Java Code Examples for org.keycloak.representations.AccessToken#subject()

The following examples show how to use org.keycloak.representations.AccessToken#subject() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: IdentityServiceRemoteUserMapperTest.java    From alfresco-repository with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Utility method to create tokens for testing.
 * 
 * @param expired Determines whether to create an expired JWT
 * @return The string representation of the JWT
 */
private String generateToken(boolean expired) throws Exception
{
    String issuerUrl = this.identityServiceConfig.getAuthServerUrl() + "/realms/" + this.identityServiceConfig.getRealm();
    
    AccessToken token = new AccessToken();
    token.type("Bearer");
    token.id("1234");
    token.subject("abc123");
    token.issuer(issuerUrl);
    token.setPreferredUsername(TEST_USER_USERNAME);
    token.setEmail(TEST_USER_EMAIL);
    token.setGivenName("Joe");
    token.setFamilyName("Bloggs");
    
    if (expired)
    {
        token.expiration(Time.currentTime() - 60);
    }

    String jwt = new JWSBuilder()
            .jsonContent(token)
            .rsa256(keyPair.getPrivate());
    
    return jwt;
}
 
Example 2
Source File: ClaimInformationPointProviderTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private HttpFacade createHttpFacade(Map<String, List<String>> headers, InputStream requestBody) {
    return new OIDCHttpFacade() {
        private Request request;

        @Override
        public KeycloakSecurityContext getSecurityContext() {
            AccessToken token = new AccessToken();

            token.subject("sub");
            token.setPreferredUsername("username");
            token.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));

            IDToken idToken = new IDToken();

            idToken.subject("sub");
            idToken.setPreferredUsername("username");
            idToken.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));

            return new KeycloakSecurityContext("tokenString", token, "idTokenString", idToken);
        }

        @Override
        public Request getRequest() {
            if (request == null) {
                request = createHttpRequest(headers, requestBody);
            }
            return request;
        }

        @Override
        public Response getResponse() {
            return createHttpResponse();
        }

        @Override
        public X509Certificate[] getCertificateChain() {
            return new X509Certificate[0];
        }
    };
}
 
Example 3
Source File: TokenManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user, UserSessionModel session,
                                ClientSessionContext clientSessionCtx, UriInfo uriInfo) {
    AccessToken token = new AccessToken();
    token.id(KeycloakModelUtils.generateId());
    token.type(TokenUtil.TOKEN_TYPE_BEARER);
    token.subject(user.getId());
    token.issuedNow();
    token.issuedFor(client.getClientId());

    AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
    token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER));
    token.setNonce(clientSessionCtx.getAttribute(OIDCLoginProtocol.NONCE_PARAM, String.class));
    token.setScope(clientSessionCtx.getScopeString());

    // Best effort for "acr" value. Use 0 if clientSession was authenticated through cookie ( SSO )
    // TODO: Add better acr support. See KEYCLOAK-3314
    String acr = (AuthenticationManager.isSSOAuthentication(clientSession)) ? "0" : "1";
    token.setAcr(acr);

    String authTime = session.getNote(AuthenticationManager.AUTH_TIME);
    if (authTime != null) {
        token.setAuthTime(Integer.parseInt(authTime));
    }


    token.setSessionState(session.getId());
    ClientScopeModel offlineAccessScope = KeycloakModelUtils.getClientScopeByName(realm, OAuth2Constants.OFFLINE_ACCESS);
    boolean offlineTokenRequested = offlineAccessScope == null ? false
        : clientSessionCtx.getClientScopeIds().contains(offlineAccessScope.getId());
    token.expiration(getTokenExpiration(realm, client, session, clientSession, offlineTokenRequested));

    return token;
}