Examples with BrokeredIdentityContext org.keycloak.broker.provider.BrokeredIdentityContext used on opensource projects

Search in sources :

Example 16 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class PayPalIdentityProvider method extractIdentityFromProfile.

@Override
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode profile) {
    BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));
    user.setUsername(getJsonProperty(profile, "email"));
    user.setName(getJsonProperty(profile, "name"));
    user.setEmail(getJsonProperty(profile, "email"));
    user.setIdpConfig(getConfig());
    user.setIdp(this);
    AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
    return user;
}
Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 17 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class LegacyIdIdentityProvider method getFederatedIdentity.

@Override
public BrokeredIdentityContext getFederatedIdentity(String response) {
    BrokeredIdentityContext user = super.getFederatedIdentity(response);
    user.setLegacyId(LEGACY_ID);
    return user;
}
Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 18 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class AbstractOAuth2IdentityProvider method validateExternalTokenThroughUserInfo.

protected BrokeredIdentityContext validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType) {
    event.detail("validation_method", "user info");
    SimpleHttp.Response response = null;
    int status = 0;
    try {
        String userInfoUrl = getProfileEndpointForValidation(event);
        response = buildUserInfoRequest(subjectToken, userInfoUrl).asResponse();
        status = response.getStatus();
    } catch (IOException e) {
        logger.debug("Failed to invoke user info for external exchange", e);
    }
    if (status != 200) {
        logger.debug("Failed to invoke user info status: " + status);
        event.detail(Details.REASON, "user info call failure");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    JsonNode profile = null;
    try {
        profile = response.asJson();
    } catch (IOException e) {
        event.detail(Details.REASON, "user info call failure");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    BrokeredIdentityContext context = extractIdentityFromProfile(event, profile);
    if (context.getId() == null) {
        event.detail(Details.REASON, "user info call failure");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    return context;
}
Also used : SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) ErrorResponseException(org.keycloak.services.ErrorResponseException) JsonNode(com.fasterxml.jackson.databind.JsonNode) IOException(java.io.IOException) AuthorizationEndpoint(org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 19 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class AbstractOAuth2IdentityProvider method getFederatedIdentity.

public BrokeredIdentityContext getFederatedIdentity(String response) {
    String accessToken = extractTokenFromResponse(response, getAccessTokenResponseParameter());
    if (accessToken == null) {
        throw new IdentityBrokerException("No access token available in OAuth server response: " + response);
    }
    BrokeredIdentityContext context = doGetFederatedIdentity(accessToken);
    context.getContextData().put(FEDERATED_ACCESS_TOKEN, accessToken);
    return context;
}
Also used : IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 20 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OIDCIdentityProvider method validateJwt.

protected final BrokeredIdentityContext validateJwt(EventBuilder event, String subjectToken, String subjectTokenType) {
    if (!getConfig().isValidateSignature()) {
        return validateExternalTokenThroughUserInfo(event, subjectToken, subjectTokenType);
    }
    event.detail("validation_method", "signature");
    if (getConfig().isUseJwksUrl()) {
        if (getConfig().getJwksUrl() == null) {
            event.detail(Details.REASON, "jwks url unset");
            event.error(Errors.INVALID_CONFIG);
            throw new ErrorResponseException(Errors.INVALID_CONFIG, "Invalid server config", Response.Status.BAD_REQUEST);
        }
    } else if (getConfig().getPublicKeySignatureVerifier() == null) {
        event.detail(Details.REASON, "public key unset");
        event.error(Errors.INVALID_CONFIG);
        throw new ErrorResponseException(Errors.INVALID_CONFIG, "Invalid server config", Response.Status.BAD_REQUEST);
    }
    JsonWebToken parsedToken = null;
    try {
        parsedToken = validateToken(subjectToken, true);
    } catch (IdentityBrokerException e) {
        logger.debug("Unable to validate token for exchange", e);
        event.detail(Details.REASON, "token validation failure");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    try {
        boolean idTokenType = OAuth2Constants.ID_TOKEN_TYPE.equals(subjectTokenType);
        BrokeredIdentityContext context = extractIdentity(null, idTokenType ? null : subjectToken, parsedToken);
        if (context == null) {
            event.detail(Details.REASON, "Failed to extract identity from token");
            event.error(Errors.INVALID_TOKEN);
            throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
        }
        if (idTokenType) {
            context.getContextData().put(VALIDATED_ID_TOKEN, subjectToken);
        } else {
            context.getContextData().put(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN, parsedToken);
        }
        context.getContextData().put(EXCHANGE_PROVIDER, getConfig().getAlias());
        context.setIdp(this);
        context.setIdpConfig(getConfig());
        return context;
    } catch (IOException e) {
        logger.debug("Unable to extract identity from identity token", e);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
}
Also used : IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException) ErrorResponseException(org.keycloak.services.ErrorResponseException) IOException(java.io.IOException) JsonWebToken(org.keycloak.representations.JsonWebToken) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Aggregations

BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)40 IOException (java.io.IOException)12 IdentityBrokerException (org.keycloak.broker.provider.IdentityBrokerException)12 JsonNode (com.fasterxml.jackson.databind.JsonNode)11 SerializedBrokeredIdentityContext (org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)6 ErrorResponseException (org.keycloak.services.ErrorResponseException)6 OAuthErrorException (org.keycloak.OAuthErrorException)5 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)5 Map (java.util.Map)3 AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)3 SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)3 HashMap (java.util.HashMap)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 MediaType (javax.ws.rs.core.MediaType)2 Response (javax.ws.rs.core.Response)2 Test (org.junit.Test)2 IdentityProvider (org.keycloak.broker.provider.IdentityProvider)2 JWSInput (org.keycloak.jose.jws.JWSInput)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial