Java Code Examples for org.keycloak.representations.AccessToken#getScope()
The following examples show how to use
org.keycloak.representations.AccessToken#getScope() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TokenInfo.java From strimzi-kafka-oauth with Apache License 2.0 | 5 votes |
|
public TokenInfo(AccessToken payload, String token, String principal) {
this(token,
payload.getScope(),
principal,
payload.getIat() == null ? 0 : payload.getIat() * 1000L,
payload.getExp() == null ? 0 : payload.getExp() * 1000L);
this.payload = payload;
}
Example 2
| Source File: ClientClientScopesTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void testEvaluateClientScopes() throws IOException {
clientScopesEvaluatePage.setId(found.getId());
clientScopesEvaluatePage.navigateTo();
ClientScopesEvaluateForm evaluateForm = clientScopesEvaluatePage.form();
// Check the defaults
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "address", "phone", "offline_access", "microprofile-jwt");
Assert.assertNames(evaluateForm.getAssignedClientScopes());
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "profile", "email", "roles", "web-origins");
// Add some optional scopes to the evaluation
evaluateForm.setAssignedClientScopes(Arrays.asList("address", "phone"));
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "offline_access", "microprofile-jwt");
Assert.assertNames(evaluateForm.getAssignedClientScopes(), "address", "phone");
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "address", "phone", "profile", "email", "roles", "web-origins");
// Remove optional 'phone' scope from the evaluation
evaluateForm.setAssignedClientScopes(Arrays.asList("address", "offline_access"));
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "phone", "microprofile-jwt");
Assert.assertNames(evaluateForm.getAssignedClientScopes(), "address", "offline_access");
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "address", "offline_access", "profile", "email", "roles", "web-origins");
// Select some user
evaluateForm.selectUser("test");
// Submit
evaluateForm.evaluate();
// Test protocolMappers of 'address' , 'profile' and 'email' scopes are included
Set<String> protocolMappers = evaluateForm.getEffectiveProtocolMapperNames();
Assert.assertTrue(protocolMappers.contains("address"));
Assert.assertTrue(protocolMappers.contains("email"));
Assert.assertTrue(protocolMappers.contains("email verified"));
Assert.assertTrue(protocolMappers.contains("username"));
Assert.assertTrue(protocolMappers.contains("full name"));
Assert.assertFalse(protocolMappers.contains("phone"));
// Test roles
evaluateForm.showRoles();
Assert.assertNames(evaluateForm.getGrantedRealmRoles(), "offline_access");
Assert.assertNames(evaluateForm.getNotGrantedRealmRoles(), "uma_authorization");
// Test access token
evaluateForm.showToken();
String accessTokenStr = evaluateForm.getAccessToken();
AccessToken token = JsonSerialization.readValue(accessTokenStr, AccessToken.class);
String scopeParam = token.getScope();
Assert.assertTrue(TokenUtil.isOIDCRequest(scopeParam));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "address"));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "profile"));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "email"));
Assert.assertFalse(TokenUtil.hasScope(scopeParam, "phone"));
}
Example 3
| Source File: OpenShiftTokenReviewEndpoint.java From keycloak with Apache License 2.0 | 4 votes |
|
@Path("/{client_id}")
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response tokenReview(@PathParam("client_id") String clientId, OpenShiftTokenReviewRequestRepresentation reviewRequest) throws Exception {
event.event(EventType.INTROSPECT_TOKEN);
if (clientId != null) {
session.setAttribute("client_id", clientId);
}
checkSsl();
checkRealm();
authorizeClient();
RealmModel realm = session.getContext().getRealm();
AccessToken token = null;
try {
TokenVerifier<AccessToken> verifier = TokenVerifier.create(reviewRequest.getSpec().getToken(), AccessToken.class)
.realmUrl(Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
verifier.verifierContext(verifierContext);
verifier.verify();
token = verifier.getToken();
} catch (VerificationException e) {
error(401, Errors.INVALID_TOKEN, "Token verification failure");
}
if (!tokenManager.checkTokenValidForIntrospection(session, realm, token)) {
error(401, Errors.INVALID_TOKEN, "Token verification failure");
}
OpenShiftTokenReviewResponseRepresentation response = new OpenShiftTokenReviewResponseRepresentation();
response.getStatus().setAuthenticated(true);
response.getStatus().setUser(new OpenShiftTokenReviewResponseRepresentation.User());
OpenShiftTokenReviewResponseRepresentation.User userRep = response.getStatus().getUser();
userRep.setUid(token.getSubject());
userRep.setUsername(token.getPreferredUsername());
if (token.getScope() != null && !token.getScope().isEmpty()) {
OpenShiftTokenReviewResponseRepresentation.Extra extra = new OpenShiftTokenReviewResponseRepresentation.Extra();
extra.setScopes(token.getScope().split(" "));
userRep.setExtra(extra);
}
if (token.getOtherClaims() != null && token.getOtherClaims().get("groups") != null) {
List<String> groups = (List<String>) token.getOtherClaims().get("groups");
userRep.setGroups(groups);
}
event.success();
return Response.ok(response, MediaType.APPLICATION_JSON).build();
}
