7:30 a.m.
Hello,
*Context*: We have a single page application made with Angular JS. We want
to implement login via facebook and google, by using keycloak.
*Requirement*: We want to use ajax/api call, similar to
"../protocol/openid-connect/token" (this end point is using user/pass to
login").
*Problem*: The way the brokering works, is with a series of html redirects:
start -> redirects to keycloak -> redirects to facebook or google -> back
to keycloak -> back to start
This is not compatible with a single page application.
*Question*:
Is there any documentation (or work around) how to achieve login with
facebook/google by using ajax/api calls, similar with the one for
user/password ("../protocol/openid-connect/token" endpoint)?
We need to be able to retrieve the token from facebook and google, and send
it to keycloak, and keycloak should respond with the authentication token.
How can we do it?
Thank you.
8:43 a.m.
Hello Cosmin,
You can use Facebook Login for websites [1] and Google Sign-In [2] in combination with
Keycloak token exchange feature [3].
Once Facebook or Google login succeeds, you need to obtain a token and perform an
external-to-internal token exchange [4], which will give you a standard set of OIDC tokens
(access+ID+refresh). Please pay attention to the proper setup of token exchange
permissions in Keycloak.
Also mind that token exchange doesn't yet support scope param [5], therefore you
won't be able to obtain offline (long-lived) tokens from Keycloak, however there are
workarounds for that.
[1] https://developers.facebook.com/docs/facebook-login
[2] https://developers.google.com/identity/sign-in/web/sign-in
[3] https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exch...
[4]
https://www.keycloak.org/docs/latest/securing_apps/index.html#external-to...
[5] https://issues.jboss.org/browse/KEYCLOAK-6230
Good luck,
Dmitry Telegin
Carretti Consulting OÜ | Keycloak Consulting and Training
Sepapaja 6, Tallinn 15551, Estonia | info(a)carretti.pro
On Tue, 2019-06-11 at 15:30 +0300, Cosmin Ardeleanu wrote:
Hello,
*Context*: We have a single page application made with Angular JS. We want
to implement login via facebook and google, by using keycloak.
*Requirement*: We want to use ajax/api call, similar to
"../protocol/openid-connect/token" (this end point is using user/pass to
login").
*Problem*: The way the brokering works, is with a series of html redirects:
start -> redirects to keycloak -> redirects to facebook or google -> back
to keycloak -> back to start
This is not compatible with a single page application.
*Question*:
Is there any documentation (or work around) how to achieve login with
facebook/google by using ajax/api calls, similar with the one for
user/password ("../protocol/openid-connect/token" endpoint)?
We need to be able to retrieve the token from facebook and google, and send
it to keycloak, and keycloak should respond with the authentication token.
How can we do it?
Thank you.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2042
days inactive
2053
days old
1 comments
2 participants
participants (2)
-
Cosmin Ardeleanu -
Dmitry Telegin