protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl) { JsonWebToken reqToken = new JsonWebToken(); reqToken.id(AdapterUtils.generateId()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); reqToken.expiration(now + this.tokenTimeout); reqToken.notBefore(now); return reqToken; } }
String iss = token.getIssuer(); if (!token.hasAudience(getConfig().getClientId())) { throw new IdentityBrokerException("Wrong audience from token."); if (!token.isActive()) { throw new IdentityBrokerException("Token is no longer valid");
@Override public DockerResponseToken expiration(final int expiration) { super.expiration(expiration); return this; }
@Override public DockerResponseToken issuedAt(final int issuedAt) { super.issuedAt(issuedAt); return this; }
@Override public DockerResponseToken id(final String id) { super.id(id); return this; }
@Override public DockerResponseToken notBefore(final int notBefore) { super.notBefore(notBefore); return this; }
@Override public DockerResponseToken issuer(final String issuer) { super.issuer(issuer); return this; }
@Override public DockerResponseToken audience(final String... audience) { super.audience(audience); return this; }
@Override public DockerResponseToken subject(final String subject) { super.subject(subject); return this; }
String id = idToken.getSubject(); BrokeredIdentityContext identity = new BrokeredIdentityContext(id); String name = (String)idToken.getOtherClaims().get(IDToken.NAME); String preferredUsername = (String)idToken.getOtherClaims().get(IDToken.PREFERRED_USERNAME); String email = (String)idToken.getOtherClaims().get(IDToken.EMAIL);
@Override public boolean test(JsonWebToken t) throws VerificationException { String subject = t.getSubject(); if (subject == null) { throw new VerificationException("Subject missing in token"); } return true; } };
@Override public boolean test(JsonWebToken t) throws VerificationException { if (this.realmUrl == null) { throw new VerificationException("Realm URL not set"); } if (! this.realmUrl.equals(t.getIssuer())) { throw new VerificationException("Invalid token issuer. Expected '" + this.realmUrl + "', but was '" + t.getIssuer() + "'"); } return true; } };
private JsonWebToken createRequestToken(String clientId, String realmInfoUrl) { // According to <a href="http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication">OIDC's client authentication spec</a>, // JWT claims is the same as one by private_key_jwt JsonWebToken reqToken = new JsonWebToken(); reqToken.id(AdapterUtils.generateId()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); // the same as in KEYCLOAK-2986, JWTClientCredentialsProvider's timeout field reqToken.expiration(now + 10); reqToken.notBefore(now); return reqToken; }
public static String getSignedRequestToken(String keystore, String storePass, String keyPass, String alias, int sigLifetime, String clientId, String realmInfoUrl) { KeyPair keypair = KeystoreUtil.loadKeyPairFromKeystore(keystore, storePass, keyPass, alias, KeystoreUtil.KeystoreFormat.JKS); JsonWebToken reqToken = new JsonWebToken(); reqToken.id(UUID.randomUUID().toString()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); reqToken.expiration(now + sigLifetime); reqToken.notBefore(now); String signedRequestToken = new JWSBuilder() .jsonContent(reqToken) .rsa256(keypair.getPrivate()); return signedRequestToken; } }
public static String getSignedRequestToken(String keystore, String storePass, String keyPass, String alias, int sigLifetime, String clientId, String realmInfoUrl) { KeyPair keypair = KeystoreUtil.loadKeyPairFromKeystore(keystore, storePass, keyPass, alias, KeystoreUtil.KeystoreFormat.JKS); JsonWebToken reqToken = new JsonWebToken(); reqToken.id(UUID.randomUUID().toString()); reqToken.issuer(clientId); reqToken.subject(clientId); reqToken.audience(realmInfoUrl); int now = Time.currentTime(); reqToken.issuedAt(now); reqToken.expiration(now + sigLifetime); reqToken.notBefore(now); String signedRequestToken = new JWSBuilder() .jsonContent(reqToken) .rsa256(keypair.getPrivate()); return signedRequestToken; } }