keycloak-uncached
Changes
admin-ui/src/main/resources/META-INF/resources/admin/partials/provider/facebook-help.html 32(+0 -32)
docbook/reference/en/en-US/master.xml 18(+18 -0)
pom.xml 2(+1 -1)
Details
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
index b7b113a..fcd5d13 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
@@ -696,15 +696,6 @@ module.controller('RealmSocialCtrl', function($scope, realm, Realm, $location, N
initSocial();
};
- $scope.openHelp = function(pId) {
- $scope.helpPId = pId;
- $scope.providerHelpModal = true;
- };
-
- $scope.closeHelp = function() {
- $scope.providerHelpModal = false;
- };
-
});
module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, TimeUnit) {
diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
index bd6dde2..b78cfa0 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/partials/realm-social.html
@@ -21,6 +21,12 @@
<li class="active">Social</li>
</ol>
<h2><span>{{realm.realm}}</span> Social Providers Settings</h2>
+
+
+ <div class="feedback info inline">
+ <p><strong>Social Callback URL:</strong> {{callbackUrl}}</p>
+ </div>
+
<form name="realmForm" novalidate>
<fieldset>
<div>
@@ -64,7 +70,6 @@
ng-class="{'dirty': postSaveProviders.indexOf(pId) > -1}" required>
</td>
<td>
- <div class="action-div"><i class="icon-question" ng-click="openHelp(pId)"></i></div>
<div class="action-div"><i class="icon-remove" ng-click="removeProvider(pId)"></i></div>
</td>
</tr>
@@ -72,6 +77,7 @@
</table>
</div>
</fieldset>
+
<div class="form-actions">
<button type="submit" kc-save class="primary" data-ng-show="changed">Save
changes
@@ -86,22 +92,6 @@
</div>
</div>
-<div modal="providerHelpModal" close="closeHelp()" options="opts">
- <div class="modal-dialog">
- <div class="modal-content">
- <div class="modal-header">
- <h3>Configure {{helpPId}}</h3>
- </div>
- <div class="modal-body">
- <div ng-include src="'partials/provider/'+ helpPId +'-help.html'"></div>
- </div>
- <div class="modal-footer">
- <button ng-click="closeHelp()">Close</button>
- </div>
- </div>
- </div>
-</div>
-
<!-- TODO remove once this page is properly styled -->
<style type="text/css">
.social-provider input.ng-invalid.dirty,
docbook/reference/en/en-US/master.xml 18(+18 -0)
diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index a984d7d..dbc06a7 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -7,6 +7,11 @@
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
<!ENTITY WildflyAdapter SYSTEM "modules/wildfly-adapter.xml">
<!ENTITY EAP6Adapter SYSTEM "modules/eap6-adapter.xml">
+ <!ENTITY SocialConfig SYSTEM "modules/social-config.xml">
+ <!ENTITY SocialFacebook SYSTEM "modules/social-facebook.xml">
+ <!ENTITY SocialGoogle SYSTEM "modules/social-google.xml">
+ <!ENTITY SocialTwitter SYSTEM "modules/social-twitter.xml">
+ <!ENTITY SocialProviderSPI SYSTEM "modules/social-spi.xml">
]>
<book>
@@ -55,5 +60,18 @@
&EAP6Adapter;
</chapter>
+ <chapter>
+ <title>Social</title>
+ <para>
+ Social login description
+ </para>
+ &SocialConfig;
+ &SocialFacebook;
+ &SocialGoogle;
+ &SocialTwitter;
+ &SocialProviderSPI;
+ </chapter>
+
</book>
+
diff --git a/docbook/reference/en/en-US/modules/social-config.xml b/docbook/reference/en/en-US/modules/social-config.xml
new file mode 100644
index 0000000..3de1328
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/social-config.xml
@@ -0,0 +1,17 @@
+<section id="social-config">
+ <title>Social Login Config</title>
+ <para>
+ Social login config description
+ </para>
+
+ <section id="social-callbackurl">
+ <title>Social Callback URL</title>
+ <para>
+ There is a single callback url used by all realms and social providers. This makes it possible to share
+ the configuration for a social network between multiple realms. An example callback url is
+ <literal>http://localhost:8080/auth/rest/social/callback</literal>. To get the callback url for your server
+ replace <literal>http://localhost:8080</literal> with the base address of your server. You can also
+ find the callback url in the Keycloak Admin Console under social settings.
+ </para>
+ </section>
+</section>
\ No newline at end of file
diff --git a/docbook/reference/en/en-US/modules/social-facebook.xml b/docbook/reference/en/en-US/modules/social-facebook.xml
new file mode 100644
index 0000000..f173d21
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/social-facebook.xml
@@ -0,0 +1,45 @@
+<section id="social-facebook">
+ <title>Facebook</title>
+ <para>
+ To enable login with Facebook you first have to create an app in the
+ <ulink url="https://developers.facebook.com/">Facebook Developer Console</ulink>. Then you need to copy
+ the client id and secret into the Keycloak Admin Console.
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ Log in to the <ulink url="https://developers.facebook.com/">Facebook Developer Console</ulink>. Click
+ <literal>Apps</literal> in the menu and select <literal>Create a New App</literal>. Use any value for
+ <literal>Display Name</literal> and <literal>Category</literal> you want, then click the
+ <literal>Create App</literal> button. Wait for the project to be created (this may take a while). If after
+ creating the app you are not redirected to the app settings, click on <literal>Apps</literal> in the
+ menu and select the app you created.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Once the app has been created click on <literal>Settings</literal> in sidebar on the left. Then click
+ on <literal>Advanced</literal>. Under <literal>Security</literal> make sure
+ <literal>Client OAuth Login</literal> is enabled. In <literal>Valid OAuth redirect URIs</literal> insert
+ the <link linkend="social-callbackurl">social callback url</link>. Facebook doesn't allow
+ <literal>localhost</literal> in the redirect URI, so if you are testing on a local server replace
+ <literal>localhost</literal> with <literal>127.0.0.1</literal>. Scroll down and click on the
+ <literal>Save Changes</literal> button.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Click <literal>Status & Review</literal> and select <literal>YES</literal> for <literal>Do you want
+ to make this app and all its live features available to the general public?</literal>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Click <literal>Basic</literal>. Copy <literal>App ID</literal> and <literal>App Secret</literal>
+ (click <literal>show</literal>) from the <ulink url="https://developers.facebook.com/">Facebook Developer Console</ulink> into the
+ settings page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then
+ click <literal>Save</literal> in the Keycloak Admin Console to enable login with Facebook.
+ </para>
+ </listitem>
+ </orderedlist>
+</section>
\ No newline at end of file
diff --git a/docbook/reference/en/en-US/modules/social-google.xml b/docbook/reference/en/en-US/modules/social-google.xml
new file mode 100644
index 0000000..6be385d
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/social-google.xml
@@ -0,0 +1,48 @@
+<section id="social-google">
+ <title>Google</title>
+ <para>
+ To enable login with Google you first have to create a project and a client in the
+ <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Then you need to copy
+ the client id and secret into the Keycloak Admin Console.
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ Log in to the <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>. Click the
+ <literal>Create Project</literal> button. Use any value for <literal>Project name</literal> and
+ <literal>Project ID</literal> you want, then click the <literal>Create</literal> button. Wait for the project to
+ be created (this may take a while).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Once the project has been created click on <literal>APIs & auth</literal> in sidebar on the left. To retrieve
+ user profiles the <literal>Google+ API</literal> has to be enabled. Scroll down to find it in the list. If its
+ status is <literal>OFF</literal>, click on <literal>OFF</literal> to enable it (it should move to the top of
+ the list and the status should be <literal>ON</literal>).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Now click <literal>Credentials</literal> in the sidebar on the left. Then click
+ <literal>Create New Client ID</literal>. Select <literal>Web application</literal> as
+ <literal>Application type</literal>. Empty the <literal>Authorized Javascript origins</literal> textarea. In
+ <literal>Authorized redirect URI</literal> enter the <link linkend="social-callbackurl">social callback url</link>
+ for your realm. Click the <literal>Create Client ID</literal> button.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Copy <literal>Client ID</literal> and <literal>Client secret</literal> from the
+ <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink> into the settings
+ page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
+ <literal>Save</literal> in the Keycloak Admin Console to enable login with Google.
+ </para>
+ </listitem>
+ </orderedlist>
+ <para>
+ You may also want to configure how the Google Consent Screen looks when users log in to your application via
+ Google. To do this go to <ulink url="https://cloud.google.com/console/project">Google Developer Console</ulink>
+ and click on <literal>Consent Screen</literal> in the sidebar to the left.
+ </para>
+</section>
\ No newline at end of file
diff --git a/docbook/reference/en/en-US/modules/social-spi.xml b/docbook/reference/en/en-US/modules/social-spi.xml
new file mode 100644
index 0000000..b6de7f3
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/social-spi.xml
@@ -0,0 +1,11 @@
+<section id="social-spi">
+ <title>Social Provider SPI</title>
+ <para>
+ Keycloak provides an SPI to make it easy to add additional social providers. This is done by implementing the
+ <ulink url="https://raw.github.com/keycloak/keycloak/master/social/core/src/main/java/org/keycloak/social/SocialProvider.java">SocialProvider</ulink>
+ interface and providing a provider configuration file (<literal>META-INF/services/org.keycloak.social.SocialProvider</literal>).
+ </para>
+ <para>
+ A good reference for implementing a Social Provider is the <ulink url="https://github.com/keycloak/keycloak/tree/master/social/google">Google provider</ulink>.
+ </para>
+</section>
\ No newline at end of file
diff --git a/docbook/reference/en/en-US/modules/social-twitter.xml b/docbook/reference/en/en-US/modules/social-twitter.xml
new file mode 100644
index 0000000..316a178
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/social-twitter.xml
@@ -0,0 +1,35 @@
+<section id="social-twitter">
+ <title>Twitter</title>
+ <para>
+ To enable login with Twtter you first have to create an application in the
+ <ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink>. Then you need to copy
+ the consumer key and secret into the Keycloak Admin Console.
+ </para>
+ <orderedlist>
+ <listitem>
+ <para>
+ Log in to the <ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink>. Click the
+ <literal>Create a new application</literal> button. Use any value for <literal>Name</literal>,
+ <literal>Description</literal> and <literal>Website</literal> you want. Insert the social callback url
+ in <literal>Callback URL</literal>. Twitter doesn't allow <literal>localhost</literal> in the redirect URI,
+ so if you are testing on a local server replace <literal>localhost</literal> with <literal>127.0.0.1</literal>.
+ Twitter also restricts connection to TLS/SSL connections only, this means that you have to use HTTPS to
+ access Keycloak in order to log in via Twitter. Then click <literal>Create your Twitter application</literal>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Now click on <literal>Settings</literal> and tick the box <literal>Allow this application to be used to Sign in with Twitter</literal>,
+ then click on <literal>Update this Twitter application's settings</literal>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Now click <literal>Details</literal>. Copy <literal>Consumer key</literal> and <literal>Consumer secret</literal> from the
+ <ulink url="https://dev.twitter.com/apps">Twitter Developer Console</ulink> into the settings
+ page in the Keycloak Admin Console as the <literal>Key</literal> and <literal>Secret</literal>. Then click
+ <literal>Save</literal> in the Keycloak Admin Console to enable login with Twitter.
+ </para>
+ </listitem>
+ </orderedlist>
+</section>
\ No newline at end of file
pom.xml 2(+1 -1)
diff --git a/pom.xml b/pom.xml
index 91fd676..cfed889 100755
--- a/pom.xml
+++ b/pom.xml
@@ -269,7 +269,7 @@
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>
- <version>3.0.3</version>
+ <version>3.0.5</version>
</dependency>
<!-- QR Code Generator -->
diff --git a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
index ac9bc86..8b911b2 100755
--- a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookProvider.java
@@ -44,9 +44,12 @@ public class FacebookProvider implements SocialProvider {
public AuthRequest getAuthUrl(SocialProviderConfig config) throws SocialProviderException {
String state = UUID.randomUUID().toString();
+ String redirectUri = config.getCallbackUrl();
+ redirectUri = redirectUri.replace("//localhost", "//127.0.0.1");
+
return AuthRequest.create(state, AUTHENTICATION_ENDPOINT_URL).setQueryParam("client_id", config.getKey())
.setQueryParam("response_type", DEFAULT_RESPONSE_TYPE).setQueryParam("scope", DEFAULT_SCOPE)
- .setQueryParam("redirect_uri", config.getCallbackUrl()).setQueryParam("state", state).setAttribute("state", state).build();
+ .setQueryParam("redirect_uri", redirectUri).setQueryParam("state", state).setAttribute("state", state).build();
}
@Override
diff --git a/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java b/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java
index 8f7a508..b3b07db 100755
--- a/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java
+++ b/social/twitter/src/main/java/org/keycloak/social/twitter/TwitterProvider.java
@@ -42,12 +42,15 @@ public class TwitterProvider implements SocialProvider {
}
@Override
- public AuthRequest getAuthUrl(SocialProviderConfig request) throws SocialProviderException {
+ public AuthRequest getAuthUrl(SocialProviderConfig config) throws SocialProviderException {
try {
Twitter twitter = new TwitterFactory().getInstance();
- twitter.setOAuthConsumer(request.getKey(), request.getSecret());
+ twitter.setOAuthConsumer(config.getKey(), config.getSecret());
+
+ String redirectUri = config.getCallbackUrl();
+ redirectUri = redirectUri.replace("//localhost", "//127.0.0.1");
- RequestToken requestToken = twitter.getOAuthRequestToken(request.getCallbackUrl());
+ RequestToken requestToken = twitter.getOAuthRequestToken(redirectUri);
return AuthRequest.create(requestToken.getToken(), requestToken.getAuthenticationURL())
.setAttribute("token", requestToken.getToken()).setAttribute("tokenSecret", requestToken.getTokenSecret())