Hello,
We’re facing a kind of special scenario with our current setup, in which we have Keycloak
as identity provider for both a website and a native mobile app.
For the website part, we use the Tomcat adapter and the Keycloak built-in login screen,
and it works fine.
For the native app, we’ve been using oidc and the /token and /userinfo endpoints for
logging in and retrieving user data, and that also has been working fine so far.
Now, the situation is that we would like to allow opening certain pages from the website
within a webview in the app, and these wesite pages should reflect the user information
correctly. Is it possible to make the Tomcat adapter aware of the session opened via oidc?
The first idea was to get the access token from /token and then pass that somehow to the
request in a way that the Tomcat adapter will use it.
I attempted to do so by using the QueryParamterTokenRequestAuthenticator provided by the
Tomcat adapter, which recognizes an access_token query parameter, and I can see that the
user is properly authenticated while debugging. However, after a redirect, we do not seem
to have the KeycloakPrincipal nor the KeycloakContext in the request anymore, as opposed
to what it happens when logging in through the Keycloak built-in login screen. I’m
guessing that the difference is that the regular OAuthRequestAuthenticator saves data into
the AdapterTokenStore, while the BearerAuthentication (from which inherits the
QueryParamterTokenRequestAuthenticator) does not.
Is there any alternative to make this work without making the user login multiple times?
Thanks in advance!
Met vriendelijke groet,
Federico Navarro
backend developer
federico@info.nl<mailto:federico@info.nl> |
LinkedIn<http://www.linkedin.com/in/jasperleferink> | +31 (0)2 05 30 91
61<tel:+31205309161>
info.nl<http://www.info.nl/>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530
9100<tel:+31205309100>