Hello Joe, answers inline,
On Thu, 2018-11-08 at 07:25 +1100, Joe Livu wrote:
Hi,
I came across KeyCloak while searching for a security provider and was
immediately impressed.
> I am planning on building a REST API using
ASP.NET <
http://asp.net/> Core
Web API to be consumed by a mobile application to be built using Google's
Flutter framework. I have a few questions.
1. Would KeyCloak be suitable for securing my REST API Whig is built using
> C# (
ASP.NET <
http://asp.net/> Core Web API)? If so, can I get a brief
explanation and steps that need to be taken to achieve this?
Please take a look at this:
https://andrewlock.net/an-introduction-to-openid-connect-in-asp-net-core/
2. Now I need my mobile app to consume the REST API secured by
KeyCloak.
For authenticating users (e.g., via login screen using username/password
credentials), how would this be done? Which grant type and flow will be
suitable? The Web application demos shows a redirect to the KeyCloak server
for authentication and then back to the app. It seems this cannot be
applied for mobile apps (correct me if am wrong), so what would be the best
approach for a mobile application? I would think KeyCloak would provide a
REST API for such cases but I can only find an Admin REST API for admin
purposes only Any help regarding this would very much appreciated.
For mobile apps, there are basically two options.
That "REST API for authentication" you're talking about is called
"direct grant" in Keycloak's terms:
https://www.keycloak.org/docs/latest/securing_apps/index.html#_resource_o...
You can create your own GUI form to ask a user for credentials and then use direct grant
to obtain a token. In this case, you will be generally limited to simple login/password
authentication (no OTP, brokering etc.)
Or you can embed a web view, use Keycloak JavaScript adapter (link below) to handle
interaction with Keycloak, and then retrieve tokens from it.
https://www.keycloak.org/docs/latest/securing_apps/index.html#_javascript...
As always, both methods have their benefits and drawbacks.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
Kind regards,
Joe Livu
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user