stianst wrote
On 16 December 2016 at 15:39, ruiwp13 <
ruiwp_93@
> wrote:
> Just to see if all the steps I performed are OK:
>
> 1. I access a secured location from my API
> 2. I get redirected to keycloak login page
> 3. After logging in I get redirected to my API which returns true for
> HttpServletRequest.authenticate meaning I'm authenticated and I can get
> the
> access_token from the keycloak security context
> 4. I set header with Authorization "Bearer " + {access_token}
> 5. I access the logout method where HttpServletRequest.logout is
> performed.
>
> Is this the correct flow?
> Yes, it's strange that I get invalid_token, doesn't make sense specially
> because if I make HttpServletRequest.authenticate in the logout method it
> says that I am authenticated
>
Why would you call HttpServletRequest.authenticate within the logout? That
makes no sense.
>
>
>
>
>
> --
> View this message in context:
http://keycloak-user.88327.x6.
>
nabble.com/Login-without-Keycloak-Login-Page-tp1974p2017.html
> Sent from the keycloak-user mailing list archive at
Nabble.com.
> _______________________________________________
> keycloak-user mailing list
>
keycloak-user@.jboss
>
_______________________________________________
keycloak-user mailing list
keycloak-user@.jboss
Just to check if it is authenticated.
When I make HttpServletRequest.authenticate if redirects me to keycloak
login page, I login and it redirects me back to my API but without any URL
parameters. It is supposed to, right? Then I can get the token from
keycloaksecuritycontext.getTokenString(), right?
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/Login-without-Keycloak-Login-Pag...
Sent from the keycloak-user mailing list archive at
Nabble.com.