[keycloak-dev] Authentication with Google Identity Tokens aka Better Android support
Stian Thorgersen
sthorger at redhat.com
Tue Sep 12 23:25:10 EDT 2017
Interesting, but maybe not that straightforward to do.
Depends on what flow you'd like to use. The ideal would be to use the web
redirect flow (authorization code flow). Using the web redirect flow you
can still display forms if needed. For instance if the ID token isn't valid
and you want to ask for username/password instead, the user needs to update
their profile, etc..
Alternative is to use the direct grant (aka resource owner credential
grant) flow to simply exchange the ID token retrieved from Google with
tokens from Keycloak.
In either case this can be done with custom authentication flow and
authenticator. Take a look at the server developer guide and our examples
for some inspiration there. It may also better fit in with identity
brokering, but that would probably require code changes on the Keycloak
side rather than just an extension.
On 12 September 2017 at 05:45, Summers Pittman <supittma at redhat.com> wrote:
> TL;DR; How do I shove this :
> https://developers.google.com/identity/sign-in/web/backend-auth into
> KeyCloak.
>
> I've been reading up on how to extend the KeyCloak service and I want to
> write a (SPI? module? extension?) that let's me sign into my server
> services using a Google ID Token. This will let me use the Google account
> on my Android phone without ever having to open a web page. In fact if I
> only have one Google account on my phone I can automatically log my user
> into my app without ever having to prompt them.
>
> However, I'm not really sure where to start. I've cloned the keycloak
> repository and have been reviewing the code there and cross referencing
> with the docs, but I think I need a little more "push" in the right
> direction.
>
> For reference, I've implemented this flow in both Node.js and Java before
> without much trouble so I should be able to get a PoC up in an afternoon or
> two once I know where to put the code.
>
> Node.js :
> https://github.com/secondsun/FH-Google-mBaas-Auth/blob/
> master/lib/auth.js#L47
> Java :
> https://github.com/secondsun/devnexus-site/blob/master/src/
> main/java/com/devnexus/ting/web/controller/AndroidLoginController.java#
> L100
>
> Thanks,
>
> Summers
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list