Java Code Examples for org.keycloak.representations.AccessTokenResponse#getIdToken()

The following examples show how to use org.keycloak.representations.AccessTokenResponse#getIdToken() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KeycloakSpringAdapterUtils.java    From smartling-keycloak-extras with Apache License 2.0 6 votes vote down vote up 
/**
 * Creates a new {@link RefreshableKeycloakSecurityContext} from the given {@link KeycloakDeployment} and {@link AccessTokenResponse}.
 *
 * @param deployment the <code>KeycloakDeployment</code> for which to create a <code>RefreshableKeycloakSecurityContext</code> (required)
 * @param accessTokenResponse the <code>AccessTokenResponse</code> from which to create a RefreshableKeycloakSecurityContext (required)
 *
 * @return a <code>RefreshableKeycloakSecurityContext</code> created from the given <code>accessTokenResponse</code>
 * @throws VerificationException if the given <code>AccessTokenResponse</code> contains an invalid {@link IDToken}
 */
public static RefreshableKeycloakSecurityContext createKeycloakSecurityContext(KeycloakDeployment deployment, AccessTokenResponse accessTokenResponse) throws VerificationException {
    String tokenString = accessTokenResponse.getToken();
    String idTokenString = accessTokenResponse.getIdToken();
    AccessToken accessToken = RSATokenVerifier
            .verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealmInfoUrl());
    IDToken idToken;

    try {
        JWSInput input = new JWSInput(idTokenString);
        idToken = input.readJsonContent(IDToken.class);
    } catch (JWSInputException e) {
        throw new VerificationException("Unable to verify ID token", e);
    }

    // FIXME: does it make sense to pass null for the token store?
    return new RefreshableKeycloakSecurityContext(deployment, null, tokenString, accessToken, idTokenString, idToken, accessTokenResponse.getRefreshToken());
}
Example 2
Source File: OIDCIdentityProvider.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
private String getIDTokenForLogout(KeycloakSession session, UserSessionModel userSession) {
    String tokenExpirationString = userSession.getNote(FEDERATED_TOKEN_EXPIRATION);
    long exp = tokenExpirationString == null ? 0 : Long.parseLong(tokenExpirationString);
    int currentTime = Time.currentTime();
    if (exp > 0 && currentTime > exp) {
        String response = refreshTokenForLogout(session, userSession);
        AccessTokenResponse tokenResponse = null;
        try {
            tokenResponse = JsonSerialization.readValue(response, AccessTokenResponse.class);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return tokenResponse.getIdToken();
    } else {
        return userSession.getNote(FEDERATED_ID_TOKEN);

    }
}
Example 3
Source File: KeycloakInstalled.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void parseAccessToken(AccessTokenResponse tokenResponse) throws VerificationException {
    this.tokenResponse = tokenResponse;
    tokenString = tokenResponse.getToken();
    refreshToken = tokenResponse.getRefreshToken();
    idTokenString = tokenResponse.getIdToken();

    AdapterTokenVerifier.VerifiedTokens tokens = AdapterTokenVerifier.verifyTokens(tokenString, idTokenString, deployment);
    token = tokens.getAccessToken();
    idToken = tokens.getIdToken();
}
Example 4
Source File: BrokerLinkAndTokenExchangeTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
private void checkFeature(int statusCode) throws Exception {
    String accessToken = oauth.doGrantAccessTokenRequest(PARENT_IDP, PARENT2_USERNAME, "password", null, PARENT_CLIENT, "password").getAccessToken();

    if (statusCode != Response.Status.NOT_IMPLEMENTED.getStatusCode()) {
        Assert.assertEquals(0, adminClient.realm(CHILD_IDP).getClientSessionStats().size());
    }

    Client httpClient = ClientBuilder.newClient();
    try {
        WebTarget exchangeUrl = childTokenExchangeWebTarget(httpClient);
        {
            IdentityProviderRepresentation rep = adminClient.realm(CHILD_IDP).identityProviders().get(PARENT_IDP).toRepresentation();
            rep.getConfig().put(OIDCIdentityProviderConfig.VALIDATE_SIGNATURE, String.valueOf(false));
            adminClient.realm(CHILD_IDP).identityProviders().get(PARENT_IDP).update(rep);
            // test user info validation.
            Response response = exchangeUrl.request()
                    .header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(ClientApp.DEPLOYMENT_NAME, "password"))
                    .post(Entity.form(
                            new Form()
                                    .param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE)
                                    .param(OAuth2Constants.SUBJECT_TOKEN, accessToken)
                                    .param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.JWT_TOKEN_TYPE)
                                    .param(OAuth2Constants.SUBJECT_ISSUER, PARENT_IDP)
                                    .param(OAuth2Constants.SCOPE, OAuth2Constants.SCOPE_OPENID)

                    ));
            Assert.assertEquals(statusCode, response.getStatus());

            if (statusCode != Response.Status.NOT_IMPLEMENTED.getStatusCode()) {
                AccessTokenResponse tokenResponse = response.readEntity(AccessTokenResponse.class);
                String idToken = tokenResponse.getIdToken();
                Assert.assertNotNull(idToken);
                response.close();

                Assert.assertEquals(1, adminClient.realm(CHILD_IDP).getClientSessionStats().size());

                // test logout
                response = childLogoutWebTarget(httpClient)
                        .queryParam("id_token_hint", idToken)
                        .request()
                        .get();
                response.close();

                Assert.assertEquals(0, adminClient.realm(CHILD_IDP).getClientSessionStats().size());
            }
        }
    } finally {
        httpClient.close();
    }
}