Merge pull request #1116 from stianst/master

Comment out store tokens in admin console, and store/retrieve tokens in ...
This commit is contained in:
Stian Thorgersen 2015-04-02 13:13:41 +02:00
commit 18e4be3cc9
4 changed files with 87 additions and 87 deletions

View file

@ -284,17 +284,17 @@
during the authentication process.
</entry>
</row>
<row>
<entry>
<literal>Store Tokens</literal>
</entry>
<entry>
Allows you to store tokens issued by an identity provider during the authentication of a specific user.
Tokens are stored and can be retrieved later.
This options is useful if you are using social authentication and need to access the token in order to invoke the
API of a social provider on behalf of the user.
</entry>
</row>
<!--<row>-->
<!--<entry>-->
<!--<literal>Store Tokens</literal>-->
<!--</entry>-->
<!--<entry>-->
<!--Allows you to store tokens issued by an identity provider during the authentication of a specific user.-->
<!--Tokens are stored and can be retrieved later.-->
<!--This options is useful if you are using social authentication and need to access the token in order to invoke the-->
<!--API of a social provider on behalf of the user.-->
<!--</entry>-->
<!--</row>-->
</tbody>
</tgroup>
</table>
@ -1097,61 +1097,61 @@
</table>
</section>
<section>
<title>Retrieving Tokens from Identity Providers</title>
<para>
Keycloak allows you to store tokens and responses from identity providers during the authentication process.
For that, you can use the <literal>Store Token</literal> configuration option, as mentioned before.
</para>
<para>
It also allows you to retrieve these tokens and responses once the user is authenticated in order to use their
information or use them to invoke external resources protected by these tokens.
The latter case is usually related with social providers,
where you usually need to use their tokens to invoke methods on their APIs.
</para>
<para>
To retrieve a token for a particular identity provider you need to send a request as follows:
</para>
<programlisting language="JAVA"><![CDATA[GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1
Host: localhost:8080
Authorization: Bearer {keycloak_access_token}]]></programlisting>
<para>
In this case, given that you are accessing an protected service in Keycloak, you need to send the access token
issued by Keycloak during the user authentication.
</para>
<para>
By default, the Keycloak access token issued for the application can't be automatically used for retrieve thirdparty token. You will
need to enable this in admin console first:
<orderedlist>
<listitem>
<para>
Click 'Applications' on the left side menu.
</para>
</listitem>
<listitem>
<para>
Select an application from the list.
</para>
</listitem>
<listitem>
<para>
Click the 'Identity Provider' tab.
</para>
</listitem>
<listitem>
<para>
From this page you can configure if an application is allowed to retrieve tokens from an specific identity provider. For that,
just click on the <emphasis>Can Retrieve Token</emphasis> button.
</para>
</listitem>
</orderedlist>
</para>
<note>
<para>
If your application is not at the same origin as the authentication server, make sure you have properly configured CORS.
</para>
</note>
</section>
<!--<section>-->
<!--<title>Retrieving Tokens from Identity Providers</title>-->
<!--<para>-->
<!--Keycloak allows you to store tokens and responses from identity providers during the authentication process.-->
<!--For that, you can use the <literal>Store Token</literal> configuration option, as mentioned before.-->
<!--</para>-->
<!--<para>-->
<!--It also allows you to retrieve these tokens and responses once the user is authenticated in order to use their-->
<!--information or use them to invoke external resources protected by these tokens.-->
<!--The latter case is usually related with social providers,-->
<!--where you usually need to use their tokens to invoke methods on their APIs.-->
<!--</para>-->
<!--<para>-->
<!--To retrieve a token for a particular identity provider you need to send a request as follows:-->
<!--</para>-->
<!--<programlisting language="JAVA"><![CDATA[GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1-->
<!--Host: localhost:8080-->
<!--Authorization: Bearer {keycloak_access_token}]]></programlisting>-->
<!--<para>-->
<!--In this case, given that you are accessing an protected service in Keycloak, you need to send the access token-->
<!--issued by Keycloak during the user authentication.-->
<!--</para>-->
<!--<para>-->
<!--By default, the Keycloak access token issued for the application can't be automatically used for retrieve thirdparty token. You will-->
<!--need to enable this in admin console first:-->
<!--<orderedlist>-->
<!--<listitem>-->
<!--<para>-->
<!--Click 'Applications' on the left side menu.-->
<!--</para>-->
<!--</listitem>-->
<!--<listitem>-->
<!--<para>-->
<!--Select an application from the list.-->
<!--</para>-->
<!--</listitem>-->
<!--<listitem>-->
<!--<para>-->
<!--Click the 'Identity Provider' tab.-->
<!--</para>-->
<!--</listitem>-->
<!--<listitem>-->
<!--<para>-->
<!--From this page you can configure if an application is allowed to retrieve tokens from an specific identity provider. For that,-->
<!--just click on the <emphasis>Can Retrieve Token</emphasis> button.-->
<!--</para>-->
<!--</listitem>-->
<!--</orderedlist>-->
<!--</para>-->
<!--<note>-->
<!--<para>-->
<!--If your application is not at the same origin as the authentication server, make sure you have properly configured CORS.-->
<!--</para>-->
<!--</note>-->
<!--</section>-->
<section>
<title>Automatically Select and Identity Provider</title>

View file

@ -41,13 +41,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
<div class="col-sm-4">

View file

@ -41,13 +41,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
<div class="col-sm-4">

View file

@ -45,13 +45,13 @@
</div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4">