@Override
public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
String service = authSession.getRedirectUri();
OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(),
Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(),
null, null, authSession.getRedirectUri(), null, null);
String code = OAuth2CodeParser.persistCode(session, clientSession, codeData);
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
URI redirectUri = uriBuilder.build();
Response.ResponseBuilder location = Response.status(302).location(redirectUri);
return location.build();
}