Java Code Examples for org.keycloak.representations.AccessToken#subject()
The following examples show how to use
org.keycloak.representations.AccessToken#subject() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: IdentityServiceRemoteUserMapperTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
/**
* Utility method to create tokens for testing.
*
* @param expired Determines whether to create an expired JWT
* @return The string representation of the JWT
*/
private String generateToken(boolean expired) throws Exception
{
String issuerUrl = this.identityServiceConfig.getAuthServerUrl() + "/realms/" + this.identityServiceConfig.getRealm();
AccessToken token = new AccessToken();
token.type("Bearer");
token.id("1234");
token.subject("abc123");
token.issuer(issuerUrl);
token.setPreferredUsername(TEST_USER_USERNAME);
token.setEmail(TEST_USER_EMAIL);
token.setGivenName("Joe");
token.setFamilyName("Bloggs");
if (expired)
{
token.expiration(Time.currentTime() - 60);
}
String jwt = new JWSBuilder()
.jsonContent(token)
.rsa256(keyPair.getPrivate());
return jwt;
}
Example 2
| Source File: ClaimInformationPointProviderTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private HttpFacade createHttpFacade(Map<String, List<String>> headers, InputStream requestBody) {
return new OIDCHttpFacade() {
private Request request;
@Override
public KeycloakSecurityContext getSecurityContext() {
AccessToken token = new AccessToken();
token.subject("sub");
token.setPreferredUsername("username");
token.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
IDToken idToken = new IDToken();
idToken.subject("sub");
idToken.setPreferredUsername("username");
idToken.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
return new KeycloakSecurityContext("tokenString", token, "idTokenString", idToken);
}
@Override
public Request getRequest() {
if (request == null) {
request = createHttpRequest(headers, requestBody);
}
return request;
}
@Override
public Response getResponse() {
return createHttpResponse();
}
@Override
public X509Certificate[] getCertificateChain() {
return new X509Certificate[0];
}
};
}
Example 3
| Source File: TokenManager.java From keycloak with Apache License 2.0 | 5 votes |
|
protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user, UserSessionModel session,
ClientSessionContext clientSessionCtx, UriInfo uriInfo) {
AccessToken token = new AccessToken();
token.id(KeycloakModelUtils.generateId());
token.type(TokenUtil.TOKEN_TYPE_BEARER);
token.subject(user.getId());
token.issuedNow();
token.issuedFor(client.getClientId());
AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER));
token.setNonce(clientSessionCtx.getAttribute(OIDCLoginProtocol.NONCE_PARAM, String.class));
token.setScope(clientSessionCtx.getScopeString());
// Best effort for "acr" value. Use 0 if clientSession was authenticated through cookie ( SSO )
// TODO: Add better acr support. See KEYCLOAK-3314
String acr = (AuthenticationManager.isSSOAuthentication(clientSession)) ? "0" : "1";
token.setAcr(acr);
String authTime = session.getNote(AuthenticationManager.AUTH_TIME);
if (authTime != null) {
token.setAuthTime(Integer.parseInt(authTime));
}
token.setSessionState(session.getId());
ClientScopeModel offlineAccessScope = KeycloakModelUtils.getClientScopeByName(realm, OAuth2Constants.OFFLINE_ACCESS);
boolean offlineTokenRequested = offlineAccessScope == null ? false
: clientSessionCtx.getClientScopeIds().contains(offlineAccessScope.getId());
token.expiration(getTokenExpiration(realm, client, session, clientSession, offlineTokenRequested));
return token;
}
