Didn't send to all.

---------- Forwarded message ---------
From: Emanuel Couto <emanuel.amaral.couto@gmail.com>
Date: Fri, Apr 22, 2016 at 3:12 PM
Subject: Re: [keycloak-user] Keycloak login/logout on Android
To: Summers Pittman <supittma@redhat.com>


Hello.

I managed to get logout working with another client: https://github.com/openid/AppAuth-Android

---

It is easy to get the demo working with Keycloak. In the Keycloak admin page:
1. Create a Realm (e.g., "test")
2. Create a Client with redirect URI (e.g., "com.mypackage:/oauth2Callback")

In the demo application, update the "idp_configs.xml" file:
1. Update the value of "google_client_id" (e.g, "test-third-party)
2. Update redirect scheme (e.g., "com.mypackage")
3. Update the "google_auth_redirect_uri" (e.g., "com.mypackage:/oauth2Callback")

Finally update the "idp_configs_optional.xml":
1. Update "google_discovery_url" (e.g., http://localhost:8080/auth/realms/test/.well-known/openid-configuration)

---

The tricky part is adding logout, since it's not part of Open ID Connect yet.
What I did was use the same mechanism appauth-android uses for authentication. Instead of using a webview this client uses custom tabs or a new browser session. The code is not designed to support other "browser requests" other than authentication so a lot of copy/pasting was required. Anyway it should give an idea how to make it work.

On Wed, Apr 20, 2016 at 11:17 PM Emanuel Couto <emanuel.amaral.couto@gmail.com> wrote:
Ok, this is what I have to far. I confirmed that deleteAccount isn't enough. By deleting the account and attempting to connect again, the login webview shows up but disappears right afterwards. I suspect the Android application knows that you are still logged in because the webview stores cookies somehow.

If I call GET <logout_url> with an HTTP client, nothing happens. The keycloak administration page shows that I'm still logged in. I believe logout would only work if everything was being executed in the same HTTP client instance.

I'm trying another client that seems to give more control over current status. Hopefully logout will work.

Thanks.

On Wed, Apr 20, 2016 at 1:51 PM Summers Pittman <supittma@redhat.com> wrote:
On Wed, Apr 20, 2016 at 5:20 AM, Emanuel Couto <emanuel.amaral.couto@gmail.com> wrote:
Does that mean I should send the bearer token if I want to logout a specific user? If that's it how do I do it?

OAuth2 (which is what the AG Authz lib implements) doesn't specify a logoff procedure so it isn't supported directly in the library.

Your best out of the box option is to delete the account using the deleteAccount method on your module.  This will remove the local access to the account and eventually your tokens will expire on the server.

As a note : delete account does NOT guarantee to delete session cookies for the third party sign in.  IE if you use Chrome to sign into your google account to sign into keycloak, delete your account, and then log in again you will not be prompted for your google credentials because that sign in is part of Chrome's session and not the app's.
 

The customer and products demos are here:

In the documentation page there is a 3 part tutorial (The Basics) explaining how to install these apps:

Everything is web based.

Thanks.

On Tue, Apr 19, 2016 at 6:31 PM Summers Pittman <supittma@redhat.com> wrote:
On Tue, Apr 19, 2016 at 1:01 PM, Emanuel Couto <emanuel.amaral.couto@gmail.com> wrote:
Hello.

I'm trying to login and logout to KeyCloak through an Android application. So far I was able to login using AeroGear Authz. What happens is that a web view is created every time login is required. However I don't understand how logout works. In the documentation it states that you should point to 'auth/realms/.../logout'. How does it figure out which client am I? Through a session or maybe cookies?

It has been a while since I looked at the code, but IIRC AeroGear authz stores the bearer token that has been exchanged with the webview.

 
The other question is how would customer-portal and product-portal be implemented in android, theoretically?
I'm not familiar with those, could you link me? 

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user