[keycloak-user] Accessing Google OAuth tokens when using Keycloak
Marek Posolda
mposolda at redhat.com
Tue Jan 26 15:39:59 EST 2016
This is possible. If you select "Store tokens" flag for Google identity
provider in keycloak admin console, the Google access token will be
stored in Keycloak database (in your step 5).
Then you can send request from your application to special Keycloak REST
endpoint, which will return you Google access token and you can use it
in your application. You need to secure this REST request with the
Keycloak access token returned to your app. We even have the example for
that, but it's not part of the example distribution. See:
https://github.com/keycloak/keycloak/tree/master/examples/broker/google-authentication
There is also some docs for that:
http://keycloak.github.io/docs/userguide/keycloak-server/html/identity-broker.html#d4e2177
Marek
On 25/01/16 20:40, Reed Lewis wrote:
> First: Thanks for a great well designed solution. Keycloak looks like
> is going to do exactly what we need.
>
> I do have a question though. If we use Google as an identity
> provider, is there a way to “piggyback” on that authentication to be
> able to retrieve a token for accessing google drive contents for
> example without having the user to have to log in again?
>
> Here is my workflow:
>
> 1. User goes to our webserver.
> 2. User is presented a login page from Keycloak
> 3. User clicks Google
> 4. User logs into Google
> 5. User is redirected back to Keycloak’s webpage
> 6. User is redirected back to our webserver.
>
> Now what we also want to do is use the workflow documented here:
> https://developers.google.com/identity/protocols/OAuth2WebServer?hl=en to
> get a token for google drive access.
>
> Is this possible? Or am I doing something wrong? Or am I going
> about this the wrong way? We need to authenticate the user in our
> Keycloak, but we also want to let the user’s application directly
> access the user’s Google Drive data.
>
> Thank you.
>
> Reed Lewis
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160126/03f71fa5/attachment.html
More information about the keycloak-user
mailing list