[keycloak-user] Login without Keycloak Login Page

Stian Thorgersen sthorger at redhat.com
Mon Dec 19 04:09:57 EST 2016 

On 19 December 2016 at 10:00, ruiwp13 <ruiwp_93 at hotmail.com> wrote:

> stianst wrote
> > On 16 December 2016 at 15:39, ruiwp13 <
>
> > ruiwp_93@
>
> > > wrote:
> >
> >> Just to see if all the steps I performed are OK:
> >>
> >> 1. I access a secured location from my API
> >> 2. I get redirected to keycloak login page
> >> 3. After logging in I get redirected to my API which returns true for
> >> HttpServletRequest.authenticate meaning I'm authenticated and I can get
> >> the
> >> access_token from the keycloak security context
> >> 4. I set header with Authorization "Bearer " + {access_token}
> >> 5. I access the logout method where HttpServletRequest.logout is
> >> performed.
> >>
> >> Is this the correct flow?
> >> Yes, it's strange that I get invalid_token, doesn't make sense specially
> >> because if I make HttpServletRequest.authenticate in the logout method
> it
> >> says that I am authenticated
> >>
> >
> > Why would you call HttpServletRequest.authenticate within the logout?
> That
> > makes no sense.
> >
> >
> >>
> >>
> >>
> >>
> >>
> >> --
> >> View this message in context: http://keycloak-user.88327.x6.
> >> nabble.com/Login-without-Keycloak-Login-Page-tp1974p2017.html
> >> Sent from the keycloak-user mailing list archive at Nabble.com.
> >> _______________________________________________
> >> keycloak-user mailing list
> >>
>
> > keycloak-user at .jboss
>
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> > _______________________________________________
> > keycloak-user mailing list
>
> > keycloak-user at .jboss
>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> Just to check if it is authenticated.
> When I make HttpServletRequest.authenticate if redirects me to keycloak
> login page, I login and it redirects me back to my API but without any URL
> parameters. It is supposed to, right? Then I can get the token from
> keycloaksecuritycontext.getTokenString(), right?
>

Yes, but to check if authenticated use getUserPrincipal. authenticate is
used to request authentication, so is not a way to check if it's
authenticated


>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.
> nabble.com/Login-without-Keycloak-Login-Page-tp1974p2031.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list