Search in sources :

Example 1 with AccountLinkUriRepresentation

use of org.keycloak.representations.account.AccountLinkUriRepresentation in project keycloak by keycloak.

the class LinkedAccountsResource method buildLinkedAccountURI.

@GET
@Path("/{providerId}")
@Produces(MediaType.APPLICATION_JSON)
@Deprecated
public Response buildLinkedAccountURI(@PathParam("providerId") String providerId, @QueryParam("redirectUri") String redirectUri) {
    auth.require(AccountRoles.MANAGE_ACCOUNT);
    if (redirectUri == null) {
        ErrorResponse.error(Messages.INVALID_REDIRECT_URI, Response.Status.BAD_REQUEST);
    }
    String errorMessage = checkCommonPreconditions(providerId);
    if (errorMessage != null) {
        return ErrorResponse.error(errorMessage, Response.Status.BAD_REQUEST);
    }
    if (auth.getSession() == null) {
        return ErrorResponse.error(Messages.SESSION_NOT_ACTIVE, Response.Status.BAD_REQUEST);
    }
    try {
        String nonce = UUID.randomUUID().toString();
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        String input = nonce + auth.getSession().getId() + ACCOUNT_CONSOLE_CLIENT_ID + providerId;
        byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
        String hash = Base64Url.encode(check);
        URI linkUri = Urls.identityProviderLinkRequest(this.session.getContext().getUri().getBaseUri(), providerId, realm.getName());
        linkUri = UriBuilder.fromUri(linkUri).queryParam("nonce", nonce).queryParam("hash", hash).queryParam("client_id", ACCOUNT_CONSOLE_CLIENT_ID).queryParam("redirect_uri", redirectUri).build();
        AccountLinkUriRepresentation rep = new AccountLinkUriRepresentation();
        rep.setAccountLinkUri(linkUri);
        rep.setHash(hash);
        rep.setNonce(nonce);
        return Cors.add(request, Response.ok(rep)).auth().allowedOrigins(auth.getToken()).build();
    } catch (Exception spe) {
        spe.printStackTrace();
        return ErrorResponse.error(Messages.FAILED_TO_PROCESS_RESPONSE, Response.Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : AccountLinkUriRepresentation(org.keycloak.representations.account.AccountLinkUriRepresentation) MessageDigest(java.security.MessageDigest) URI(java.net.URI) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 2 with AccountLinkUriRepresentation

use of org.keycloak.representations.account.AccountLinkUriRepresentation in project keycloak by keycloak.

the class LinkedAccountsRestServiceTest method testBuildLinkedAccountUri.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testBuildLinkedAccountUri() throws IOException {
    AccountLinkUriRepresentation rep = SimpleHttp.doGet(getAccountUrl("linked-accounts/github?redirectUri=phonyUri"), client).auth(tokenUtil.getToken()).asJson(new TypeReference<AccountLinkUriRepresentation>() {
    });
    URI brokerUri = rep.getAccountLinkUri();
    assertTrue(brokerUri.getPath().endsWith("/auth/realms/test/broker/github/link"));
    List<NameValuePair> queryParams = URLEncodedUtils.parse(brokerUri, Charset.defaultCharset());
    assertEquals(4, queryParams.size());
    for (NameValuePair nvp : queryParams) {
        switch(nvp.getName()) {
            case "nonce":
                {
                    assertNotNull(nvp.getValue());
                    assertEquals(rep.getNonce(), nvp.getValue());
                    break;
                }
            case "hash":
                {
                    assertNotNull(nvp.getValue());
                    assertEquals(rep.getHash(), nvp.getValue());
                    break;
                }
            case "client_id":
                assertEquals(ACCOUNT_CONSOLE_CLIENT_ID, nvp.getValue());
                break;
            case "redirect_uri":
                assertEquals("phonyUri", nvp.getValue());
        }
    }
}
Also used : AccountLinkUriRepresentation(org.keycloak.representations.account.AccountLinkUriRepresentation) NameValuePair(org.apache.http.NameValuePair) URI(java.net.URI) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

URI (java.net.URI)2 AccountLinkUriRepresentation (org.keycloak.representations.account.AccountLinkUriRepresentation)2 MessageDigest (java.security.MessageDigest)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 NameValuePair (org.apache.http.NameValuePair)1 Test (org.junit.Test)1 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)1 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)1