2:34 p.m.
You want users to be able to login through a social provider? We don't
have a REST-based social login abstraction. Its all browser based.
Keycloak delegates authentication to social providers. One big problem
is that not all social providers are necessarily password only.
Depending on the user they might require an OTP or code sent by SMS.
So, unless the provider has some kind of challenge response REST API, we
wouldn't know what to prompt for credentials.
For registration you're going to have to write some custom backend that
sits between your mobile app and Keycloak. Right now, we don't have a
REST api for unauthenticated user registration. We also don't have fine
grain roles so you can say a particular user account is allowed to
register new users.
For mobile, we were hoping that apps would do mobile redirects to the
phone's browser. Our web pages are completely themable and customizable
so that you could brand them to your company.
On 2/28/17 2:06 PM, Mat Pataki wrote:
Hello!
I'm a developer at a mobile gaming company, and I'm trying to better
understand how/if KeyCloak fits within the paradigm that we have, and that
I believe also to be pretty typical in this space. At the moment I am
specifically interested in User Registration and Authentication. I should
say that I've spent a larger amount of time with the documentation before
turning here, so hopefully I'm not missing something completely obvious
(although I can't really rule that out!).
Third party identity providers such as facebook and google provide mobile
SDKs that are capable of completing the OAuth2 flow with their respective
identity platforms. In the end, our consuming mobile apps receive an access
token if all goes well. We send this token to our current custom backend
authentication solution which will validate them, obtain an ID from the
identity provider, and link that ID to our own internal ID for the user.
It's this backend component that I would like to replace with KeyCloak.
For reference, I see very similar code to this in the KeyCloak source, here
<https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...;,
which is encouraging!
The problem however, is that KC's social login flow, and seemingly the
custom SPI flows as well, all begin with the web based registration page.
For our use case, we would like to avoid directing our users away from our
app during this process, and in fact avoid performing the OAuth2 flow
between us and facebook, for example, entirely. This is something we have
today via these client SDKs.
Down the line we plan to use KeyCloak for it's more traditional use cases,
including securing our own micro serves and applications, but that's
assuming that we can solve this problem.
Any advice would be greatly appreciated! Thanks in advance!
Mat
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user