[aerogear-dev] oAuth with Keycloak OpenId in Android Client

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] oAuth with Keycloak OpenId in Android Client

Andrea Carolina Buitrago

Hi, I want to authenticate a user (using his username and password) in an Android App using aerogear with a server using Keycloak. I haven't been able to do it, help me please.

I currently can authenticate the user without aerogear, but I want to use this library since it can help me to refresh the token when is needed. I authenticate the user making a POST call to the server like this (but from android):

 curl -X POST http://127.0.0.1:8080/auth/realms/example/protocol/openid-connect/token  
 -H "Content-Type: application/x-www-form-urlencoded" -d "username=auser" -d 'password=apassword' -d 'grant_type=password' 
 -d 'client_id=clientId' -d 'client_secret=secret'
What I have tried with Aerogear is this:
private void authz() {
    try {

        AuthzModule authzModule = AuthorizationManager.config("KeyCloakAuthz", OAuth2AuthorizationConfiguration.class)
                .setBaseURL(new URL("http://127.0.0.1:8080/"))
                .setAuthzEndpoint("/realms/example/protocol/openid-connect/auth")
                .setAccessTokenEndpoint("/realms/example/protocol/openid-connect/token")
                .setAccountId("keycloak-token")
                .setClientId("clientId")
                .setClientSecret("secret")
                .setRedirectURL("http://oauth2callback")
                .setScopes(Arrays.asList("openid"))
                .addAdditionalAuthorizationParam((Pair.create("grant_type", "password")))
                .addAdditionalAuthorizationParam((Pair.create("username", "aUserName")))
                .addAdditionalAuthorizationParam((Pair.create("password", "aPassword")))
                .asModule();


        authzModule.requestAccess(this, new Callback<String>() {
            @Override
            public void onSuccess(String o) {
                Log.d("TOKEN ", o);
            }

            @Override
            public void onFailure(Exception e) {
                System.err.println("Error!!");
                Toast.makeText(getApplicationContext(), e.getMessage(), Toast.LENGTH_LONG).show();
            }
        });

    } catch (Exception e) {

        e.printStackTrace();
        throw new RuntimeException(e);
    }
}


However this doesn't do anything. What I don't understand is:

  1. How can I specify that I'm doing and OpenID Connect with Keycloak in Aerogear(Android) ? I've seen it in the swift library but I cannot find it in Android
  2. How and where can I send the username and password?
  3. How can I specify the grant_type? (My HTTP POST to the server does not work if I don't include this, so it's important)

I'm really sorry if this is a very basic question, but I haven't been able to work it out on my own. Any help or documentation would be appreciated.


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] oAuth with Keycloak OpenId in Android Client

Summers Pittman


On Tue, Oct 11, 2016 at 6:11 PM, Andrea Carolina Buitrago <[hidden email]> wrote:

Hi, I want to authenticate a user (using his username and password) in an Android App using aerogear with a server using Keycloak. I haven't been able to do it, help me please.

I currently can authenticate the user without aerogear, but I want to use this library since it can help me to refresh the token when is needed. I authenticate the user making a POST call to the server like this (but from android):

 curl -X POST http://127.0.0.1:8080/auth/realms/example/protocol/openid-connect/token  
 -H "Content-Type: application/x-www-form-urlencoded" -d "username=auser" -d 'password=apassword' -d 'grant_type=password' 
 -d 'client_id=clientId' -d 'client_secret=secret'
What I have tried with Aerogear is this:
private void authz() {
    try {

        AuthzModule authzModule = AuthorizationManager.config("KeyCloakAuthz", OAuth2AuthorizationConfiguration.class)
                .setBaseURL(new URL("http://127.0.0.1:8080/"))
                .setAuthzEndpoint("/realms/example/protocol/openid-connect/auth")
                .setAccessTokenEndpoint("/realms/example/protocol/openid-connect/token")
                .setAccountId("keycloak-token")
                .setClientId("clientId")
                .setClientSecret("secret")
                .setRedirectURL("http://oauth2callback")
                .setScopes(Arrays.asList("openid"))
                .addAdditionalAuthorizationParam((Pair.create("grant_type", "password")))
                .addAdditionalAuthorizationParam((Pair.create("username", "aUserName")))
                .addAdditionalAuthorizationParam((Pair.create("password", "aPassword")))
                .asModule();


        authzModule.requestAccess(this, new Callback<String>() {
            @Override
            public void onSuccess(String o) {
                Log.d("TOKEN ", o);
            }

            @Override
            public void onFailure(Exception e) {
                System.err.println("Error!!");
                Toast.makeText(getApplicationContext(), e.getMessage(), Toast.LENGTH_LONG).show();
            }
        });

    } catch (Exception e) {

        e.printStackTrace();
        throw new RuntimeException(e);
    }
}


However this doesn't do anything. What I don't understand is:

  1. How can I specify that I'm doing and OpenID Connect with Keycloak in Aerogear(Android) ? I've seen it in the swift library but I cannot find it in Android
  2. How and where can I send the username and password?
  3. How can I specify the grant_type? (My HTTP POST to the server does not work if I don't include this, so it's important)

So with OAuth flows you usually don't post a username/password to a server.  OAuth directs you to a trusted page, you input your credentials there, then the service provides to the library a token and the library exchanges that token for a token to use for your session.  In AGDroid we use a webview to show the login page.

I'm not familiar with iOS at all, does it support this workflow there?
I also don't think we've worked with OpenID Connect before.  If it works it is by happy coincidence, but Daniel Passos might be able to provide some insight (he's the other AGDroid developer)

Do you have a github project i can poke at?
 

I'm really sorry if this is a very basic question, but I haven't been able to work it out on my own. Any help or documentation would be appreciated.


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev