[keycloak-user] Mobile app authentication flow

Joe Livu ljbanii at gmail.com
Wed Nov 7 15:25:13 EST 2018


Hi,

I came across KeyCloak while searching for a security provider and was
immediately impressed.

I am planning on building a REST API using ASP.NET <http://asp.net/> Core
Web API to be consumed by a mobile application to be built using Google's
Flutter framework. I have a few questions.

1. Would KeyCloak be suitable for securing my REST API Whig is built using
C# (ASP.NET <http://asp.net/> Core Web API)? If so, can I get a brief
explanation and steps that need to be taken to achieve this?

2. Now I need my mobile app to consume the REST API secured by KeyCloak.
For authenticating users (e.g., via login screen using username/password
credentials), how would this be done? Which grant type and flow will be
suitable? The Web application demos shows a redirect to the KeyCloak server
for authentication and then back to the app. It seems this cannot be
applied for mobile apps (correct me if am wrong), so what would be the best
approach for a mobile application? I would think KeyCloak would provide a
REST API for such cases but I can only find an Admin REST API for admin
purposes only Any help regarding this would very much appreciated.

Kind regards,

Joe Livu


More information about the keycloak-user mailing list