[keycloak-user] [OAuth2.0] Authorization grant & Get token urls

[Marek Posolda]

On 20/11/15 12:18, Pavel Maslov wrote:
> Hi everyone,
>
>
> >From the user documentation I could not find the authorization grant 
> url (a la github's https://github.com/login/oauth/authorize) and Get 
> token url (a la https://github.com/login/oauth/access_token).
>
> I presume it's 
> {keycloak_base}/realms/{realm-name}/protocol/openid-connect/auth?client_id={client_name}&response_type=code 
> <http://%7Bkeycloak_base%7D/realms/%7Brealm-name%7D/protocol/openid-connect/auth?client_id=%7Bclient_name%7D&response_type=code> and 
> {keycloak_base}/realms/{realm-name}/protocol/openid-connect/token 
> <http://%7Bkeycloak_base%7D/realms/%7Brealm-name%7D/protocol/openid-connect/token> respectively, 
> but I am not sure.
Yes, your URLs are correct. However if you want to use the default 
Authorization Code Grant flow and browser applications, you can just use 
our adapters. You don't even need to know the authorization grant url 
and token URL as adapters handle all the redirections and exchanges for you.

I suggest to take a look at our examples .

And here is the docs for adapters: 
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html

Marek
>
> I would like to follow the standard OAuth2.0 workflow:
>
>  1. Get Auth grant (GET on https://github.com/login/oauth/authorize)
>  2. Get access token in exchange for the auth grant code (POST on
>     https://github.com/login/oauth/access_token)
>  3. Use the resource using the access token gotten in step 2.
>
> Please, correct me if I am wrong.
> Thanks.
>
> Regards,
> Pavel Maslov, MSc
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151120/a586c0fd/attachment.html