Skip to content

Latest commit

 

History

History
76 lines (50 loc) · 2.64 KB

README.md

File metadata and controls

76 lines (50 loc) · 2.64 KB
Raw

Auth Exchange - Keycloak Google Token Exchange

This project is created for software developers who want to integrate Keycloak into their systems to enable secure user login and token exchange with Google. Eventually, this will allow users who signin to Keycloak to access Google APIs, such as Calendar, Youtube, Email, etc.

This version extracts the access token from Spring's OAuth2AuthenticationToken.

How to Use

Keycloak

A docker compose file is provide to start a custom docker container (Dockerfile.keycloak).

docker-compose up

Import the realm from the docs folder (realm-export.json).

This realm already contains the configuration for Google Identity provider. Make sure to update the Client ID and secret.

Under the clients' tab, click web-front, and open the credentials tab. Take note of the Client's secret.

Project Configuration

Application Property File

File: src/main/resources/application.yml

Set the following environment variables or modify the property file.

  • KEYCLOAK_CLIENT_SECRET

Keycloak JSON Config

File: src/main/resources/keycloak.json

Set the Keycloak's secret value.

Dockerized Container

A Dockerfile is provided under the docker folder. To build the project from a docker image:

docker build -f ./docker/Dockerfile -t czetsuyatech/auth-exchange-token

Testing Steps

  1. Run the docker compose file in the docker folder.
docker-compose up
  1. Run the application.
  2. Open your web browser and navigate to http://localhost:8081, it will redirect to Keycloak login page.
  3. Click "Save token". It will store the access and refresh token in the database.
  4. Click "Calendar entries". It will generate a new access token from the refresh token stored in the database. This access token will be exchanged for Google access token to be able to call the Google API.
  5. A job can be run to generate a new refresh token.

References