[aerogear-dev] oAuth with Keycloak OpenId in Android Client
Summers Pittman
supittma at redhat.com
Thu Oct 13 10:40:07 EDT 2016
On Tue, Oct 11, 2016 at 6:11 PM, Andrea Carolina Buitrago <
a.carolinabm at gmail.com> wrote:
> Hi, I want to authenticate a user (using his username and password) in an
> Android App using aerogear with a server using Keycloak. I haven't been
> able to do it, help me please.
>
> I currently can authenticate the user without aerogear, but I want to use
> this library since it can help me to refresh the token when is needed. I
> authenticate the user making a POST call to the server like this (but from
> android):
>
> curl -X POST http://127.0.0.1:8080/auth/realms/example/protocol/openid-connect/token
> -H "Content-Type: application/x-www-form-urlencoded" -d "username=auser" -d 'password=apassword' -d 'grant_type=password'
> -d 'client_id=clientId' -d 'client_secret=secret'
>
> What I have tried with Aerogear is this:
>
> private void authz() {
> try {
>
> AuthzModule authzModule = AuthorizationManager.config("KeyCloakAuthz", OAuth2AuthorizationConfiguration.class)
> .setBaseURL(new URL("http://127.0.0.1:8080/"))
> .setAuthzEndpoint("/realms/example/protocol/openid-connect/auth")
> .setAccessTokenEndpoint("/realms/example/protocol/openid-connect/token")
> .setAccountId("keycloak-token")
> .setClientId("clientId")
> .setClientSecret("secret")
> .setRedirectURL("http://oauth2callback")
> .setScopes(Arrays.asList("openid"))
> .addAdditionalAuthorizationParam((Pair.create("grant_type", "password")))
> .addAdditionalAuthorizationParam((Pair.create("username", "aUserName")))
> .addAdditionalAuthorizationParam((Pair.create("password", "aPassword")))
> .asModule();
>
>
> authzModule.requestAccess(this, new Callback<String>() {
> @Override
> public void onSuccess(String o) {
> Log.d("TOKEN ", o);
> }
>
> @Override
> public void onFailure(Exception e) {
> System.err.println("Error!!");
> Toast.makeText(getApplicationContext(), e.getMessage(), Toast.LENGTH_LONG).show();
> }
> });
>
> } catch (Exception e) {
>
> e.printStackTrace();
> throw new RuntimeException(e);
> }}
>
>
> However this doesn't do anything. What I don't understand is:
>
> 1. How can I specify that I'm doing and OpenID Connect with Keycloak
> in Aerogear(Android) ? I've seen it in the swift library but I cannot find
> it in Android
> 2. How and where can I send the username and password?
> 3. How can I specify the grant_type? (My HTTP POST to the server does
> not work if I don't include this, so it's important)
>
>
So with OAuth flows you usually don't post a username/password to a
server. OAuth directs you to a trusted page, you input your credentials
there, then the service provides to the library a token and the library
exchanges that token for a token to use for your session. In AGDroid we
use a webview to show the login page.
I'm not familiar with iOS at all, does it support this workflow there?
I also don't think we've worked with OpenID Connect before. If it works it
is by happy coincidence, but Daniel Passos might be able to provide some
insight (he's the other AGDroid developer)
Do you have a github project i can poke at?
> I'm really sorry if this is a very basic question, but I haven't been able
> to work it out on my own. Any help or documentation would be appreciated.
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20161013/b1982990/attachment-0001.html
More information about the aerogear-dev
mailing list