/** * Invalidates the current token, but only when it is equal to the token passed as an argument. * * @param token the token to invalidate (cannot be null). */ public synchronized void invalidate(String token) { if (currentToken == null) { return; // There's nothing to invalidate. } if (token.equals(currentToken.getToken())) { // When used next, this cause a refresh attempt, that in turn will cause a grant attempt if refreshing fails. expirationTime = -1; } } }
private String verifyAccessToken(PublicKey key, AccessTokenResponse tokenResponse) { String accessToken = tokenResponse.getToken(); if (accessToken == null) { throw new IdentityBrokerException("No access_token from server."); } return accessToken; }
private String getTokenString() { AccessTokenResponse token = getAccessTokenResponse(); return "Bearer " + token.getToken(); }
public String getAccessTokenString() { return getAccessToken().getToken(); }
public static String getAccessToken() { LOG.fine("Creating authorization client..."); // create a new instance based on the configuration define at keycloak-authz.json AuthzClient authzClient = AuthzClient.create(); LOG.fine("Requesting token..."); String token = authzClient.obtainAccessToken(DEFAULT_USER, DEFAULT_PASSWORD).getToken(); LOG.fine("Retrieved token: " + token); return token; } }
@Override protected void processAccessTokenResponse(BrokeredIdentityContext context, PublicKey idpKey, AccessTokenResponse response) { JsonWebToken access = validateToken(idpKey, response.getToken()); context.getContextData().put(VALIDATED_ACCESS_TOKEN, access); }
public String getAccessToken() { logger.debug("Creating Auth0 Api Token"); try { InputStream inputStream = new ClassPathResource("keycloak.json", this.getClass().getClassLoader()).getInputStream(); AuthzClient authzClient = AuthzClient.create(JsonSerialization.readValue(inputStream, Configuration.class)); AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken(); if (accessTokenResponse != null) return accessTokenResponse.getToken(); } catch (IOException e) { logger.error("Could not read keycloak.json", e); return null; } return null; }
@Override public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bytes, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException { AccessTokenResponse token = getAccessTokenResponse(); httpRequest.getHeaders().set(AUTHORIZATION_HEADER, "Bearer " + token.getToken()); return clientHttpRequestExecution.execute(httpRequest, bytes); }
@Override public void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context) { AccessTokenResponse tokenResponse = (AccessTokenResponse)context.getContextData().get(FEDERATED_ACCESS_TOKEN_RESPONSE); userSession.setNote(FEDERATED_ACCESS_TOKEN, tokenResponse.getToken()); userSession.setNote(FEDERATED_ID_TOKEN, tokenResponse.getIdToken()); }
return tokenResponse.getToken();
public String resolveBearerToken(String redirectUri, String code) { redirectUri = stripOauthParametersFromRedirect(redirectUri); Form codeForm = new Form() .param(OAuth2Constants.GRANT_TYPE, "authorization_code") .param(OAuth2Constants.CODE, code) .param(OAuth2Constants.CLIENT_ID, clientId) .param(OAuth2Constants.REDIRECT_URI, redirectUri); for (Map.Entry<String, Object> entry : credentials.entrySet()) { codeForm.param(entry.getKey(), (String) entry.getValue()); } Response res = client.target(tokenUrl).request().post(Entity.form(codeForm)); try { if (res.getStatus() == 400) { throw new BadRequestException(); } else if (res.getStatus() != 200) { throw new InternalServerErrorException(new Exception("Unknown error when getting acess token")); } AccessTokenResponse tokenResponse = res.readEntity(AccessTokenResponse.class); return tokenResponse.getToken(); } finally { res.close(); } } public Response redirect(UriInfo uriInfo, String redirectUri) {
public String getAuthToken() { AccessTokenResponse keycloakToken = KeycloakClient.getAuthTokensBySecret( keycloakServiceAccountConfig.getAuthServerUrl(), keycloakServiceAccountConfig.getRealm(), keycloakServiceAccountConfig.getResource(), keycloakServiceAccountConfig.getSecret(), keycloakServiceAccountConfig.getSslRequired()); return keycloakToken.getToken(); } }
private void parseAccessToken(AccessTokenResponse tokenResponse) throws VerificationException { tokenString = tokenResponse.getToken(); refreshToken = tokenResponse.getRefreshToken(); idTokenString = tokenResponse.getIdToken(); token = RSATokenVerifier.verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealm()); if (idTokenString != null) { JWSInput input = new JWSInput(idTokenString); try { idToken = input.readJsonContent(IDToken.class); } catch (IOException e) { throw new VerificationException(); } } }
public static void saveTokens(AccessTokenResponse tokens, String endpoint, String realm, String clientId, String signKey, Long sigExpiresAt, String secret) { handler.saveMergeConfig(config -> { config.setServerUrl(endpoint); config.setRealm(realm); RealmConfigData realmConfig = config.ensureRealmConfigData(endpoint, realm); realmConfig.setToken(tokens.getToken()); realmConfig.setRefreshToken(tokens.getRefreshToken()); realmConfig.setSigningToken(signKey); realmConfig.setSecret(secret); realmConfig.setExpiresAt(System.currentTimeMillis() + tokens.getExpiresIn() * 1000); realmConfig.setRefreshExpiresAt(tokens.getRefreshExpiresIn() == 0 ? Long.MAX_VALUE : System.currentTimeMillis() + tokens.getRefreshExpiresIn() * 1000); realmConfig.setSigExpiresAt(sigExpiresAt); realmConfig.setClientId(clientId); }); }
public static void saveTokens(AccessTokenResponse tokens, String endpoint, String realm, String clientId, String signKey, Long sigExpiresAt, String secret) { handler.saveMergeConfig(config -> { config.setServerUrl(endpoint); config.setRealm(realm); RealmConfigData realmConfig = config.ensureRealmConfigData(endpoint, realm); realmConfig.setToken(tokens.getToken()); realmConfig.setRefreshToken(tokens.getRefreshToken()); realmConfig.setSigningToken(signKey); realmConfig.setSecret(secret); realmConfig.setExpiresAt(System.currentTimeMillis() + tokens.getExpiresIn() * 1000); realmConfig.setRefreshExpiresAt(tokens.getRefreshExpiresIn() == 0 ? Long.MAX_VALUE : System.currentTimeMillis() + tokens.getRefreshExpiresIn() * 1000); realmConfig.setSigExpiresAt(sigExpiresAt); realmConfig.setClientId(clientId); }); }
public AuthorizationResponse(AccessTokenResponse response, boolean upgraded) { setToken(response.getToken()); setTokenType("Bearer"); setRefreshToken(response.getRefreshToken()); setRefreshExpiresIn(response.getRefreshExpiresIn()); setExpiresIn(response.getExpiresIn()); setNotBeforePolicy(response.getNotBeforePolicy()); this.upgraded = upgraded; }