[keycloak-user] Implement the Authorization Code Flow using KeyCloak
cristi.cioriia at gmail.com
Mon Nov 7 09:31:29 EST 2016
I've just installed Keycloak 2.3.0.Final and I would like to ask you how I
can implement an "Authorization Code Flow" using it.
I've looked at the Keycloak basics tutorial from youtube which explained
pretty well how thigns should work, but the 2.3 version has user interface
that is pretty different.
In the 2.3 UI, unlike in the 1.5 version that is used in the youtube
tutorial, there is no OAuth Client section and the Clients interface seems
to contain both the configuration for the Resource Server that contains the
protected resources that I want to access and for the third-party
application that I want to develop and that will call the protected
resources from the Resource Server. So the questions that I have in this
regard are :
1) How do I define several third-party applications that use the same
2) Which are the configurations that are specific to the Resource Server
and which ones are the configurations that are specific to the third-party
It seems to me that the Enable Authorization flag is specific to the
Resource Server because it allows me to manage resources through the
Authorization tab while Credentials tab is specific to the third-party
application, because it contains a Client-Id and a Secret that I can use to
request from the Authorization-Server an access token. More over, in the
Scope tab, I could use the "Client Roles" to define the scopes that I need
for my thrid-party app to request from a user of the Reosurce Server by the
authorization server and the Installation tab can be used by both types of
application to generate the Keycloak file that is used for configuring both
types of applications.
All the other settings seem to belong to the Resource Server application,
is this correct?
3) Is there a way to configure the consent screen for the user? E.g. I'd
like to allow the resource owner to enter some data, like "allow
transactions only for amounts below a X value", where X is the data entered
by the user.
More information about the keycloak-user