[keycloak-dev] Keycloak Intergration

Corinne Krych corinnekrych at gmail.com
Mon Nov 3 03:27:04 EST 2014


Hello

We don’t currently offer integration with well known http libs. We'll be interesting in providing adapter for Alamofire or (a Swift version of AFNetworking, very much in progress). Here’s a ticket to track it [1].
Actually to integrate with http layer you need to have a AuthzModule protocol [2] and to provide a seamless integration of Oauth2 within your http layer you should do something like [3] using extension request.
Do not hesitate to share with us if you decide to do other adapters.

++
Corinne
—————
iOS AeroGear dev

[1] https://issues.jboss.org/browse/AGIOS-300
[2] https://github.com/aerogear/aerogear-ios-http/blob/master/AeroGearHttp/Http.swift#L133
[3] https://github.com/Alamofire/Alamofire/blob/master/Source/Alamofire.swift#L1062

On 30 Oct 2014, at 11:50, Kaustubh Kabra <kaustubh.kabra at xtremumsolutions.com> wrote:

> Hi there,
> 
> I went through libraries provided by Corinne in previous mail but have few questions for implementation on android and iOS -
> 
> 1. Support for existing third party libraries ?
> As of now, we are using ASIHTTPS (https://github.com/pokeb/asi-http-request) or AFNetworking (https://github.com/AFNetworking/AFNetworking) for iOS and Volley for android. Rather than replacing them with Aerogear libraries considering overall stability of HTTP requests, can we augment those libraries to support key cloak OAUTH2 ?
> 
> 2. OAUTH implementation possibilites -
> http://stackoverflow.com/questions/17400398/token-authentication-with-volley
> https://github.com/keybuk/asi-http-request-oauth
> Can we use/tweak approach mentioned in above answers/library to work with KeyCloak implementation ?
> 
> Thanks in advance !
> 
> On Fri, Sep 26, 2014 at 11:43 AM, Sagar Zond <sagar.zond at xtremumsolutions.com> wrote:
> +Please go through following libs, We can use this to integrate with Oauth server.
> 
> regards
> Sagar Zond  
> 
> ---------- Forwarded message ----------
> From: Corinne Krych <corinnekrych at gmail.com>
> Date: Thu, Sep 25, 2014 at 9:06 PM
> Subject: Re: [keycloak-dev] Keycloak Intergration
> To: "keycloak-user at lists.jboss.org" <keycloak-dev at lists.jboss.org>
> Cc: Sagar Zond <sagar.zond at xtremumsolutions.com>, Shashank Singh <shashank.singh at xtremumsolutions.com>, Bill Burke <bburke at redhat.com>
> 
> 
> Hello Sagar,
> 
> For Keycloak OAuth2, AeroGear provides a sdk, we have both Obj-C and Swift. Although lastest features goes in Swift version.
> 
> 1. AeroGear-iOS 1.6 targets obj-c code [1] with its associated test repo [2], [2bis]
> 
> 2. AeroGear 2.0 is modularized and based on Swift:
> aerogear-ios-http [3]
> aerogear-ios-oauth2 [4]
> Here you can find interesting access/refresh/revoke simple example:
> aerogear-ios-cookbook [5]
> aerogear-backend-cookbook [6]
> Note that 2.0 is on its way and should be release early October.
> http module (aerogear-ios-http coupled with aerogear-ios-oauth2) is taking care of refreshing implictly tokens for you.
> 
> Some blog posts [7]. I’m actually going to write an update blog post for Swift version.
> Some links to go through.. Feedback welcome.
> 
> ++
> Corinne
> iOS AeroGear
> [1] https://github.com/aerogear/aerogear-ios
> [2] https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInventory
> [2bis] https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with-keycloak
> [3] https://github.com/aerogear/aerogear-ios-http
> [4] https://github.com/aerogear/aerogear-ios-oauth2
> [5] https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInventory
> [6] https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/ProductInventory
> [7] http://corinnekrych.blogspot.fr/search/label/OAuth2
> 
> On 25 Sep 2014, at 15:32, Bill Burke <bburke at redhat.com> wrote:
> 
> > Sagar,  I'm moving this to keycloak-dev list.  See comments inline
> >
> > On 9/25/2014 6:53 AM, Sagar Zond wrote:
> >> Hi,
> >>
> >> We are planning to use KeyClock for OAuth authorization server for our
> >> API platform. Our understanding to KeyClock and OAuth is not very clear
> >> so need your help to properly utilize KeyClock features.
> >>
> >> Just to introduce our self, we are a start-up firm and creating products
> >> for Health care domain. In our architecture we will have multiple Rest
> >> API servers and multiple types of client like mobile, web and publicly
> >> expose API. KeyCloak can be used as authentication and authorization
> >> server. We have already gone through most of KeyCloak tutorials.
> >>
> >> Here are few points of which we need answer -
> >>
> >> 1. API platform will be registered as application server on KeyClock and
> >> clients (mobile app, web app or other app) will be authorized by
> >> keyclock as per defined role. Is this a proper use case of KeyClock ?
> >>
> >
> > You'll have to elaborate.  I don't know exactly what you are saying.
> > Your REST API server would be registered as a Keycloak "Application".
> > You can define roles per "Application" or at the Realm level (global roles).
> >
> >> 2. How do we integrate OAuth into mobile app ? Where can we write token
> >> refresh logic?
> >>
> >
> > You can start off by defining an public "OAuth Client" per mobile app.
> > You can use the direct grant REST API to obtain a token, or, use mobile
> > redirects to login through the mobile's browser.  I believe the Aerogear
> > project is doing some work around Keycloak IOS and Android clients, but
> > you'd have to ping them.
> >
> >> 3. How we can add more fields in session? e.g. if we want to add more
> >> token in header which may contain some extra application specific
> >> encrypted data.
> >>
> >
> > Not sure what you mean.  We don't have a nice way of adding claims to
> > the token at the moment.
> >
> >> 4. We are currently using OpenDS Ldap for authentication and we already
> >> have number of registered users which currently using API. So we need
> >> Keyclock to be configured for OpenDS, so please suggested how to
> >> integrate OpenDS with KeyClock.
> >>
> >
> > We have LDAP integration:
> >
> > http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263
> >
> >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 
> 
> 
> 
> -- 
> Regards,
> Sagar Zond
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20141103/a6cac140/attachment.bin 


More information about the keycloak-dev mailing list