[keycloak-user] Keycloak & API for users to create their own accounts (from iOS)

Scott Corscadden scott at morgiij.com
Tue Nov 15 09:47:52 EST 2016


Hello everyone. Fairly new to the list and the Keycloak technology, so I appreciate your patience. I dislike cross-posting, so I have *not* added  aerogear-users at lists.jboss.org <mailto:aerogear-users at lists.jboss.org>, but suspect I’ll need some input from that side as well. Corinne, I have added you as I suspect you’d be able to decide if I should CC it in. The background:

I’d like to use a Keycloak (2.3.0) deployed instance to abstract user account management, including Facebook/Google/LinkedIn/etc Identity providers. I’ve been able to set up this instance & link it to Facebook without too much trouble; I can log into the keycloak website as a Facebook user. Nginx is being used as the SSL reverse proxy.
The primary “client” is an iOS application, which needs to read graph information from said providers if available. I’ve been able to find a swift 3 fork of the wonderful "aerogear-ios-oauth2” library. A minor change to not assume the Bundle Id can be used as the redirectURL protocol (mine contains dots and dashes, which seems to cause the server to reject with “invalid redirect_url”) and hooray! I can authenticate against Facebook-into-keycloak, receive an Authorization Code, and “exchangeAuthorizationCodeForAccessToken” successfully.

The two problems I am trying to solve (I’ve been trying to find documentation but may be miserably bad at finding it):

Ideally I’m only asking keycloak for graph information (name, address, etc). Thus I *suspect* this is what the “Mappers” section is needed per Identity Provider? Is that right, or not necessary?
The iOS app will have a native “Create account” screen with native Email & Password fields. I’d like to make either an Oauth2 call, or HTTPS POST call to keycloak to do that. I do see the “Create a new user <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>” link, but so far I only see a “temporary password” api. Obviously I could use a native WebView and fill the fields manually but that doesn’t feel quite right. 

Any suggestions here are very, very welcome, and thanks for reading this far. 

I’m very impressed so far with both keycloak and the aerogear Oauth2 library.

./scc


More information about the keycloak-user mailing list