[keycloak-dev] Oauth Register and Token Validation Example

Marek Posolda mposolda at redhat.com
Wed Jul 30 01:50:17 EDT 2014 

On 30.7.2014 02:51, Harit Himanshu wrote:
> Thanks Marek
>
> I saw here 
> <https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java#L54> app 
> gains the accessToken, but did not see where this `/auth` api is 
> implemented. I want to learn how to I do the same thing of exposing 
> `/auth` api to generate tokens
This is example for Direct Grant API. It allows you to send POST request 
to Keycloak including username and password and Keycloak will directly 
returns you accessToken without even displaying Keycloak login screen. 
Direct Grant API has some limitations though (password must be known to 
your application, SSO won't work, User won't be able to login if he 
needs to do some required action (like change password) etc.). So it's 
usually better to use proper login flow instead of Direct Grant API. See 
here for more info 
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java#L54 
.

Marek
>
> I did not see anything in pom.xml 
> <https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/pom.xml> 
> either. seems like magic to me at the moment. Any guidance here?
>
> Thanks
>
>
> On Tue, Jul 29, 2014 at 12:25 AM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     Hi,
>
>     the best is to start with documentation
>     http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/index.html
>     and also look at existing examples
>     https://github.com/keycloak/keycloak/tree/master/examples .
>     Probably most useful for you might be
>     https://github.com/keycloak/keycloak/tree/master/examples/demo-template
>     . It has restful application "database-service", where you can
>     send secured REST requests with the bearer token attached to them.
>     Other applications in the directory are web applications, which
>     obtain bearer token from the Keycloak login . Product-portal and
>     customer-portal are JEE applications secured by Keycloak itself,
>     third-party and third-party-cdi is more traditional OAuth where
>     token is used just to retrieve the secured data from
>     "database-service" . See the README for more info.
>
>     Example for CORS support is here:
>     https://github.com/keycloak/keycloak/tree/master/examples/cors
>
>     Marek
>
>
>     On 25.7.2014 23:04, Harit Himanshu wrote:
>>     Hey Team,
>>
>>     I am been looking for answer to
>>     http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis and
>>     found that keycloak is suitable for securing REST APIs using
>>     OAuth 2.0.
>>
>>     I am looking for example where the following is demonstrated
>>     a.) Third-party app registers and gets Access Token
>>     b.) Third-Party app accesses Resource Server to access protected
>>     resource by sending Access Token to REST API
>>     c.) and How Token is validated.
>>
>>
>>     It is mentioned in features of keycloak as
>>
>>       * OAuth Bearer token auth for REST Services
>>       * OAuth 2.0 Grant requests
>>       * CORS Support
>>
>>     Can you please guide me through examples?
>>
>>     Thank you
>>
>>
>>     On Fri, Jul 25, 2014 at 2:00 PM, Harit Himanshu
>>     <harit.subscriptions at gmail.com
>>     <mailto:harit.subscriptions at gmail.com>> wrote:
>>
>>         Hey Team,
>>
>>         I am been looking for answer to
>>         http://stackoverflow.com/questions/24769691/what-are-some-ways-to-secure-rest-apis
>>         and found that keycloak is suitable for securing REST APIs
>>         using OAuth 2.0.
>>
>>         I am looking for example where the following is demonstrated
>>         a.) Third-party app registers and gets Access Token
>>         b.) Third-Party app accesses Resource Server to access
>>         protected resource by sending Access Token to REST API
>>         c.) and How Token is validated.
>>
>>
>>         It is mentioned in features of keycloak as
>>
>>           * OAuth Bearer token auth for REST Services
>>           * OAuth 2.0 Grant requests
>>           * CORS Support
>>
>>         Can you please guide me through examples?
>>
>>         Thank you
>>         + Harit Himanshu
>>
>>
>>
>>
>>     _______________________________________________
>>     keycloak-dev mailing list
>>     keycloak-dev at lists.jboss.org  <mailto:keycloak-dev at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140730/52df05d5/attachment-0001.html

More information about the keycloak-dev mailing list