[keycloak-dev] Keycloak and mobile

[Matt Wringe]

On Wed 14 Aug 2013 03:14:41 PM EDT, Bill Burke wrote:
>
>
> On 8/14/2013 2:45 PM, Matt Wringe wrote:
>> Thoughts on some possible ways to handle mobile aspects with Keycloak.
>> Its just a very brief outline of some of the options to get a
>> conversation started. I tried to brief as possible, but the email is
>> still a bit long :/
>>
>> Mobile web app
>> Works similar to how any normal web app would work with keycloak. Only
>> changes really needed would be to make sure the login pages and such are
>> designed to work properly on varying sizes of touchscreens.
>>
>>
>> Native Mobile App Approaches
>>
>> 1)Native mobile app accessing keycloak through a custom webview.
>> Its possible for a native application to create a webview and load the
>> web components of keycloak through this. Requires some changes to
>> keycloak to return the token to the application since using a normal
>> redirect url isn't feasible.
>
> On iphone you can redirect to and from native apps using URLs.  So it
> would be possible to use the Keycloak web login and redirects with
> iphone.  Are you sure Android doesn't have something similar?

Yeah, you can of course use urls like that in Android.

Normally the way its handled in this situation is to run web server on 
the device at localhost (which is what I meant by a normal url and why 
its not being really feasible) or to use a special redirect value and 
pass the token in a special manner (what you are suggesting).

The way google handles it is either the localhost redirect or using a 
special urn as the redirect (urn:ietf:wg:oauth:2.0:oob) and making the 
token the page title.

I had a simple hacked up prototype which returned a token as part of a 
a redirect urn (urn:foo:bar:token:123456789) and a custom webview would 
look for the value.

I don't see the value in redirecting between applications using urls 
like this though, handling it within one webview seem to make more 
sense to me. Can you explain what use case that would be?