4:43 p.m.
Looks like you’re close. Did you make your Android client (in Keycloak) public or private?
There’s a slight difference in how the code to token request is invoked depending on
this.
Private client’s must authenticate to the token endpoint with HTTP basic authentication,
public clients set the client ID as a form parameter.
See:
https://github.com/keycloak/keycloak/blob/1.7.x/integration/adapter-core/...
See:
https://github.com/keycloak/keycloak/blob/1.7.x/integration/admin-client/...
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
<https://app.sigstr.com/uc/55e5d41c6533390d03580000>
<http://www.sigstr.com/>
On Jan 13, 2016, at 12:20 PM, Aritz Maeztu
<amaeztu(a)tesicnor.com> wrote:
Hello everybody,
I'm struggling to implement a keycloak login from my Android app. What I want to do
is to simulate what a browser does (request a resource, be redirected to keycloak login
page and get an access token later on). From what I've seen from the OAuth2 protocol,
I need to firstly get the authorization code and later on request the access token with
that code. I wouldn't like my Android app to be registered as a client itself, so
I've registered my web service as public.
Here I start the intent to launch the Android browser pointing to the keycloak
authorization address (/openid-connect/auth):
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
When I enter the credentials successfully, I'm given a code in the redirection url,
coming back to my app:
Uri data = getIntent().getData();
if (data != null) {
String accessCode= data.getQueryParameter("code");
System.out.println("Authorization code:" + accessCode);
}
The code looks like
bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c
Then I would like to get an access token with that code! I use a Rest Template for that,
making a POST request to the /openid-connect/token endpoint:
ResponseEntity rssResponse = template.exchange(
"http://192.168.0.230:8080/auth/realms/master/protocol/"
<http://192.168.0.230:8080/auth/realms/master/protocol/> +
"openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
HttpMethod.POST,
null,
Object.class);
However, I'm given a 401 unauthorized exception. What am I doing wrong? Thanks in
advanced ;-)
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software <linkdin.gif>
<https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
<logo.png> <http://www.tesicnor.com/>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es
cosa de todos. _______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user