Examples with BrokeredIdentityContext - org.keycloak.broker.provider.BrokeredIdentityContext

Example 26 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class AbstractOAuth2IdentityProvider method exchangeExternal.

public final BrokeredIdentityContext exchangeExternal(EventBuilder event, MultivaluedMap<String, String> params) {
    if (!supportsExternalExchange())
        return null;
    BrokeredIdentityContext context = exchangeExternalImpl(event, params);
    if (context != null) {
        context.setIdp(this);
        context.setIdpConfig(getConfig());
    }
    return context;
}

Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 27 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OIDCIdentityProvider method getFederatedIdentity.

@Override
public BrokeredIdentityContext getFederatedIdentity(String response) {
    AccessTokenResponse tokenResponse = null;
    try {
        tokenResponse = JsonSerialization.readValue(response, AccessTokenResponse.class);
    } catch (IOException e) {
        throw new IdentityBrokerException("Could not decode access token response.", e);
    }
    String accessToken = verifyAccessToken(tokenResponse);
    String encodedIdToken = tokenResponse.getIdToken();
    JsonWebToken idToken = validateToken(encodedIdToken);
    try {
        BrokeredIdentityContext identity = extractIdentity(tokenResponse, accessToken, idToken);
        if (!identity.getId().equals(idToken.getSubject())) {
            throw new IdentityBrokerException("Mismatch between the subject in the id_token and the subject from the user_info endpoint");
        }
        identity.getContextData().put(BROKER_NONCE_PARAM, idToken.getOtherClaims().get(OIDCLoginProtocol.NONCE_PARAM));
        if (getConfig().isStoreToken()) {
            if (tokenResponse.getExpiresIn() > 0) {
                long accessTokenExpiration = Time.currentTime() + tokenResponse.getExpiresIn();
                tokenResponse.getOtherClaims().put(ACCESS_TOKEN_EXPIRATION, accessTokenExpiration);
                response = JsonSerialization.writeValueAsString(tokenResponse);
            }
            identity.setToken(response);
        }
        return identity;
    } catch (Exception e) {
        throw new IdentityBrokerException("Could not fetch attributes from userinfo endpoint.", e);
    }
}

Also used : IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException) IOException(java.io.IOException) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) JsonWebToken(org.keycloak.representations.JsonWebToken) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) OAuthErrorException(org.keycloak.OAuthErrorException) ErrorResponseException(org.keycloak.services.ErrorResponseException) JWSInputException(org.keycloak.jose.jws.JWSInputException) IOException(java.io.IOException) IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)

Example 28 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OIDCIdentityProvider method extractIdentityFromProfile.

@Override
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode userInfo) {
    String id = getJsonProperty(userInfo, "sub");
    if (id == null) {
        event.detail(Details.REASON, "sub claim is null from user info json");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    BrokeredIdentityContext identity = new BrokeredIdentityContext(id);
    String name = getJsonProperty(userInfo, "name");
    String preferredUsername = getUsernameFromUserInfo(userInfo);
    String givenName = getJsonProperty(userInfo, "given_name");
    String familyName = getJsonProperty(userInfo, "family_name");
    String email = getJsonProperty(userInfo, "email");
    AbstractJsonUserAttributeMapper.storeUserProfileForMapper(identity, userInfo, getConfig().getAlias());
    identity.setId(id);
    if (givenName != null) {
        identity.setFirstName(givenName);
    }
    if (familyName != null) {
        identity.setLastName(familyName);
    }
    if (givenName == null && familyName == null) {
        identity.setName(name);
    }
    identity.setEmail(email);
    identity.setBrokerUserId(getConfig().getAlias() + "." + id);
    if (preferredUsername == null) {
        preferredUsername = email;
    }
    if (preferredUsername == null) {
        preferredUsername = id;
    }
    identity.setUsername(preferredUsername);
    return identity;
}

Also used : ErrorResponseException(org.keycloak.services.ErrorResponseException) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 29 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OpenshiftV4IdentityProvider method doGetFederatedIdentity.

@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
    try {
        final JsonNode profile = fetchProfile(accessToken);
        final BrokeredIdentityContext user = extractUserContext(profile);
        AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
        return user;
    } catch (Exception e) {
        throw new IdentityBrokerException("Could not obtain user profile from Openshift.", e);
    }
}

Also used : IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException) JsonNode(com.fasterxml.jackson.databind.JsonNode) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) IOException(java.io.IOException) IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)

Example 30 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OpenshiftV4IdentityProvider method extractIdentityFromProfile.

@Override
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode profile) {
    final BrokeredIdentityContext user = extractUserContext(profile);
    AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
    return user;
}

Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Aggregations

BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)40 IOException (java.io.IOException)12 IdentityBrokerException (org.keycloak.broker.provider.IdentityBrokerException)12 JsonNode (com.fasterxml.jackson.databind.JsonNode)11 SerializedBrokeredIdentityContext (org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)6 ErrorResponseException (org.keycloak.services.ErrorResponseException)6 OAuthErrorException (org.keycloak.OAuthErrorException)5 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)5 Map (java.util.Map)3 AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)3 SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)3 HashMap (java.util.HashMap)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 MediaType (javax.ws.rs.core.MediaType)2 Response (javax.ws.rs.core.Response)2 Test (org.junit.Test)2 IdentityProvider (org.keycloak.broker.provider.IdentityProvider)2 JWSInput (org.keycloak.jose.jws.JWSInput)2