How to use org.keycloak.sessions

  private void updateAuthenticationSession() {
    authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL);
    authenticationSession.setRedirectUri(redirectUri);
    authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
  }
}

private static AuthenticationSessionModel.ExecutionStatus fromOrdinal(int ordinal) {
  ExecutionStatus[] values = AuthenticationSessionModel.ExecutionStatus.values();
  return (ordinal < 0 || ordinal >= values.length)
   ? null
   : values[ordinal];
}

public static AuthenticationSessionCompoundId decoded(String rootAuthSessionId, String tabId, String clientUUID) {
  String encodedId = rootAuthSessionId + "." + tabId + "." + clientUUID;
  return new AuthenticationSessionCompoundId(rootAuthSessionId, tabId, clientUUID, encodedId);
}

public static AuthenticationSessionCompoundId fromAuthSession(AuthenticationSessionModel authSession) {
  return decoded(authSession.getParentSession().getId(), authSession.getTabId(), authSession.getClient().getId());
}

@Override
public void updateNonlocalSessionAuthNotes(AuthenticationSessionCompoundId compoundId, Map<String, String> authNotesFragment) {
  if (compoundId == null) {
    return;
  }
  ClusterProvider cluster = session.getProvider(ClusterProvider.class);
  cluster.notify(
   InfinispanAuthenticationSessionProviderFactory.AUTHENTICATION_SESSION_EVENTS,
   AuthenticationSessionAuthNoteUpdateEvent.create(compoundId.getRootSessionId(), compoundId.getTabId(), compoundId.getClientUUID(), authNotesFragment),
   true,
   ClusterProvider.DCNotify.ALL_BUT_LOCAL_DC
  );
}

@Override
public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession) {
  return "true".equals(authSession.getClientNote(CASLoginProtocol.RENEW_PARAM));
}

@Override
public void removeRootAuthenticationSession(RealmModel realm, RootAuthenticationSessionModel authenticationSession) {
  tx.remove(cache, authenticationSession.getId());
}

@Override
public AuthenticationSessionModel getAuthenticationSession(ClientModel client, String tabId) {
  if (client == null || tabId == null) {
    return null;
  }
  AuthenticationSessionModel authSession = getAuthenticationSessions().get(tabId);
  if (authSession != null && client.equals(authSession.getClient())) {
    return authSession;
  } else {
    return null;
  }
}

  public static void addMainSecretToUserSession(UserSecretAdapter userSecretStorage, AuthenticationFlowContext context, UserModel user, UserCredentialModel credentialModel ){
    String userSecret = userSecretStorage.retrieveMainSecret(context.getRealm(), user, credentialModel);
    // copy notes into the user session
    // Hint: it might have been interesting to distinguish between the different type of notes
    // that can be returned by a user storage provider like:
    // - UserSesionNote
    // - AuthNote
    // - ClientNote
    // Hint: even roles could be transported using these notes.
    Object scope = credentialModel.getNote(Constants.CUSTOM_SCOPE_NOTE_KEY);
    if (userSecret != null) {
      context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.USER_MAIN_SECRET_NOTE_KEY,userSecret);
    }
    if(scope!=null){
      context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.AUTH_SESSION_SCOPE_NOTE_KEY,scope.toString());
    }
  }
}

@Override
public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
  AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession();
  String service = authSession.getRedirectUri();
  //TODO validate service
  OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(),
      Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(),
      null, null, authSession.getRedirectUri(), null, null);
  String code = OAuth2CodeParser.persistCode(session, clientSession, codeData);
  KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
  uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
  URI redirectUri = uriBuilder.build();
  Response.ResponseBuilder location = Response.status(302).location(redirectUri);
  return location.build();
}

private <K> K generateKey(KeycloakSession session, Cache<K, ?> cache, KeyGenerator<K> keyGenerator) {
  String cacheName = cache.getName();
  // "wantsLocalKey" is true if route is not attached to the sticky session cookie. Without attached route, We want the key, which will be "owned" by this node.
  // This is needed due the fact that external loadbalancer will attach route corresponding to our node, which will be the owner of the particular key, hence we
  // will be able to lookup key locally.
  boolean wantsLocalKey = !session.getProvider(StickySessionEncoderProvider.class).shouldAttachRoute();
  if (wantsLocalKey && cache.getCacheConfiguration().clustering().cacheMode().isClustered()) {
    KeyAffinityService<K> keyAffinityService = keyAffinityServices.get(cacheName);
    if (keyAffinityService == null) {
      keyAffinityService = createKeyAffinityService(cache, keyGenerator);
      keyAffinityServices.put(cacheName, keyAffinityService);
      log.debugf("Registered key affinity service for cache '%s'", cacheName);
    }
    return keyAffinityService.getKeyForAddress(cache.getCacheManager().getAddress());
  } else {
    return keyGenerator.getKey();
  }
}

@GET
public Response build() {
  MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
  String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
  boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
  boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);
  checkSsl();
  checkRealm();
  checkClient(service);
  authenticationSession = createAuthenticationSession(client, null);
  updateAuthenticationSession();
  // So back button doesn't work
  CacheControlUtil.noBackButtonCacheControlHeader();
  if (renew) {
    authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true");
  }
  this.event.event(EventType.LOGIN);
  return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false);
}

public static Optional<String> readScope(AuthenticationFlowContext context) {
  Object scope = context.getAuthenticationSession().getClientNote(OAuth2Constants.SCOPE);
  return Optional.ofNullable(scope)
      .map(Object::toString);
}

public static AuthenticationSessionCompoundId encoded(String encodedId) {
  String[] decoded = DOT.split(encodedId, 3);
  String rootAuthSessionId =(decoded.length > 0) ? decoded[0] : null;
  String tabId = (decoded.length > 1) ? decoded[1] : null;
  String clientUUID = (decoded.length > 2) ? decoded[2] : null;
  return new AuthenticationSessionCompoundId(rootAuthSessionId, tabId, clientUUID, encodedId);
}