private String verifyAccessToken(PublicKey key, AccessTokenResponse tokenResponse) { String accessToken = tokenResponse.getToken(); if (accessToken == null) { throw new IdentityBrokerException("No access_token from server."); } return accessToken; }
@Override public Response performLogin(AuthenticationRequest request) { try { URI authorizationUrl = createAuthorizationUrl(request).build(); return Response.temporaryRedirect(authorizationUrl).build(); } catch (Exception e) { throw new IdentityBrokerException("Could not create authentication request.", e); } }
protected BrokeredIdentityContext getFederatedIdentity(String response) { String accessToken = extractTokenFromResponse(response, OAUTH2_PARAMETER_ACCESS_TOKEN); if (accessToken == null) { throw new IdentityBrokerException("No access token available in OAuth server response: " + response); } return doGetFederatedIdentity(accessToken); }
protected String extractTokenFromResponse(String response, String tokenName) { if(response == null) return null; if (response.startsWith("{")) { try { JsonNode node = mapper.readTree(response); if(node.has(tokenName)){ String s = node.get(tokenName).getTextValue(); if(s == null || s.trim().isEmpty()) return null; return s; } else { return null; } } catch (IOException e) { throw new IdentityBrokerException("Could not extract token [" + tokenName + "] from response [" + response + "] due: " + e.getMessage(), e); } } else { Matcher matcher = Pattern.compile(tokenName + "=([^&]+)").matcher(response); if (matcher.find()) { return matcher.group(1); } } return null; }
@Override public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); if (hasClaimValue(mapperModel, context)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); user.grantRole(role); } }
@Override public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); if (!hasClaimValue(mapperModel, context)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); user.deleteRoleMapping(role); } }
protected JsonWebToken validateToken(PublicKey key, String encodedToken) { if (encodedToken == null) { throw new IdentityBrokerException("No token from server."); JWSInput jws = new JWSInput(encodedToken); if (!verify(jws, key)) { throw new IdentityBrokerException("token signature validation failed"); throw new IdentityBrokerException("Invalid token", e); throw new IdentityBrokerException("Wrong audience from token."); throw new IdentityBrokerException("Token is no longer valid"); throw new IdentityBrokerException("Wrong issuer from token. Got: " + iss + " expected: " + getConfig().getIssuer());
private RoleModel hasRole(RealmModel realm,IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { JsonWebToken token = (JsonWebToken)context.getContextData().get(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN); //if (token == null) return; String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); String[] parseRole = KeycloakModelUtils.parseRole(mapperModel.getConfig().get(EXTERNAL_ROLE)); String externalRoleName = parseRole[1]; String claimName = null; if (parseRole[0] == null) { claimName = "realm_access.roles"; } else { claimName = "resource_access." + parseRole[0] + ".roles"; } Object claim = getClaimValue(token, claimName); if (valueEquals(externalRoleName, claim)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); return role; } return null; }
@Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { log.debug("doGetFederatedIdentity()"); try { String URL = PROFILE_URL + "&access_token=" + accessToken + "&key=" + getConfig().getKey(); if (log.isDebugEnabled()) { log.debug("StackOverflow profile request to: " + URL); } JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL)).get("items").get(0); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id")); String username = extractUsernameFromProfileURL(getJsonProperty(profile, "link")); user.setUsername(username); user.setName(unescapeHtml3(getJsonProperty(profile, "display_name"))); // email is not provided // user.setEmail(getJsonProperty(profile, "email")); user.setIdpConfig(getConfig()); user.setIdp(this); AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias()); return user; } catch (Exception e) { throw new IdentityBrokerException("Could not obtain user profile from Stackoverflow: " + e.getMessage(), e); } }
@Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { try { String URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(accessToken, "UTF-8"); if (log.isDebugEnabled()) { log.debug("Microsoft Live user profile request to: " + URL); } JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL)); String id = getJsonProperty(profile, "id"); String email = null; if (profile.has("emails")) { email = getJsonProperty(profile.get("emails"), "preferred"); } BrokeredIdentityContext user = new BrokeredIdentityContext(id); user.setUsername(email != null ? email : id); user.setFirstName(getJsonProperty(profile, "first_name")); user.setLastName(getJsonProperty(profile, "last_name")); if (email != null) user.setEmail(email); user.setIdpConfig(getConfig()); user.setIdp(this); AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias()); return user; } catch (Exception e) { throw new IdentityBrokerException("Could not obtain user profile from Microsoft Live ID.", e); } }
@Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { log.debug("doGetFederatedIdentity()"); try { JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken)); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); String username = extractUsernameFromProfileURL(getJsonProperty(profile, "publicProfileUrl")); user.setUsername(username); user.setName(getJsonProperty(profile, "formattedName")); user.setEmail(getJsonProperty(profile, "emailAddress")); user.setIdpConfig(getConfig()); user.setIdp(this); AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias()); return user; } catch (Exception e) { throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e); } }
tokenResponse = JsonSerialization.readValue(response, AccessTokenResponse.class); } catch (IOException e) { throw new IdentityBrokerException("Could not decode access token response.", e); throw new IdentityBrokerException("Could not fetch attributes from userinfo endpoint.", e);
@Override protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { try { JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken)); BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); String username = getJsonProperty(profile, "login"); user.setUsername(username); user.setName(getJsonProperty(profile, "name")); user.setEmail(getJsonProperty(profile, "email")); user.setIdpConfig(getConfig()); user.setIdp(this); AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias()); return user; } catch (Exception e) { throw new IdentityBrokerException("Could not obtain user profile from github.", e); } }