Search in sources :

Example 11 with OAuth2DeviceTokenStoreProvider

use of org.keycloak.models.OAuth2DeviceTokenStoreProvider in project keycloak by keycloak.

the class BackchannelAuthenticationEndpoint method storeAuthenticationRequest.

/**
 * TODO: Leverage the device code storage for tracking authentication requests. Not sure if we need a specific storage,
 * but probably make the {@link OAuth2DeviceTokenStoreProvider} more generic for ciba, device, or any other use case
 * that relies on cross-references for unsolicited user authentication requests from devices.
 */
private void storeAuthenticationRequest(CIBAAuthenticationRequest request, CibaConfig cibaConfig, String authReqId) {
    ClientModel client = request.getClient();
    int expiresIn = cibaConfig.getExpiresIn();
    int poolingInterval = cibaConfig.getPoolingInterval();
    String cibaMode = cibaConfig.getBackchannelTokenDeliveryMode(client);
    // Set authReqId just for the ping mode as it is relatively big and not necessarily needed in the infinispan cache for the "poll" mode
    if (!CibaConfig.CIBA_PING_MODE.equals(cibaMode)) {
        authReqId = null;
    }
    OAuth2DeviceCodeModel deviceCode = OAuth2DeviceCodeModel.create(realm, client, request.getId(), request.getScope(), null, expiresIn, poolingInterval, request.getClientNotificationToken(), authReqId, Collections.emptyMap(), null, null);
    String authResultId = request.getAuthResultId();
    OAuth2DeviceUserCodeModel userCode = new OAuth2DeviceUserCodeModel(realm, deviceCode.getDeviceCode(), authResultId);
    // To inform "expired_token" to the client, the lifespan of the cache provider is longer than device code
    int lifespanSeconds = expiresIn + poolingInterval + 10;
    OAuth2DeviceTokenStoreProvider store = session.getProvider(OAuth2DeviceTokenStoreProvider.class);
    store.put(deviceCode, userCode, lifespanSeconds);
}
Also used : OAuth2DeviceTokenStoreProvider(org.keycloak.models.OAuth2DeviceTokenStoreProvider) ClientModel(org.keycloak.models.ClientModel) OAuth2DeviceCodeModel(org.keycloak.models.OAuth2DeviceCodeModel) OAuth2DeviceUserCodeModel(org.keycloak.models.OAuth2DeviceUserCodeModel)

Aggregations

OAuth2DeviceTokenStoreProvider (org.keycloak.models.OAuth2DeviceTokenStoreProvider)11 OAuth2DeviceCodeModel (org.keycloak.models.OAuth2DeviceCodeModel)7 OAuthErrorException (org.keycloak.OAuthErrorException)3 ClientModel (org.keycloak.models.ClientModel)3 ErrorResponseException (org.keycloak.services.ErrorResponseException)3 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)3 UriBuilder (javax.ws.rs.core.UriBuilder)2 ClientSessionContext (org.keycloak.models.ClientSessionContext)2 KeycloakContext (org.keycloak.models.KeycloakContext)2 KeycloakUriInfo (org.keycloak.models.KeycloakUriInfo)2 OAuth2DeviceUserCodeModel (org.keycloak.models.OAuth2DeviceUserCodeModel)2 OAuth2DeviceUserCodeProvider (org.keycloak.models.OAuth2DeviceUserCodeProvider)2 RealmModel (org.keycloak.models.RealmModel)2 UserModel (org.keycloak.models.UserModel)2 UserSessionModel (org.keycloak.models.UserSessionModel)2 CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)2 DefaultClientSessionContext (org.keycloak.services.util.DefaultClientSessionContext)2 IOException (java.io.IOException)1 Consumes (javax.ws.rs.Consumes)1 GET (javax.ws.rs.GET)1