I want to know how username and password sent to the method by using Basic authentication in rest in server. I want to go for Basic authentication because of domainname\username.
Is it possible to create custom username and password for basic authentication?
Related
I want usernames (created using an algorithm) to be automatically assigned to users and want to allow login using both this username and email address. How do I do that in Keycloak?
You can use rest api to create user. This way you can use alghoritm to generate username. Documentation is here:
https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_users_resource
In the realm settings go to Login tab and enable Login with email
What would be the best way to create a login via email?
Currently we generate a JWT and send it via email. With this procedure the JWT token will expire at some point. We would like to extend the login (e.g. with code, refresh-token, access-token).
How can you create a fully-fledged login, which you normally get by logging in with username + password?
What other ways are there to provide a login via email?
I want to send Keycloak user reset password email from my web app without using Keycloak SMTP configuration. For that I am trying to generate the reset password link but I am not sure how to generate the code in URL. Are there any API call to generate action code or full reset password URL ? Keycloak generate something like below. I need to generate same. That's the objective.
https://server.com/auth/realms/xxx/login-actions/action-token?key=ffdfdfdfd
There is no such API directly exposed in Keycloak.
Keycloak provides action tokens that permits its bearer to perform some actions, e.g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/action-token-spi.html
This way you can handle your use case.
I am playing with WSSE Authentication (through Symfony2) and I have defined the following classic Login flow :
User enters its username & password & get the associated salt from the server
username & password are checked on the server (ajax call) through a WSSE header check
If Credentials are valid then, required data (i.e data that allow to re-generate a WSSE Header at each request) is stored on the browser
This is fully working.
Now, I would like to add the "Signin with facebook" feature. That's not a problem there's plenty of documentation on it, BUT, my purpose & my difficulty is to keep the WSSE logical working
As the user never enters its password if he logs in with Facebook, I am unable to generate wsse headers, and for this there is no documentation at all.
Would someone have already dealt with such an operation? Thanks in advance
the solution i found is following this order :
1) Create a webservice not under the wsse firewall but secured by a header token or something else like x-token : fdslkjl324l2lrkljlkfsjflkjfkljl2, which return the password encrypted from the database for the given user.
like for example : you should have an webservice to get user salt to encrypt user s password to authenticate through wsse API.
2) use the classic wsse webservices with generated token from the encrypted password following the wsse
now that you have the password encrypted you can simply authenticate under the wsse service.
The most important thing is you don t have to put the user password in plain .
I'm implementing an XMPP client for Google Talk that is using the relatively new X-OAUTH2 mechanism. I had the idea that I shouldn't need to store either username or password for the authentication to the service. However, Google's documentation for the X-OAUTH2 authentication states this is the initial <auth> request to make:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="X-OAUTH2"
auth:service="oauth2"
xmlns:auth="http://www.google.com/talk/protocol/auth">
base64("\0" + user_name + "\0" + oauth_token)
</auth>
Note that it requires the "user_name" to be sent along with the token. Is there something I'm missing here? Or do I really have to have my application prompt for the username? (Note that the user would already have logged in via OAuth2 to receive the access token)
I don't know of any other service that uses OAuth that requires the client to provide a username. For instance, this same app can connect to Facebook Chat via XMPP and OAuth2 without needing the username to be provided in XMPP.
You don't need to prompt for username in your application. Just specify "SCOPE" parameter as "https://www.googleapis.com/auth/userinfo.email".
Refer this. This will give you users email-ID in response along with token.
This Link has detailed explanation about Google Accounts Authentication and Authorization. Username and email-id is returned in getUserInfo() function which you can use in your application.