[keycloak-dev] [Android] KeyCloak Authenticator

Summers Pittman supittma at redhat.com
Mon Sep 15 12:09:26 EDT 2014 

On Mon 15 Sep 2014 11:21:32 AM EDT, Bill Burke wrote:
>
> Pretty cool. How do we proceed? What are next steps?

First step is get people using it and sending feedback.  If anyone wants 
to for the repo and start making pull requests I would be more than 
happy to help/write a blog post/etc etc.

Right now this is firmly in the land of run the code up a flagpole and 
see who salutes while scratching my own itches.  I hate writing auth 
code and KC is the first thing that makes it seem like I will never have 
to again.

The immediate next step is making an app which uses a protected service 
and getting refresh tokens running.  At some point I will also need to 
add automated tests to the project. From there it is making sure that 
the project is easy to configure (ie any keycloak.json file will work) 
and that it will work when not pointed at the sup realm on my auth server.

After this will be getting error flows and social logins correct. Social 
logins will be hard because there are possibly infinite numbers of them 
as users add their own.  Also because I use a WebView I will need to 
white list a bunch of possible URLs somehow. This may be able to be 
communicated in the keycloak.json file or it could be an exercise left 
to the dev.

At a certain point we would want this to become an official project and 
end up in the keycloak or aerogear repositories.  We do have a few JIRAs 
around KeyCloak for Android (AGDROID-222, 229, 245).  This may obsolete 
them, I know the work has changed how I feel about how we are trying to 
do OAuth flavored things now.

Eventually in the far distant space future this little library will hit 
a 1.0.0.  In my mind, when the Authenticator is at 1.0.0 I will be able 
to create an Android OAuth client in the KC admin UI and be presented 
with the option to download an APK or an AAR(Android library), and a 
code example (similar to the Android variant in Unified Push).  Also 
there will be integration with Aerogear Android's pipeline modules for 
interacting with services.


>
>
> On 9/15/2014 10:38 AM, Summers Pittman wrote:
>>
>> <tldr>DEVELOPERS WILL NEVER HAVE TO WRITE ANOTHER LINE OF AUTH LOGIC
>> AGAIN!</tldr>
>>
>> Over the weekend I tried my hand at writing a Android Account
>> Authenticator for KeyCloak. This lets Android manage the KeyCloak
>> account, fetch tokens, provide tokens to other apps etc. KeyCloak
>> Authenticator let's you drop your keycloak.json file into an apk and
>> access your KeyCloak Account with one line of code from any application
>> on your Android device.
>>
>> Right now this is very much in the "I have an itch needing scratching"
>> phase. It doesn't do any robust error handling, hasn't been testing off
>> the golden scenario, has no integration with any of the AeroGear stuff,
>> etc. Take a moment to watch the Demo and look at the demo project.
>>
>> Video Demo :
>> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej
>>
>> The Demo video uses Android's native account menu to request from the
>> authenticator a KeyCloak account. This launches the authenticator's
>> activity which will retrieve the credentials for Android and store
>> them. When I am back in the settings page and showing off the stored
>> account, this is all native Android UI and not part of the KeyCloak
>> authenticator.
>>
>> When I launch the Demo application this is a separate application from
>> the authenticator apk. The Demo project fetches the KeyCloak account
>> from Android and gets its auth token. Then it makes a request to
>> KeyCloak's account service to fetch the user's account data.
>>
>> In the demo app there are three lines of code related to auth.
>>
>> final Account account = am.getAccountsByType("org.keycloak.Account")[0];
>> String token = am.getAuthToken(account, "org.keycloak.Account.token",
>> null, null, null, 
>> null).getResult().getString(AccountManager.KEY_AUTHTOKEN);
>>
>> and
>>
>> provider.setDefaultHeader("Authorization", "bearer " + token);
>>
>> The first two lines fetch the account and token from Android. The
>> second line attaches the account's auth token to the web request to the
>> server.
>>
>> So now what? I'll probably use this for my projects/demos because it
>> makes my work easier. Right now it doesn't have any connection to any
>> of the "official" projects (Again, I wrote this over the weekend to see
>> if I could) however it may be quite useful to someone. In the project's
>> README I've included a (incomplete) list of things that don't work.
>>
>> wdyt?
>>
>> Links :
>> Project : https://github.com/secondsun/keycloak-android-authenticator
>> Video Demo :
>> https://plus.google.com/103442292643366117394/posts/WSFbdodMsej
>> Demo Source :
>> https://github.com/secondsun/keycloak-account-authenticator-demo/
>>
>>
>
>




-- 
Summers Pittman
>
>>
>> Phone:404 941 4698
>> Java is my crack.
>


-- 
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.

More information about the keycloak-dev mailing list