Add Keycloak support

[thymen]

I was wondering whether there are any plans on adding Keycloak support? My colleagues and I are planning an experiment in which participants need to use different tools (including Open mHealth, Ohmage and some custom feedback/dashboard webapps). It would be nice if participants could use the same credentials on all tools. Keycloak might be the way to go for such functionality. I read that Keycloak has a Spring Security Adapter which makes me believe that it is quite feasible to integrate it with Open mHealth.

[emersonf]

We looked into Keycloak and Auth0 a couple of months ago, thinking we could properly decouple the authorization server from the resource server and let people use whatever auth server they want (or already use). We found that to support different auth servers, we'd need to write custom code in the resource server and pull in different libraries. The OAuth RFC doesn't specify an API for token validation, and as a result, Spring Security OAuth, Auth0, Keycloak, and likely every other service expose different endpoints.

So we shelved it until we get any demand for it. Yours is the first. We're currently working on supporting expressive queries in the data point API, but we'll add this request to the backlog.