10:24 a.m.
Hi,
I'm currently part of a team implementing a single sign on solution using
Open ID Connect and Keycloak.
We have a number of services which all interact with a central Json Rest
API. The API is secured according to the second Open ID Connect use case as
described in the Keycloak docs
<https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...;.
That
is to say, all API clients must obtain a digitally signed access token from
Keycloak and then pass it over on every request (in our case, within the
Authorization header).
One of the services is a native mobile application. This application
already has social login/registration implemented and the team would prefer
not to redirect to Keycloak as per the standard authorization code flow.
Instead, they would like to obtain a Keycloak access token using the
previously obtained social login credentials.
This seems to pose a problem as the direct grant flow doesn't support
social login. Is there any way to achieve this?
Kind Regards,
Tom Pearson
2:55 p.m.
AFAIK this is not yet possible. However you can create your own
implementation of Authenticator and setup the Direct Grant flow with
your custom authenticator implementation, which will be able to
authenticate with social token. Maybe it's something, which we should
better support OOTB...
Marek
On 11/07/16 17:24, Tom Pearson wrote:
Hi,
I'm currently part of a team implementing a single sign on solution
using Open ID Connect and Keycloak.
We have a number of services which all interact with a central Json
Rest API. The API is secured according to the second Open ID Connect
use case as described in the Keycloak docs
<https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...;.
That
is to say, all API clients must obtain a digitally signed access token
from Keycloak and then pass it over on every request (in our case,
within the Authorization header).
One of the services is a native mobile application. This application
already has social login/registration implemented and the team would
prefer not to redirect to Keycloak as per the standard authorization
code flow. Instead, they would like to obtain a Keycloak access token
using the previously obtained social login credentials.
This seems to pose a problem as the direct grant flow doesn't support
social login. Is there any way to achieve this?
Kind Regards,
Tom Pearson
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3086
days inactive
3086
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Tom Pearson