[keycloak-user] Pointers Please

Bill Burke bburke at redhat.com
Mon May 12 10:24:32 EDT 2014 


On 5/10/2014 8:05 AM, Conrad Winchester wrote:
> Hi guys,
>
> first of all thank you for making keycloak. I am developing a new restful back-end for a mobile app and I wanted it to support Oauth 2 and social login, and it looks like keycloak seems to fit the bill.
>
> Both key cloak and my app are sitting inside the same Wildfly container, and  I have set up a realm and roles etc…
>
> I could do with a few pointers though, because we are a native app and want to avoid directing to web pages if possible. I am trawling through the hours of video, and haven’t found answers yet, but would like to know if the following is possible.
>
> 1) Register a new user by REST from a mobile application - Any pointers to an example or  description of how to do this please.

Yes, the token service has a REST endpoint for registrations.  You have 
to enable registrations in realm settings in the admin console though.

/realms/{realm}/tokens/registrations

Unfortunately this isn't documented yet.



> 2) Login and get a token directly from the auth server for the user of the mobile app by using a grant type of password (i.e. no web page redirection involved)? Any pointers to an example or  description of how to do this please.

You can, but it currently requires the registration of a confidential 
client (Application or OAuth Client) in the admin console.

/realms/{realm}/tokens/grants/access

It uses Basic Authentication with the client_id and client secret.  Then 
the username/password must be passed in as form parameters.

Again, something we don't document yet.

> 3) Any pointers on how to link the Keycloak user to the user of my application (which will contain information pertinent to that user not stored in keycloak) - how do I do that at the time of registration?
>

The IDToken/AccessToken instance you get has a "subject" attribute. 
This is the userId of the user in the keycloak database.  You'd have to 
link this ID to the appropriate user in your database.

> I know its a pain to get these basic questions, and I hope they are not asked too regularly, but any help would be greatly appreciated.
>

Any question is valid!  Sorry we're behind on the documentation!

Bill

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list