I'm in the process of refining keycloak.js as well as creating a JS library for
Cordova/Phonegap. Should be ready in a day or two.
Basically how it works is that it listens for events for when the url changes in the child
window, if it's a OAuth2 callback extracts the code/error/state query params and
closes the window. The window is closed before displaying the page so you can use
even without a web server listening on localhost, so the 'page not
found' won't be displayed.
With the ChildBrowser plugin something along the lines of this will work:
var keycloak = new Keycloak(...);
var loginUrl = keycloak.createLoginUrl();
window.plugins.ChildBrowser.onLocationChange = function (url) {
if (window.oauth.callback) {
return;
}
var code = /code=([^&]+)/.exec(url);
var error = /error=([^&]+)/.exec(url);
var state = /state=([^&]+)/.exec(url);
if (code || error) {
if (code && state) {
window.oauth.code = code[1];
window.oauth.state = state[1];
window.oauth.callback = true;
} else if (error && state) {
window.oauth.error = error[1];
window.oauth.state = state[1];
window.oauth.callback = true;
}
window.plugins.ChildBrowser.close();
}
}
window.plugins.ChildBrowser.showWebPage(loginUrl, { showLocationBar: false });
----- Original Message -----
From: "Rodrigo Del Canto" <delkant(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Monday, 17 March, 2014 1:51:14 PM
Subject: Re: [keycloak-user] External JS AJAX client for jax-rs backend API
Hi Stian,
I'm sorry for the lack of information. Yes you are right I was talking
about a packaged/installed app and yes it is Cordova.
* Use a child window to open the login form (our not yet released
Cordova/PhoneGap adapter will use this approach)
If I open a child window for the login form I will need a callback
page/script hosted on the server to process the response back from
keycloak, right? could you give me some ideas on how to handle this?
Thanks again,
On Mon, Mar 17, 2014 at 5:24 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> Hi,
>
> Are you referring to a packaged html5 based app for smarthpones (and not
> one that is access through the smartphones browser)?
>
> There are several ways available to use Keycloak from a packaged/installed
> app:
>
> * Register a custom URI schema for the application (something like
> myapp://oauth-callback) - recommended for a native app (our not yet
> released iOS and Android adapters will use this approach)
> * Start a temporary web server on
http://localhost on any available port
> - installed app on a desktop (our cli example uses this approach)
> * Use a child window to open the login form (our not yet released
> Cordova/PhoneGap adapter will use this approach)
>
> If you are using PhoneGap/Cordova the adapter should be ready soon. It
> won't be "released" until early May, but will also work with alpha3.
If
> you're using another technology for your packaged html5 apps, let me know
> what you're using and I can give you some hints (it should just require a
> few minor changes to the PhoneGap/Cordova adapter).
>
> ----- Original Message -----
> > From: "Rodrigo Del Canto" <delkant(a)gmail.com>
> > To: "Stian Thorgersen" <stian(a)redhat.com>
> > Cc: keycloak-user(a)lists.jboss.org
> > Sent: Sunday, 16 March, 2014 8:09:38 AM
> > Subject: Re: [keycloak-user] External JS AJAX client for jax-rs backend
> API
> >
> > Hello Stian,
> >
> > I was testing this today. My problem is that the keycloak.js script
> assumes
> > that the client application is hosted in a app/web server. I'm trying to
> > build a html 5 based app for smartphones. So there is no way to use the
> > redirect functionality, I need a way to provide to keycloak a username
> and
> > password and receive as response the token id.
> >
> > Do you think that is possible? Is there any example available.
> >
> > Thanks.
> >
> >
> > On Mon, Mar 10, 2014 at 10:34 AM, Stian Thorgersen <stian(a)redhat.com>
> wrote:
> >
> > > Hi,
> > >
> > > We have a JS library, it's available at
> > >
http://localhost:8080/js/keycloak.js. There's no documentation for it
> > > yet, and the example needs a bit of TLC, but the example is
> customer-app-js
> > > and will be included in the alpha3 downloads that is due this week.
> > >
> > > A quick overview to get you started:
> > >
> > > Keycloak constructor takes a single object with the following
> properties:
> > >
> > > * client_id (required) - the name of the application/client in the
> admin
> > > console
> > > * client_secret (optional) - not recommended, instead select public
> client
> > > option for your application/client in the admin console
> > > * realm (required)
> > > * url (optional) - the base url of the server, if not specified it will
> > > infer it from the url of the keycloak.js script
> > > * onload (optional) - valid options: login-required, check-sso. Login
> > > required will redirect to login form when init is called. Check-sso
> will
> > > also redirect to login form, but won't display login form (used to
> check if
> > > user is logged into to sso realm)
> > >
> > > For example:
> > >
> > > var keycloak = Keycloak({ client_id: 'myapp', realm:
'myrealm' })
> > > keycloak.init(function() { alert('authenticated') }, function()
{
> > > alert('auth failed') } );
> > >
> > > Addition methods:
> > >
> > > * login - redirect to login form
> > > * logout - log out
> > > * hasRealmRole(role) - returns true if user has the realm role
> > > * hasResourceRole(role, resource) - return true if user has the role
> for
> > > the specified resource (application)
> > > * loadUserProfile(success, failure) - loads the profile (in the future
> > > profile will be retrieved with IDToken from OpenID Connect spec, so
> this
> > > will probably not be required)
> > > * onValidAccessToken(success, failure) - invoke methods with a valid
> > > token. If the token is expired the refresh token is used to retrieve a
> new
> > > token before invoking the success callback
> > >
> > > Once authenticated the following properties are available as well:
> > >
> > > * token - base64 encoded token (use this as the value for the
> > > 'Authorization' header, for example
> > > "xMLHttpRequest.setRequestHeader('Authorization', 'Bearer
' +
> > > keycloak.token)")
> > > * tokenParsed - parsed token
> > > * authenticated - true if authenticated, false otherwise
> > > * subject - userId
> > >
> > > Please let me know how you get on with it, any feedback would be
> > > appreciated.
> > >
> > > Cheers,
> > > Stian
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Rodrigo Del Canto" <delkant(a)gmail.com>
> > > > To: keycloak-user(a)lists.jboss.org
> > > > Sent: Saturday, 8 March, 2014 5:54:44 AM
> > > > Subject: [keycloak-user] External JS AJAX client for jax-rs backend
> API
> > > >
> > > > Hello guys,
> > > >
> > > > Congrats on the release of project! I think this is the most useful
> > > project
> > > > for developers in the whole history of internet :D
> > > >
> > > > I would like to know if you have any example on how to perform a
> login
> > > from
> > > > an external JavaScript client?
> > > >
> > > > How would you recommend to do this. I heard you have a JS/jQuery lib
> to
> > > do
> > > > this, where can it be found?
> > > >
> > > > Thanks,
> > > >
> > > > delkant
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org
> > > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
>