Aerogear libraries considering overall stability of HTTP requests, can we augment those libraries to support key cloak OAUTH2 ? 2. OAUTH implementation possibilites - http://stackoverflow.com/questions/17400398/token-authentication-with-volley https://github.com/keybuk/asi-http-request-oauth Can we use/tweak approach mentioned in above answers/library to work with KeyCloak implementation ? Thanks in advance ! On Fri, Sep 26, 2014 at 11:43 AM, Sagar Zond <sagar.zond(a)xtremumsolutions.com&gt; wrote: +Please go through following libs, We can use this to integrate with Oauth server. regards Sagar Zond ---------- Forwarded message ---------- From: Corinne Krych <corinnekrych(a)gmail.com&gt; Date: Thu, Sep 25, 2014 at 9:06 PM Subject: Re: [keycloak-dev] Keycloak Intergration To: &quot;keycloak-user(a)lists.jboss.org&quot; <keycloak-dev(a)lists.jboss.org&gt; Cc: Sagar Zond <sagar.zond(a)xtremumsolutions.com&gt;, Shashank Singh <shashank.singh(a)xtremumsolutions.com&gt;, Bill Burke <bburke(a)redhat.com&gt; Hello Sagar, For Keycloak OAuth2, AeroGear provides a sdk, we have both Obj-C and Swift. Although lastest features goes in Swift version. 1. AeroGear-iOS 1.6 targets obj-c code [1] with its associated test repo [2], [2bis] 2. AeroGear 2.0 is modularized and based on Swift: aerogear-ios-http [3] aerogear-ios-oauth2 [4] Here you can find interesting access/refresh/revoke simple example: aerogear-ios-cookbook [5] aerogear-backend-cookbook [6] Note that 2.0 is on its way and should be release early October. http module (aerogear-ios-http coupled with aerogear-ios-oauth2) is taking care of refreshing implictly tokens for you. Some blog posts [7]. I’m actually going to write an update blog post for Swift version. Some links to go through.. Feedback welcome. ++ Corinne iOS AeroGear [1] https://github.com/aerogear/aerogear-ios [2] https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInve... [2bis] https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with... [3] https://github.com/aerogear/aerogear-ios-http [4] https://github.com/aerogear/aerogear-ios-oauth2 [5] https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInven... [6] https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/Pro... [7] http://corinnekrych.blogspot.fr/search/label/OAuth2 On 25 Sep 2014, at 15:32, Bill Burke <bburke(a)redhat.com&gt; wrote: > Sagar, I'm moving this to keycloak-dev list. See comments inline > > On 9/25/2014 6:53 AM, Sagar Zond wrote: >> Hi, >> >> We are planning to use KeyClock for OAuth authorization server for our >> API platform. Our understanding to KeyClock and OAuth is not very clear >> so need your help to properly utilize KeyClock features. >> >> Just to introduce our self, we are a start-up firm and creating products >> for Health care domain. In our architecture we will have multiple Rest >> API servers and multiple types of client like mobile, web and publicly >> expose API. KeyCloak can be used as authentication and authorization >> server. We have already gone through most of KeyCloak tutorials. >> >> Here are few points of which we need answer - >> >> 1. API platform will be registered as application server on KeyClock and >> clients (mobile app, web app or other app) will be authorized by >> keyclock as per defined role. Is this a proper use case of KeyClock ? >> > > You'll have to elaborate. I don't know exactly what you are saying. > Your REST API server would be registered as a Keycloak "Application". > You can define roles per "Application" or at the Realm level (global roles). > >> 2. How do we integrate OAuth into mobile app ? Where can we write token >> refresh logic? >> > > You can start off by defining an public "OAuth Client" per mobile app. > You can use the direct grant REST API to obtain a token, or, use mobile > redirects to login through the mobile's browser. I believe the Aerogear > project is doing some work around Keycloak IOS and Android clients, but > you'd have to ping them. > >> 3. How we can add more fields in session? e.g. if we want to add more >> token in header which may contain some extra application specific >> encrypted data. >> > > Not sure what you mean. We don't have a nice way of adding claims to > the token at the moment. > >> 4. We are currently using OpenDS Ldap for authentication and we already >> have number of registered users which currently using API. So we need >> Keyclock to be configured for OpenDS, so please suggested how to >> integrate OpenDS with KeyClock. >> > > We have LDAP integration: > > http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_feder... > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev -- Regards, Sagar Zond