private Collection<? extends Role> createRoles(final AccessToken accessToken) { Set<String> roleNames = new HashSet<String>(); //Add app roles first, if any AccessToken.Access access = accessToken.getResourceAccess(accessToken.getIssuedFor()); if (access != null && access.getRoles() != null){ roleNames.addAll(access.getRoles()); } //Add realm roles next, if any AccessToken.Access realmAccess = accessToken.getRealmAccess(); if (realmAccess != null && realmAccess.getRoles() != null){ roleNames.addAll(realmAccess.getRoles()); } final List<Role> roles = new ArrayList<Role>(roleNames.size()); for (final String roleName : roleNames) { roles.add(new RoleImpl(roleName)); } return roles; }
@Override public String createSignupLink(HttpServletRequest request, Principal principal, Provider providerEnum, String redirectUrl) { String provider = providerEnum.name().toLowerCase(); AccessToken token = ((KeycloakAuthenticationToken) principal).getAccount().getKeycloakSecurityContext().getToken(); String clientId = token.getIssuedFor(); String nonce = UUID.randomUUID().toString(); MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } String input = nonce + token.getSessionState() + clientId + provider; byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8)); String hash = Base64Url.encode(check); request.getSession().setAttribute("hash", hash); return KeycloakUriBuilder.fromUri(keycloakUrl) .path("/realms/{realm}/broker/{provider}/link") .queryParam("nonce", nonce) .queryParam("hash", hash) .queryParam("client_id", clientId) .queryParam("redirect_uri", getRedirectUrl(request, provider, redirectUrl)).build("fundrequest", provider).toString(); }
AccessToken token = session.getToken(); String clientId = token.getIssuedFor(); MessageDigest md = null; try {
ClientModel clientModel = realm.getClientByClientId(token.getIssuedFor());
public PermissionTicketToken(List<Permission> permissions, String audience, AccessToken accessToken) { if (accessToken != null) { id(TokenIdGenerator.generateId()); subject(accessToken.getSubject()); expiration(accessToken.getExpiration()); notBefore(accessToken.getNotBefore()); issuedAt(accessToken.getIssuedAt()); issuedFor(accessToken.getIssuedFor()); } if (audience != null) { audience(audience); } this.permissions = permissions; }