gCubeSystem
/
keycloak-client
17
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Token exchage for an offline token now raises an IllegalArgumetException if the original token not contains `offline_access` within its scopes, required by the `v24.0.2` version of the Keycloak

This commit is contained in:
Mauro Mugnaini 2024-05-06 18:10:26 +02:00
parent dfb35bad62
commit 22013667d1
Signed by: mauro.mugnaini
GPG Key ID: 2440CFD0EB321EA8
1 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
View File

@ -42,6 +42,7 @@ import org.gcube.common.gxhttp.util.ContentUtils;
import org.gcube.common.gxrest.request.GXHTTPStringRequest; import org.gcube.common.gxrest.request.GXHTTPStringRequest;
import org.gcube.common.gxrest.response.inbound.GXInboundResponse; import org.gcube.common.gxrest.response.inbound.GXInboundResponse;
import org.gcube.common.gxrest.response.inbound.JsonUtils; import org.gcube.common.gxrest.response.inbound.JsonUtils;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.JSONWebKeySet; import org.gcube.common.keycloak.model.JSONWebKeySet;
import org.gcube.common.keycloak.model.ModelUtils; import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.PublishedRealmRepresentation; import org.gcube.common.keycloak.model.PublishedRealmRepresentation;
@ -720,22 +721,31 @@ public class DefaultKeycloakClient implements KeycloakClient {
null); null);
} }
// @Override @Override
// public TokenResponse exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId, public TokenResponse exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId,
// String clientSecret, String audience) throws KeycloakClientException { String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException {
//
// return exchangeTokenForOfflineToken(getTokenEndpointURL(getRealmBaseURL(context)), oidcAccessToken, clientId,
// clientSecret, audience);
// }
// @Override return exchangeTokenForOfflineToken(getTokenEndpointURL(getRealmBaseURL(context)), oidcAccessToken, clientId,
// public TokenResponse exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId, clientSecret, audience);
// String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException { }
//
// // ModelUtils.getAccessTokenFrom(oidcTokenResponse).getScope(). @Override
// return exchangeToken(tokenURL, oidcAccessToken, clientId, clientSecret, audience, REFRESH_TOKEN_TOKEN_TYPE, public TokenResponse exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId,
// OFFLINE_ACCESS_SCOPE); String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException {
// }
AccessToken at = null;
try {
at = ModelUtils.getAccessTokenFrom(oidcAccessToken);
} catch (Exception e) {
throw new IllegalArgumentException("Impossible to parse the access token as JSON", e);
}
if (at.getScope().indexOf(OFFLINE_ACCESS_SCOPE) < 0) {
logger.info("Token to be exchanged doesn't contain 'offline_token' within scopes");
throw new IllegalArgumentException("Orignal access token doesn't contain the 'offline_token' scope");
}
return exchangeToken(tokenURL, oidcAccessToken, clientId, clientSecret, audience, REFRESH_TOKEN_TOKEN_TYPE,
OFFLINE_ACCESS_SCOPE);
}
/** /**
* Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context), * Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context),