[keycloak-user] Login to keycloak from Android app
Scott Rossillo
srossillo at smartling.com
Wed Jan 13 17:43:32 EST 2016
Looks like you’re close. Did you make your Android client (in Keycloak) public or private? There’s a slight difference in how the code to token request is invoked depending on this.
Private client’s must authenticate to the token endpoint with HTTP basic authentication, public clients set the client ID as a form parameter.
See: https://github.com/keycloak/keycloak/blob/1.7.x/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientIdAndSecretCredentialsProvider.java#L38
See: https://github.com/keycloak/keycloak/blob/1.7.x/integration/admin-client/src/main/java/org/keycloak/admin/client/token/TokenManager.java#L51
Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com
<https://app.sigstr.com/uc/55e5d41c6533390d03580000>
<http://www.sigstr.com/>
> On Jan 13, 2016, at 12:20 PM, Aritz Maeztu <amaeztu at tesicnor.com> wrote:
>
> Hello everybody,
>
> I'm struggling to implement a keycloak login from my Android app. What I want to do is to simulate what a browser does (request a resource, be redirected to keycloak login page and get an access token later on). From what I've seen from the OAuth2 protocol, I need to firstly get the authorization code and later on request the access token with that code. I wouldn't like my Android app to be registered as a client itself, so I've registered my web service as public.
>
> Here I start the intent to launch the Android browser pointing to the keycloak authorization address (/openid-connect/auth):
>
> Intent i = new Intent(Intent.ACTION_VIEW, Uri.parse("http://192.168.0.230:8080/auth/realms/master/protocol/" <http://192.168.0.230:8080/auth/realms/master/protocol/> +
> "openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
> startActivity(i);
>
> When I enter the credentials successfully, I'm given a code in the redirection url, coming back to my app:
>
> Uri data = getIntent().getData();
> if (data != null) {
> String accessCode= data.getQueryParameter("code");
> System.out.println("Authorization code:" + accessCode);
> }
>
> The code looks like bC8OM0TwfbhYouM34M3RY2aZRYTywXZVAvKFABgvVRc.693363de-d6b5-4f88-b545-c6603023ee4c
>
> Then I would like to get an access token with that code! I use a Rest Template for that, making a POST request to the /openid-connect/token endpoint:
>
> ResponseEntity rssResponse = template.exchange(
> "http://192.168.0.230:8080/auth/realms/master/protocol/" <http://192.168.0.230:8080/auth/realms/master/protocol/> +
> "openid-connect/token?grant_type=authoritation_code&client_id=web_service&code="+accessCode,
> HttpMethod.POST,
> null,
> Object.class);
>
> However, I'm given a 401 unauthorized exception. What am I doing wrong? Thanks in advanced ;-)
>
> --
> Aritz Maeztu Otaño
> Departamento Desarrollo de Software <linkdin.gif> <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
> <logo.png> <http://www.tesicnor.com/>
> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
> Telf.: 948 21 40 40
> Fax.: 948 21 40 41
> Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos. _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160113/38bd2433/attachment.html
More information about the keycloak-user
mailing list