[keycloak-dev] Keycloak Intergration

Daniel Passos daniel at passos.me
Tue Sep 30 10:03:10 EDT 2014


Hey Sagar,

In AeroGear Android[1] land we have the same need to integrate with
KeyCloak using OAuth2[2]. We are modularizing our library so keep in touch
for the new Authz lib/module[3].

In related news we're planning to add Android Integration with KeyCloak
using Android Account Manager[4] like we did in this PoC[5][6]. We have
more information about that in this thread[7]

[1] http://github.com/aerogear/aerogear-android
[2] http://aerogear.org/docs/guides/aerogear-android/authz/
[3] https://github.com/aerogear/aerogear-android-authz
[4]
http://developer.android.com/reference/android/accounts/AccountManager.html
[5] https://plus.google.com/+SummersPittman/posts/WSFbdodMsej
[6] https://github.com/secondsun/keycloak-android-authenticator
[7] http://lists.jboss.org/pipermail/keycloak-dev/2014-September/002589.html

-- Passos

On Thu, Sep 25, 2014 at 12:36 PM, Corinne Krych <corinnekrych at gmail.com>
wrote:

> Hello Sagar,
>
> For Keycloak OAuth2, AeroGear provides a sdk, we have both Obj-C and
> Swift. Although lastest features goes in Swift version.
>
> 1. AeroGear-iOS 1.6 targets obj-c code [1] with its associated test repo
> [2], [2bis]
>
> 2. AeroGear 2.0 is modularized and based on Swift:
> aerogear-ios-http [3]
> aerogear-ios-oauth2 [4]
> Here you can find interesting access/refresh/revoke simple example:
> aerogear-ios-cookbook [5]
> aerogear-backend-cookbook [6]
> Note that 2.0 is on its way and should be release early October.
> http module (aerogear-ios-http coupled with aerogear-ios-oauth2) is taking
> care of refreshing implictly tokens for you.
>
> Some blog posts [7]. I’m actually going to write an update blog post for
> Swift version.
> Some links to go through.. Feedback welcome.
>
> ++
> Corinne
> iOS AeroGear
> [1] https://github.com/aerogear/aerogear-ios
> [2]
> https://github.com/aerogear/aerogear-ios-cookbook/tree/master/ProductInventory
> [2bis]
> https://github.com/aerogear/aerogear-integration-tests-server#oauth2-with-keycloak
> [3] https://github.com/aerogear/aerogear-ios-http
> [4] https://github.com/aerogear/aerogear-ios-oauth2
> [5]
> https://github.com/aerogear/aerogear-ios-cookbook/tree/swift/ProductInventory
> [6]
> https://github.com/corinnekrych/aerogear-backend-cookbook/tree/master/ProductInventory
> [7] http://corinnekrych.blogspot.fr/search/label/OAuth2
>
> On 25 Sep 2014, at 15:32, Bill Burke <bburke at redhat.com> wrote:
>
> > Sagar,  I'm moving this to keycloak-dev list.  See comments inline
> >
> > On 9/25/2014 6:53 AM, Sagar Zond wrote:
> >> Hi,
> >>
> >> We are planning to use KeyClock for OAuth authorization server for our
> >> API platform. Our understanding to KeyClock and OAuth is not very clear
> >> so need your help to properly utilize KeyClock features.
> >>
> >> Just to introduce our self, we are a start-up firm and creating products
> >> for Health care domain. In our architecture we will have multiple Rest
> >> API servers and multiple types of client like mobile, web and publicly
> >> expose API. KeyCloak can be used as authentication and authorization
> >> server. We have already gone through most of KeyCloak tutorials.
> >>
> >> Here are few points of which we need answer -
> >>
> >> 1. API platform will be registered as application server on KeyClock and
> >> clients (mobile app, web app or other app) will be authorized by
> >> keyclock as per defined role. Is this a proper use case of KeyClock ?
> >>
> >
> > You'll have to elaborate.  I don't know exactly what you are saying.
> > Your REST API server would be registered as a Keycloak "Application".
> > You can define roles per "Application" or at the Realm level (global
> roles).
> >
> >> 2. How do we integrate OAuth into mobile app ? Where can we write token
> >> refresh logic?
> >>
> >
> > You can start off by defining an public "OAuth Client" per mobile app.
> > You can use the direct grant REST API to obtain a token, or, use mobile
> > redirects to login through the mobile's browser.  I believe the Aerogear
> > project is doing some work around Keycloak IOS and Android clients, but
> > you'd have to ping them.
> >
> >> 3. How we can add more fields in session? e.g. if we want to add more
> >> token in header which may contain some extra application specific
> >> encrypted data.
> >>
> >
> > Not sure what you mean.  We don't have a nice way of adding claims to
> > the token at the moment.
> >
> >> 4. We are currently using OpenDS Ldap for authentication and we already
> >> have number of registered users which currently using API. So we need
> >> Keyclock to be configured for OpenDS, so please suggested how to
> >> integrate OpenDS with KeyClock.
> >>
> >
> > We have LDAP integration:
> >
> >
> http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263
> >
> >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140930/3079cde3/attachment-0001.html 


More information about the keycloak-dev mailing list