stianst wrote
> On 16 December 2016 at 15:39, ruiwp13 <
> ruiwp_93@
> > wrote:
>
>> Just to see if all the steps I performed are OK:
>>
>> 1. I access a secured location from my API
>> 2. I get redirected to keycloak login page
>> 3. After logging in I get redirected to my API which returns true for
>> HttpServletRequest.authenticate meaning I'm authenticated and I can get
>> the
>> access_token from the keycloak security context
>> 4. I set header with Authorization "Bearer " + {access_token}
>> 5. I access the logout method where HttpServletRequest.logout is
>> performed.
>>
>> Is this the correct flow?
>> Yes, it's strange that I get invalid_token, doesn't make sense
specially
>> because if I make HttpServletRequest.authenticate in the logout method
it
>> says that I am authenticated
>>
>
> Why would you call HttpServletRequest.authenticate within the logout?
That
> makes no sense.
>
>
>>
>>
>>
>>
>>
>> --
>> View this message in context:
http://keycloak-user.88327.x6.
>>
nabble.com/Login-without-Keycloak-Login-Page-tp1974p2017.html
>> Sent from the keycloak-user mailing list archive at
Nabble.com.
>> _______________________________________________
>> keycloak-user mailing list
>>
> keycloak-user@.jboss
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@.jboss
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
Just to check if it is authenticated.
When I make HttpServletRequest.authenticate if redirects me to keycloak
login page, I login and it redirects me back to my API but without any URL
parameters. It is supposed to, right? Then I can get the token from
keycloaksecuritycontext.getTokenString(), right?
Yes, but to check if authenticated use getUserPrincipal. authenticate is
used to request authentication, so is not a way to check if it's
authenticated
--
View this message in context:
http://keycloak-user.88327.x6.
nabble.com/Login-without-Keycloak-Login-Page-tp1974p2031.html
Sent from the keycloak-user mailing list archive at
Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user