Search in sources :

Example 1 with AuthenticationChannelProvider

use of org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelProvider in project keycloak by keycloak.

the class BackchannelAuthenticationEndpoint method processGrantRequest.

@POST
@NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON)
public Response processGrantRequest(@Context HttpRequest httpRequest) {
    CIBAAuthenticationRequest request = authorizeClient(httpRequest.getDecodedFormParameters());
    try {
        String authReqId = request.serialize(session);
        AuthenticationChannelProvider provider = session.getProvider(AuthenticationChannelProvider.class);
        if (provider == null) {
            throw new RuntimeException("Authentication Channel Provider not found.");
        }
        CIBALoginUserResolver resolver = session.getProvider(CIBALoginUserResolver.class);
        if (resolver == null) {
            throw new RuntimeException("CIBA Login User Resolver not setup properly.");
        }
        UserModel user = request.getUser();
        String infoUsedByAuthentication = resolver.getInfoUsedByAuthentication(user);
        if (provider.requestAuthentication(request, infoUsedByAuthentication)) {
            CibaConfig cibaPolicy = realm.getCibaPolicy();
            int poolingInterval = cibaPolicy.getPoolingInterval();
            storeAuthenticationRequest(request, cibaPolicy, authReqId);
            ObjectNode response = JsonSerialization.createObjectNode();
            response.put(CibaGrantType.AUTH_REQ_ID, authReqId).put(OAuth2Constants.EXPIRES_IN, cibaPolicy.getExpiresIn());
            if (poolingInterval > 0) {
                response.put(OAuth2Constants.INTERVAL, poolingInterval);
            }
            return Response.ok(JsonSerialization.writeValueAsBytes(response)).build();
        }
    } catch (Exception e) {
        throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Failed to send authentication request", Response.Status.SERVICE_UNAVAILABLE);
    }
    throw new ErrorResponseException(OAuthErrorException.SERVER_ERROR, "Unexpected response from authentication device", Response.Status.SERVICE_UNAVAILABLE);
}
Also used : UserModel(org.keycloak.models.UserModel) AuthenticationChannelProvider(org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelProvider) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) CIBALoginUserResolver(org.keycloak.protocol.oidc.grants.ciba.resolvers.CIBALoginUserResolver) CibaConfig(org.keycloak.models.CibaConfig) ErrorResponseException(org.keycloak.services.ErrorResponseException) CIBAAuthenticationRequest(org.keycloak.protocol.oidc.grants.ciba.channel.CIBAAuthenticationRequest) OAuthErrorException(org.keycloak.OAuthErrorException) ErrorResponseException(org.keycloak.services.ErrorResponseException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) WebApplicationException(javax.ws.rs.WebApplicationException) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Aggregations

ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 Consumes (javax.ws.rs.Consumes)1 POST (javax.ws.rs.POST)1 Produces (javax.ws.rs.Produces)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 NoCache (org.jboss.resteasy.annotations.cache.NoCache)1 OAuthErrorException (org.keycloak.OAuthErrorException)1 CibaConfig (org.keycloak.models.CibaConfig)1 UserModel (org.keycloak.models.UserModel)1 AuthenticationChannelProvider (org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelProvider)1 CIBAAuthenticationRequest (org.keycloak.protocol.oidc.grants.ciba.channel.CIBAAuthenticationRequest)1 CIBALoginUserResolver (org.keycloak.protocol.oidc.grants.ciba.resolvers.CIBALoginUserResolver)1 ErrorResponseException (org.keycloak.services.ErrorResponseException)1 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)1