[keycloak-dev] Native mobile OAuth2 keycloak flows

Corinne Krych corinnekrych at gmail.com
Mon Oct 6 05:09:11 EDT 2014


Hello Keycloak team,

On native app, our aerogear-oauth2 sdk supports the following flows:
- oauth2 authz code (publicl client) bearer-only using external browser. See Shoot demo.
- oauth2 refresh grant
- oauth2 revoke (using logout endpoint to revoke all refresh/access tokens).

We have a iOS demo [1] and its associated backend [2] which shows how to use authz code grant on Google, Facebook and Keycloak using aerogear oauth2 sdk [3]. For Android we have same level features [4] (just missing the Shoot demo).

To come in next release: 
- openID flow based on authz code (need an extra token decoding to get ID information) with a ui button “login with your keyclakbackend account”. Thanks to Stian I managed the base64url decoding...
- direct grant (resource owner grant). 
- basic auth support for confidential mode

I’m thinking to do a Keyclaok (only) HelloWorld demo which show all different use cases.

Therefore the question: What other use cases do I miss? Feedback welcome.

++
Corinne
AeroGear iOS
———————————
[1] https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/Shoot
[2] https://github.com/corinnekrych/aerogear-backend-cookbook/blob/master/Shoot/README.md
[3] https://github.com/aerogear/aerogear-ios-oauth2
[4] https://github.com/aerogear/aerogear-android-authz


More information about the keycloak-dev mailing list