Merge pull request #1116 from stianst/master
Comment out store tokens in admin console, and store/retrieve tokens in ...
This commit is contained in:
commit
18e4be3cc9
4 changed files with 87 additions and 87 deletions
|
@ -284,17 +284,17 @@
|
|||
during the authentication process.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>
|
||||
<literal>Store Tokens</literal>
|
||||
</entry>
|
||||
<entry>
|
||||
Allows you to store tokens issued by an identity provider during the authentication of a specific user.
|
||||
Tokens are stored and can be retrieved later.
|
||||
This options is useful if you are using social authentication and need to access the token in order to invoke the
|
||||
API of a social provider on behalf of the user.
|
||||
</entry>
|
||||
</row>
|
||||
<!--<row>-->
|
||||
<!--<entry>-->
|
||||
<!--<literal>Store Tokens</literal>-->
|
||||
<!--</entry>-->
|
||||
<!--<entry>-->
|
||||
<!--Allows you to store tokens issued by an identity provider during the authentication of a specific user.-->
|
||||
<!--Tokens are stored and can be retrieved later.-->
|
||||
<!--This options is useful if you are using social authentication and need to access the token in order to invoke the-->
|
||||
<!--API of a social provider on behalf of the user.-->
|
||||
<!--</entry>-->
|
||||
<!--</row>-->
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
@ -1097,61 +1097,61 @@
|
|||
</table>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Retrieving Tokens from Identity Providers</title>
|
||||
<para>
|
||||
Keycloak allows you to store tokens and responses from identity providers during the authentication process.
|
||||
For that, you can use the <literal>Store Token</literal> configuration option, as mentioned before.
|
||||
</para>
|
||||
<para>
|
||||
It also allows you to retrieve these tokens and responses once the user is authenticated in order to use their
|
||||
information or use them to invoke external resources protected by these tokens.
|
||||
The latter case is usually related with social providers,
|
||||
where you usually need to use their tokens to invoke methods on their APIs.
|
||||
</para>
|
||||
<para>
|
||||
To retrieve a token for a particular identity provider you need to send a request as follows:
|
||||
</para>
|
||||
<programlisting language="JAVA"><![CDATA[GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1
|
||||
Host: localhost:8080
|
||||
Authorization: Bearer {keycloak_access_token}]]></programlisting>
|
||||
<para>
|
||||
In this case, given that you are accessing an protected service in Keycloak, you need to send the access token
|
||||
issued by Keycloak during the user authentication.
|
||||
</para>
|
||||
<para>
|
||||
By default, the Keycloak access token issued for the application can't be automatically used for retrieve thirdparty token. You will
|
||||
need to enable this in admin console first:
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Click 'Applications' on the left side menu.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Select an application from the list.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Click the 'Identity Provider' tab.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
From this page you can configure if an application is allowed to retrieve tokens from an specific identity provider. For that,
|
||||
just click on the <emphasis>Can Retrieve Token</emphasis> button.
|
||||
</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
If your application is not at the same origin as the authentication server, make sure you have properly configured CORS.
|
||||
</para>
|
||||
</note>
|
||||
</section>
|
||||
<!--<section>-->
|
||||
<!--<title>Retrieving Tokens from Identity Providers</title>-->
|
||||
<!--<para>-->
|
||||
<!--Keycloak allows you to store tokens and responses from identity providers during the authentication process.-->
|
||||
<!--For that, you can use the <literal>Store Token</literal> configuration option, as mentioned before.-->
|
||||
<!--</para>-->
|
||||
<!--<para>-->
|
||||
<!--It also allows you to retrieve these tokens and responses once the user is authenticated in order to use their-->
|
||||
<!--information or use them to invoke external resources protected by these tokens.-->
|
||||
<!--The latter case is usually related with social providers,-->
|
||||
<!--where you usually need to use their tokens to invoke methods on their APIs.-->
|
||||
<!--</para>-->
|
||||
<!--<para>-->
|
||||
<!--To retrieve a token for a particular identity provider you need to send a request as follows:-->
|
||||
<!--</para>-->
|
||||
<!--<programlisting language="JAVA"><![CDATA[GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1-->
|
||||
<!--Host: localhost:8080-->
|
||||
<!--Authorization: Bearer {keycloak_access_token}]]></programlisting>-->
|
||||
<!--<para>-->
|
||||
<!--In this case, given that you are accessing an protected service in Keycloak, you need to send the access token-->
|
||||
<!--issued by Keycloak during the user authentication.-->
|
||||
<!--</para>-->
|
||||
<!--<para>-->
|
||||
<!--By default, the Keycloak access token issued for the application can't be automatically used for retrieve thirdparty token. You will-->
|
||||
<!--need to enable this in admin console first:-->
|
||||
<!--<orderedlist>-->
|
||||
<!--<listitem>-->
|
||||
<!--<para>-->
|
||||
<!--Click 'Applications' on the left side menu.-->
|
||||
<!--</para>-->
|
||||
<!--</listitem>-->
|
||||
<!--<listitem>-->
|
||||
<!--<para>-->
|
||||
<!--Select an application from the list.-->
|
||||
<!--</para>-->
|
||||
<!--</listitem>-->
|
||||
<!--<listitem>-->
|
||||
<!--<para>-->
|
||||
<!--Click the 'Identity Provider' tab.-->
|
||||
<!--</para>-->
|
||||
<!--</listitem>-->
|
||||
<!--<listitem>-->
|
||||
<!--<para>-->
|
||||
<!--From this page you can configure if an application is allowed to retrieve tokens from an specific identity provider. For that,-->
|
||||
<!--just click on the <emphasis>Can Retrieve Token</emphasis> button.-->
|
||||
<!--</para>-->
|
||||
<!--</listitem>-->
|
||||
<!--</orderedlist>-->
|
||||
<!--</para>-->
|
||||
<!--<note>-->
|
||||
<!--<para>-->
|
||||
<!--If your application is not at the same origin as the authentication server, make sure you have properly configured CORS.-->
|
||||
<!--</para>-->
|
||||
<!--</note>-->
|
||||
<!--</section>-->
|
||||
|
||||
<section>
|
||||
<title>Automatically Select and Identity Provider</title>
|
||||
|
|
|
@ -41,13 +41,13 @@
|
|||
</div>
|
||||
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||
<div class="col-sm-4">
|
||||
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<!--<div class="form-group">-->
|
||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
||||
<!--<div class="col-sm-4">-->
|
||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
||||
<!--</div>-->
|
||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
||||
<!--</div>-->
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
||||
<div class="col-sm-4">
|
||||
|
|
|
@ -41,13 +41,13 @@
|
|||
</div>
|
||||
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||
<div class="col-sm-4">
|
||||
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<!--<div class="form-group">-->
|
||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
||||
<!--<div class="col-sm-4">-->
|
||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
||||
<!--</div>-->
|
||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
||||
<!--</div>-->
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
||||
<div class="col-sm-4">
|
||||
|
|
|
@ -45,13 +45,13 @@
|
|||
</div>
|
||||
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||
<div class="col-sm-4">
|
||||
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||
</div>
|
||||
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>
|
||||
</div>
|
||||
<!--<div class="form-group">-->
|
||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
||||
<!--<div class="col-sm-4">-->
|
||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
||||
<!--</div>-->
|
||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
||||
<!--</div>-->
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
|
||||
<div class="col-sm-4">
|
||||
|
|
Loading…
Reference in a new issue