I'm sorry but I believe I may have misunderstood you somehow, I tried building a request for that URL to test it.

The application I'm trying to access is the product-portal application from the unconfigured demo, I followed the tutorials and got it running, so here's the post I created:

POST http://localhost:8080/auth/rest/realms/demo/tokens/grants/access

Authorization: Basic cHJvZHVjdC1wb3J0YWw6MWQ5MDRlYzAtNjViMS00MDljLTljYTUtMDhkMGI1ODI0Y2I4

Content-Type: application/x-www-form-urlencoded

Form Data:

username: product-portal

password: key generated by keycloak

Here the Authorization header was also built on the name product-portal and the key that keycloak generated, so I entered it twice, and I know that can't be right, but I don't really know where my mistake is. I apologize for the inconvenience, but if it's not much trouble, could you clarify that for me?

On Fri, May 9, 2014 at 5:50 PM, Rodrigo Sasaki <rodrigopsasaki@gmail.com> wrote:

I considered that aswell.

The thing is the mobile app is already completed, and I'm not in the position to make such design calls.

My idea was to create a normal Application, and use the URLs I define there instead of just giving the token to the mobile app, that's what you meant right?

Nonetheless I'll definitely pass on your suggestion up, it definitely sounds better and cleaner. Thank you for such a quick response!

On Fri, May 9, 2014 at 5:46 PM, Bill Burke <bburke@redhat.com> wrote:
You can do a Basic Auth request

POST /content-root/realms/{realm}/tokens/grants/access
Authorization: Basic auth with client_id and secret
Content-Type: application/x-www-form-urlencoded

client_id is the id of your register application.

form parameters are:

username
password

BTW, for mobile, IMO, you are better off doing oauth with the mobile
client and doing a mobile redirect to your browser and back. That way
Keycloak can manage your accounts.

On 5/9/2014 4:35 PM, Rodrigo Sasaki wrote:
> Hello everyone,
>
> Fist of all I apologize if I do anything that isn't normal, this is the
> 1st time I subscribe to a mailing list, please let me know if I should
> have done anything differently.
>
> Alright then, my question is this: Is there a way for me to get a token
> providing only user and password? Let me try and clarify it better.
>
> We are using a homegrown solution based on SkeletonKey and we have a
> flow where we use an URL that requires username and password and returns
> directly an Access Token, with no Access Codes envolved. We use this so
> that our own mobile apps can get access to our REST services.
>
> Is there any way I could get around this with Keycloak? Getting an
> access token directly to my mobile app?
>
>

> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

--
Rodrigo Sasaki

Rodrigo Sasaki