I suspect this was too much to digest for most (which is fine) - and I’ve also learned to
use plain text from now on. I’ve since been able to go a a different route with a
service-protected client for the “Create Account” part.
The only question I have at the moment is how exactly to fold in/use Identity “Mappers”.
Has anyone seen any documentation/examples of using these?
Many thanks,
./scc
On Nov 15, 2016, at 9:47 AM, Scott Corscadden
<scott(a)morgiij.com> wrote:
Hello everyone. Fairly new to the list and the Keycloak technology, so I appreciate your
patience. I dislike cross-posting, so I have *not* added aerogear-users(a)lists.jboss.org
<mailto:aerogear-users@lists.jboss.org>, but suspect I’ll need some input from that
side as well. Corinne, I have added you as I suspect you’d be able to decide if I should
CC it in. The background:
I’d like to use a Keycloak (2.3.0) deployed instance to abstract user account management,
including Facebook/Google/LinkedIn/etc Identity providers. I’ve been able to set up this
instance & link it to Facebook without too much trouble; I can log into the keycloak
website as a Facebook user. Nginx is being used as the SSL reverse proxy.
The primary “client” is an iOS application, which needs to read graph information from
said providers if available. I’ve been able to find a swift 3 fork of the wonderful
"aerogear-ios-oauth2” library. A minor change to not assume the Bundle Id can be used
as the redirectURL protocol (mine contains dots and dashes, which seems to cause the
server to reject with “invalid redirect_url”) and hooray! I can authenticate against
Facebook-into-keycloak, receive an Authorization Code, and
“exchangeAuthorizationCodeForAccessToken” successfully.
The two problems I am trying to solve (I’ve been trying to find documentation but may be
miserably bad at finding it):
Ideally I’m only asking keycloak for graph information (name, address, etc). Thus I
*suspect* this is what the “Mappers” section is needed per Identity Provider? Is that
right, or not necessary?
The iOS app will have a native “Create account” screen with native Email & Password
fields. I’d like to make either an Oauth2 call, or HTTPS POST call to keycloak to do that.
I do see the “Create a new user
<
http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>” link, but so
far I only see a “temporary password” api. Obviously I could use a native WebView and fill
the fields manually but that doesn’t feel quite right.
Any suggestions here are very, very welcome, and thanks for reading this far.
I’m very impressed so far with both keycloak and the aerogear Oauth2 library.
./scc
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user