[keycloak-dev] Keycloak and mobile

Matt Wringe mwringe at redhat.com
Wed Aug 14 17:00:57 EDT 2013 

On Wed 14 Aug 2013 04:27:12 PM EDT, Bill Burke wrote:
>
>
> On 8/14/2013 4:07 PM, Matt Wringe wrote:
>> On Wed 14 Aug 2013 03:14:41 PM EDT, Bill Burke wrote:
>>>
>>>
>>> On 8/14/2013 2:45 PM, Matt Wringe wrote:
>>>> Thoughts on some possible ways to handle mobile aspects with Keycloak.
>>>> Its just a very brief outline of some of the options to get a
>>>> conversation started. I tried to brief as possible, but the email is
>>>> still a bit long :/
>>>>
>>>> Mobile web app
>>>> Works similar to how any normal web app would work with keycloak. Only
>>>> changes really needed would be to make sure the login pages and
>>>> such are
>>>> designed to work properly on varying sizes of touchscreens.
>>>>
>>>>
>>>> Native Mobile App Approaches
>>>>
>>>> 1)Native mobile app accessing keycloak through a custom webview.
>>>> Its possible for a native application to create a webview and load the
>>>> web components of keycloak through this. Requires some changes to
>>>> keycloak to return the token to the application since using a normal
>>>> redirect url isn't feasible.
>>>
>>> On iphone you can redirect to and from native apps using URLs.  So it
>>> would be possible to use the Keycloak web login and redirects with
>>> iphone.  Are you sure Android doesn't have something similar?
>>
>> Yeah, you can of course use urls like that in Android.
>>
>> Normally the way its handled in this situation is to run web server on
>> the device at localhost (which is what I meant by a normal url and why
>> its not being really feasible) or to use a special redirect value and
>> pass the token in a special manner (what you are suggesting).
>>
>
> Why the need for local webserver?  ON iphone at least, the native app
> would redirect to a keycloak.org URL in browser
> http://keycloak.org/client_id=...  Browser would do the facebook
> login, then browser would redirect back to app with the access code
> embedded within the URL.  Then the app would make an internal HTTP
> call to keycloak to obtain the token.  Traditional OAuth.  Don't see
> why you need all the other tricks you are talking about...
>
> Here's an example of using URLs to web provision a native app:
>
> http://code.google.com/p/oathtoken/wiki/WebProvisioning
>
> On iphone you can bind a protocol to an app, so keycloak would just
> redirect to myapp://login?all&the&oauth&parameters&needed

Hmm, interesting, its a nice clean way of handling it that I didn't 
really think of. I wonder why none the documentation on for how to 
perform social login on mobile devices mentions doing it this way. The 
only downside is other than google, I don't think most people log into 
these sites using the mobile browser, they usually use the login via 
the mobile app.

More information about the keycloak-dev mailing list