[keycloak-user] Login without Keycloak Login Page
ruiwp13
ruiwp_93 at hotmail.com
Mon Dec 19 04:15:30 EST 2016
stianst wrote
> On 19 December 2016 at 10:00, ruiwp13 <
> ruiwp_93@
> > wrote:
>
>> stianst wrote
>> > On 16 December 2016 at 15:39, ruiwp13 <
>>
>> > ruiwp_93@
>>
>> > > wrote:
>> >
>> >> Just to see if all the steps I performed are OK:
>> >>
>> >> 1. I access a secured location from my API
>> >> 2. I get redirected to keycloak login page
>> >> 3. After logging in I get redirected to my API which returns true for
>> >> HttpServletRequest.authenticate meaning I'm authenticated and I can
>> get
>> >> the
>> >> access_token from the keycloak security context
>> >> 4. I set header with Authorization "Bearer " + {access_token}
>> >> 5. I access the logout method where HttpServletRequest.logout is
>> >> performed.
>> >>
>> >> Is this the correct flow?
>> >> Yes, it's strange that I get invalid_token, doesn't make sense
>> specially
>> >> because if I make HttpServletRequest.authenticate in the logout method
>> it
>> >> says that I am authenticated
>> >>
>> >
>> > Why would you call HttpServletRequest.authenticate within the logout?
>> That
>> > makes no sense.
>> >
>> >
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> View this message in context: http://keycloak-user.88327.x6.
>> >> nabble.com/Login-without-Keycloak-Login-Page-tp1974p2017.html
>> >> Sent from the keycloak-user mailing list archive at Nabble.com.
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >>
>>
>> > keycloak-user at .jboss
>>
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> > _______________________________________________
>> > keycloak-user mailing list
>>
>> > keycloak-user at .jboss
>>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> Just to check if it is authenticated.
>> When I make HttpServletRequest.authenticate if redirects me to keycloak
>> login page, I login and it redirects me back to my API but without any
>> URL
>> parameters. It is supposed to, right? Then I can get the token from
>> keycloaksecuritycontext.getTokenString(), right?
>>
>
> Yes, but to check if authenticated use getUserPrincipal. authenticate is
> used to request authentication, so is not a way to check if it's
> authenticated
>
>
>>
>>
>>
>> --
>> View this message in context: http://keycloak-user.88327.x6.
>> nabble.com/Login-without-Keycloak-Login-Page-tp1974p2031.html
>> Sent from the keycloak-user mailing list archive at Nabble.com.
>> _______________________________________________
>> keycloak-user mailing list
>>
> keycloak-user at .jboss
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at .jboss
> https://lists.jboss.org/mailman/listinfo/keycloak-user
Alright, thank you.
But I am still getting the same problem. When I make request.logout() it
says invalid_token.
And if I make kc.realm(realmName).users().get(user_id).logout() it logs all
the sessions in keycloak but no callback arrives to the server.
--
View this message in context: http://keycloak-user.88327.x6.nabble.com/Login-without-Keycloak-Login-Page-tp1974p2033.html
Sent from the keycloak-user mailing list archive at Nabble.com.
More information about the keycloak-user
mailing list