Hey Marek,
As far as I understood, adapters are used on the Resourse side (e.g. the
API you would like to secure with Keycloak).
Here, I am calling the API (resource) from a 3rd party application
(client). First it needs a user's consent to use the API on his behalf.
Then it gets the auth_code, which is then used to obtain the access token.
Then the client is free to utilize the API on behalf of the user.
Does the Keycloak auth workflow differ slightly from the standard OAuth2.0
procedure? Or am I missing something?
Thanks.
Regards,
Pavel Maslov, MSc
On Fri, Nov 20, 2015 at 1:41 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
On 20/11/15 12:18, Pavel Maslov wrote:
Hi everyone,
>From the user documentation I could not find the authorization grant url
(a la github's <
https://github.com/login/oauth/authorize>
https://github.com/login/oauth/authorize) and Get token url (a la
<
https://github.com/login/oauth/access_token>
https://github.com/login/oauth/access_token).
I presume it's
{keycloak_base}/realms/{realm-name}/protocol/openid-connect/auth?client_id={client_name}&response_type=code
<http://%7Bkeycloak_base%7D/realms/%7Brealm-name%7D/protocol/openid-connect/auth?client_id=%7Bclient_name%7D&response_type=code>
and
{keycloak_base}/realms/{realm-name}/protocol/openid-connect/token
<http://%7Bkeycloak_base%7D/realms/%7Brealm-name%7D/protocol/openid-connect/token>
respectively,
but I am not sure.
Yes, your URLs are correct. However if you want to use the default
Authorization Code Grant flow and browser applications, you can just use
our adapters. You don't even need to know the authorization grant url and
token URL as adapters handle all the redirections and exchanges for you.
I suggest to take a look at our examples .
And here is the docs for adapters:
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html
Marek
I would like to follow the standard OAuth2.0 workflow:
1. Get Auth grant (GET on <
https://github.com/login/oauth/authorize>
https://github.com/login/oauth/authorize)
2. Get access token in exchange for the auth grant code (POST on
<
https://github.com/login/oauth/access_token>
https://github.com/login/oauth/access_token)
3. Use the resource using the access token gotten in step 2.
Please, correct me if I am wrong.
Thanks.
Regards,
Pavel Maslov, MSc
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user