[keycloak-user] Keycloak and desktop

[Stian Thorgersen]

----- Original Message -----
> From: "Alik Kurdyukov" <akurdyukov at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, 5 June, 2015 3:35:13 PM
> Subject: [keycloak-user] Keycloak and desktop
> 
> Hello,
> 
> I have a little question on integrating desktop application with Keycloak. I
> have
> 1. Desktop application that is a client to (1) a non-web server application
> and (2) a web server application
> 2. Non-web server application
> 3. Web application that is a Keycloak client
> 4. Keycloak server
> 
> I want to ask user to auth once with Keycloak (using native WPF window) and
> use token of some kind for both servers.
> 
> The questions are
> 1. What API should desktop application use to auth user with Keycloak?
> (maybe, I need to read keycloak.js code?)

Look at the customer-app-cli and https://github.com/keycloak/keycloak/blob/master/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java

KeycloakInstalled uses the desktop browser, but you should be able to easily modify it to use a native WPF window.

> 2. What API should non-web server use to verify token?

You can use org.keycloak.RSATokenVerifier from keycloak-core. 

> 3. Can I use bearer token with keycloak client that has access type
> ‘confidential', not ‘bearer only’?

Not sure what you mean about this question, but the intention is that a 'confidential' client is an app that initiates a login, while the 'bearer only' is a service that verifies the token. In your case the desktop app would be a confidential client (or a public if the app is publicly available as you can't keep the client secret private in that case) and the non-web server aka services would be a 'bearer only'.

> 
> Thank you for your work :)
> 
> --
> Best regards,
> Alik Kurdyukov
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user