First share with auto-discovery of the endpoint in scope with ic-client and gxREST use
commit
2b32fe73ce
@ -0,0 +1,74 @@
|
||||
# OS stuff
|
||||
###################
|
||||
.DS_Store
|
||||
|
||||
# Intellij
|
||||
###################
|
||||
.idea
|
||||
*.iml
|
||||
|
||||
# Eclipse #
|
||||
###########
|
||||
.project
|
||||
.settings
|
||||
.classpath
|
||||
# reverting this as e.g. /distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/
|
||||
# should not be ignored
|
||||
#bin/
|
||||
.factorypath
|
||||
|
||||
|
||||
# NetBeans #
|
||||
############
|
||||
nbactions.xml
|
||||
nb-configuration.xml
|
||||
catalog.xml
|
||||
nbproject
|
||||
|
||||
# VS Code #
|
||||
###########
|
||||
*.code-workspace
|
||||
|
||||
# Compiled source #
|
||||
###################
|
||||
*.com
|
||||
*.class
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.so
|
||||
|
||||
# Packages #
|
||||
############
|
||||
# it's better to unpack these files and commit the raw source
|
||||
# git has its own built in compression methods
|
||||
*.7z
|
||||
*.dmg
|
||||
*.gz
|
||||
*.iso
|
||||
*.jar
|
||||
*.rar
|
||||
*.tar
|
||||
*.zip
|
||||
|
||||
# Logs and databases #
|
||||
######################
|
||||
*.log
|
||||
|
||||
# Maven #
|
||||
#########
|
||||
target
|
||||
|
||||
# Maven shade
|
||||
#############
|
||||
*dependency-reduced-pom.xml
|
||||
|
||||
# nodejs #
|
||||
##########
|
||||
# KEYCLOAK-5391: We will re-exclude node_modules when node_modules handling is worked out.
|
||||
# For now, we keep our js libraries checked into GitHub, so we don't ignore.
|
||||
#node_modules
|
||||
|
||||
# testsuite #
|
||||
#############
|
||||
*offline-token.txt
|
@ -0,0 +1,6 @@
|
||||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
# Changelog for "keycloak-client"
|
||||
|
||||
## [0.0.1-SNAPSHOT]
|
||||
- First release (#21389)
|
@ -0,0 +1,26 @@
|
||||
# Acknowledgments
|
||||
|
||||
The projects leading to this software have received funding from a series of European Union programmes including:
|
||||
|
||||
- the Sixth Framework Programme for Research and Technological Development
|
||||
- [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260).
|
||||
- the Seventh Framework Programme for research, technological development and demonstration
|
||||
- [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488);
|
||||
- [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019);
|
||||
- [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465);
|
||||
- [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644);
|
||||
- [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754).
|
||||
- the H2020 research and innovation programme
|
||||
- [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024);
|
||||
- [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119);
|
||||
- [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142);
|
||||
- [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182);
|
||||
- [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680);
|
||||
- [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610);
|
||||
- [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001);
|
||||
- [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194);
|
||||
- [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914);
|
||||
- [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091);
|
||||
- [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650);
|
||||
- [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409);
|
||||
- [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042);
|
@ -0,0 +1,44 @@
|
||||
# Keycloak Client
|
||||
|
||||
**Keycloak Clienty** provides the basic common classes for OpenId Connect (OIDC) integration and some helper abstract functions for the gCube framework integration
|
||||
|
||||
## Structure of the project
|
||||
|
||||
The source code is present in `src` folder.
|
||||
|
||||
## Built With
|
||||
|
||||
* [OpenJDK](https://openjdk.java.net/) - The JDK used
|
||||
* [Maven](https://maven.apache.org/) - Dependency Management
|
||||
|
||||
## Documentation
|
||||
|
||||
To build the library JAR it is sufficient to type
|
||||
|
||||
mvn clean package
|
||||
|
||||
## Change log
|
||||
|
||||
See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-client/releases).
|
||||
|
||||
## Authors
|
||||
|
||||
* **Mauro Mugnaini** ([Nubisware S.r.l.](http://www.nubisware.com))
|
||||
|
||||
## How to Cite this Software
|
||||
[Intentionally left blank]
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
|
||||
|
||||
## About the gCube Framework
|
||||
This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
|
||||
open-source software toolkit used for building and operating Hybrid Data
|
||||
Infrastructures enabling the dynamic deployment of Virtual Research Environments
|
||||
by favouring the realisation of reuse oriented policies.
|
||||
|
||||
The projects leading to this software have received funding from a series of European Union programmes see [FUNDING.md](FUNDING.md)
|
||||
|
||||
## Acknowledgments
|
||||
[Intentionally left blank]
|
@ -0,0 +1,110 @@
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<artifactId>maven-parent</artifactId>
|
||||
<groupId>org.gcube.tools</groupId>
|
||||
<version>1.1.0</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>keycloak-client</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>gcube-bom</artifactId>
|
||||
<version>2.0.2-SNAPSHOT</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
|
||||
<scm>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
|
||||
<url>https://code-repo.d4science.org/gCubeSystem/${project.artifactId}</url>
|
||||
</scm>
|
||||
|
||||
<dependencies>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-databind</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-annotations</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-core</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gxJRS</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-fw-clients</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources.discovery</groupId>
|
||||
<artifactId>ic-client</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<version>1.7.25</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<version>1.2.16</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<version>4.12</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.glassfish.jersey.core</groupId>
|
||||
<artifactId>jersey-common</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.glassfish.jersey.core</groupId>
|
||||
<artifactId>jersey-client</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build />
|
||||
|
||||
</project>
|
@ -0,0 +1,25 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import org.gcube.common.clients.fw.plugin.Plugin;
|
||||
|
||||
public abstract class AbstractPlugin<S, P> implements Plugin<S, P>, KeycloakClient {
|
||||
|
||||
public final String name;
|
||||
|
||||
public AbstractPlugin(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String serviceClass() {
|
||||
return CATEGORY;
|
||||
}
|
||||
|
||||
public String serviceName() {
|
||||
return NAME;
|
||||
}
|
||||
|
||||
public String name() {
|
||||
return name;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,161 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
||||
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.gcube.common.gxrest.request.GXHTTPStringRequest;
|
||||
import org.gcube.common.gxrest.response.inbound.GXInboundResponse;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
||||
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
||||
|
||||
public class DefaultKeycloakClient implements KeycloakClient {
|
||||
|
||||
private static final String PERMISSION_PARAMETER = "permission";
|
||||
private static final String GRANT_TYPE_PARAMETER = "grant_type";
|
||||
private static final String UMA_TOKEN_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:uma-ticket";
|
||||
private static final String AUDIENCE_PARAMETER = "audience";
|
||||
|
||||
@Override
|
||||
public URL findTokenEndpointURL() throws KeycloakClientException {
|
||||
logger.debug("Creating simple query");
|
||||
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||
query.addCondition(
|
||||
String.format("$resource/Profile/Category/text() eq '%s'", CATEGORY))
|
||||
.addCondition(String.format("$resource/Profile/Name/text() eq '%s'", NAME))
|
||||
.setResult(String.format("$resource/Profile/AccessPoint[Description/text() eq '%s']", DESCRIPTION));
|
||||
|
||||
logger.debug("Creating client for AccessPoint");
|
||||
DiscoveryClient<AccessPoint> client = clientFor(AccessPoint.class);
|
||||
|
||||
logger.trace("Submitting query: {}", query);
|
||||
List<AccessPoint> accessPoints = client.submit(query);
|
||||
|
||||
if (accessPoints.size() == 0) {
|
||||
throw new KeycloakClientException("Service endpoint not found");
|
||||
} else if (accessPoints.size() > 1) {
|
||||
throw new KeycloakClientException("Found more than one endpoint with query");
|
||||
}
|
||||
String address = accessPoints.iterator().next().address();
|
||||
logger.debug("Found address: {}", address);
|
||||
try {
|
||||
return new URL(address);
|
||||
} catch (MalformedURLException e) {
|
||||
throw new KeycloakClientException("Cannot create URL from address: " + address, e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenResponse queryUMAToken(String clientId, String clientSecret, List<String> permissions)
|
||||
throws KeycloakClientException {
|
||||
|
||||
return queryUMAToken(clientId, clientSecret, ScopeProvider.instance.get(), permissions);
|
||||
}
|
||||
@Override
|
||||
public TokenResponse queryUMAToken(String clientId, String clientSecret, String audience,
|
||||
List<String> permissions) throws KeycloakClientException {
|
||||
|
||||
return queryUMAToken(findTokenEndpointURL(), clientId, clientSecret, audience, permissions);
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenResponse queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience,
|
||||
List<String> permissions) throws KeycloakClientException {
|
||||
|
||||
return queryUMAToken(tokenURL,
|
||||
"Basic " + Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes()),
|
||||
audience, permissions);
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience,
|
||||
List<String> permissions) throws KeycloakClientException {
|
||||
|
||||
logger.debug("Querying token from Keycloak server with URL: {}", tokenURL);
|
||||
|
||||
Map<String, List<String>> params = new HashMap<>();
|
||||
params.put(GRANT_TYPE_PARAMETER, Arrays.asList(UMA_TOKEN_GRANT_TYPE));
|
||||
|
||||
try {
|
||||
params.put(AUDIENCE_PARAMETER, Arrays.asList(URLEncoder.encode(checkAudience(audience), "UTF-8")));
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.error("Cannot URL encode 'audience'", e);
|
||||
}
|
||||
if (permissions != null && !permissions.isEmpty()) {
|
||||
params.put(
|
||||
PERMISSION_PARAMETER, permissions.stream().map(s -> {
|
||||
try {
|
||||
return URLEncoder.encode(s, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
return "";
|
||||
}
|
||||
}).collect(Collectors.toList()));
|
||||
}
|
||||
|
||||
// Constructing request object
|
||||
GXHTTPStringRequest request;
|
||||
try {
|
||||
String queryString = params.entrySet().stream()
|
||||
.flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
|
||||
.reduce((p1, p2) -> p1 + "&" + p2).orElse("");
|
||||
|
||||
request = GXHTTPStringRequest.newRequest(tokenURL.toString())
|
||||
.header("Content-Type", "application/x-www-form-urlencoded").withBody(queryString);
|
||||
|
||||
request.isExternalCall(true);
|
||||
if (authorization != null) {
|
||||
logger.debug("Adding authorization header as: {}", authorization);
|
||||
request = request.header("Authorization", authorization);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new KeycloakClientException("Cannot construct the request object correctly", e);
|
||||
}
|
||||
|
||||
GXInboundResponse response;
|
||||
try {
|
||||
response = request.post();
|
||||
} catch (Exception e) {
|
||||
throw new KeycloakClientException("Cannot send request correctly", e);
|
||||
}
|
||||
if (response.isSuccessResponse()) {
|
||||
try {
|
||||
return response.tryConvertStreamedContentFromJson(TokenResponse.class);
|
||||
} catch (Exception e) {
|
||||
throw new KeycloakClientException("Cannot construct token response object correctly", e);
|
||||
}
|
||||
} else {
|
||||
throw KeycloakClientException.create("Unable to get token", response.getHTTPCode(),
|
||||
response.getHeaderFields()
|
||||
.getOrDefault("Content-Type", Collections.singletonList("unknown/unknown")).get(0),
|
||||
response.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private static String checkAudience(String audience) {
|
||||
if (audience.startsWith("/")) {
|
||||
try {
|
||||
logger.trace("Audience was provided in non URL encoded form, encoding it");
|
||||
return URLEncoder.encode(audience, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.error("Cannot URL encode 'audience'", e);
|
||||
}
|
||||
}
|
||||
return audience;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,82 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import java.net.URL;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public interface KeycloakClient {
|
||||
|
||||
Logger logger = LoggerFactory.getLogger(KeycloakClient.class);
|
||||
|
||||
String CATEGORY = "Auth";
|
||||
String NAME = "IAM";
|
||||
String DESCRIPTION = "oidc-token endpoint";
|
||||
|
||||
/**
|
||||
* Finds the keycloak endpoint {@link URL} discovering it in the current scope provided by {@link ScopeProvider}
|
||||
* @return the keycloak endpoint URL in the current scope
|
||||
* @throws KeycloakClientException if something goes wrong discovering the endpoint URL
|
||||
*/
|
||||
URL findTokenEndpointURL() throws KeycloakClientException;
|
||||
|
||||
/**
|
||||
* Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context),
|
||||
* in URLEncoded form or not, and optionally a list of permissions.
|
||||
*
|
||||
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
||||
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
||||
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
|
||||
* @param permissions a list of permissions, can be <code>null</code>
|
||||
* @return the issued token as {@link TokenResponse} object
|
||||
* @throws KeycloakClientException if something goes wrong performing the query
|
||||
*/
|
||||
TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions)
|
||||
throws KeycloakClientException;
|
||||
|
||||
/**
|
||||
* Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience
|
||||
* (context), in URLEncoded form or not, and optionally a list of permissions.
|
||||
*
|
||||
* @param tokenURL the token endpoint {@link URL} of the Keycloak server
|
||||
* @param clientId the client id
|
||||
* @param clientSecret the client secret
|
||||
* @param audience the audience (context) where to request the issuing of the ticket
|
||||
* @param permissions a list of permissions, can be <code>null</code>
|
||||
* @return the issued token as {@link TokenResponse} object
|
||||
* @throws KeycloakClientException if something goes wrong performing the query
|
||||
*/
|
||||
TokenResponse queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience,
|
||||
List<String> permissions)
|
||||
throws KeycloakClientException;
|
||||
|
||||
/**
|
||||
* Queries an UMA token from the discovered Keycloak server in the current scope, by using provided clientId and client secret
|
||||
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
||||
*
|
||||
* @param clientId the client id
|
||||
* @param clientSecret the client secret
|
||||
* @param audience the audience (context) where to request the issuing of the ticket
|
||||
* @param permissions a list of permissions, can be <code>null</code>
|
||||
* @return the issued token as {@link TokenResponse} object
|
||||
* @throws KeycloakClientException if something goes wrong performing the query
|
||||
*/
|
||||
TokenResponse queryUMAToken(String clientId, String clientSecret, String audience, List<String> permissions)
|
||||
throws KeycloakClientException;
|
||||
|
||||
/**
|
||||
* Queries an UMA token from the discovered Keycloak server in the current scope, by using provided clientId and client secret
|
||||
* for the current scope audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
||||
*
|
||||
* @param clientId the client id
|
||||
* @param clientSecret the client secret
|
||||
* @param permissions a list of permissions, can be <code>null</code>
|
||||
* @return the issued token as {@link TokenResponse} object
|
||||
* @throws KeycloakClientException if something goes wrong performing the query
|
||||
*/
|
||||
TokenResponse queryUMAToken(String clientId, String clientSecret, List<String> permissions)
|
||||
throws KeycloakClientException;
|
||||
}
|
@ -0,0 +1,70 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
public class KeycloakClientException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -1615745541003534684L;
|
||||
|
||||
private int status = -1;
|
||||
private String contentType = null;
|
||||
private String responseString = null;
|
||||
|
||||
public static KeycloakClientException create(String message, int status, String contentType,
|
||||
String textResponse) {
|
||||
|
||||
return create(message, status, contentType, textResponse, null);
|
||||
}
|
||||
|
||||
public static KeycloakClientException create(String message, int status, String contentType,
|
||||
String textResponse, Exception cause) {
|
||||
|
||||
String exMessage = "[" + status + "] " + message + " (" + contentType + "): " + textResponse;
|
||||
KeycloakClientException e = cause != null ? new KeycloakClientException(exMessage, cause)
|
||||
: new KeycloakClientException(exMessage);
|
||||
|
||||
e.setStatus(status);
|
||||
e.setContentType(contentType);
|
||||
e.setResponseString(textResponse);
|
||||
return e;
|
||||
}
|
||||
|
||||
public KeycloakClientException() {
|
||||
super();
|
||||
}
|
||||
|
||||
public KeycloakClientException(String message) {
|
||||
super(message);
|
||||
}
|
||||
|
||||
public KeycloakClientException(String message, Exception cause) {
|
||||
super(message, cause);
|
||||
}
|
||||
|
||||
public void setStatus(int status) {
|
||||
this.status = status;
|
||||
}
|
||||
|
||||
public int getStatus() {
|
||||
return status;
|
||||
}
|
||||
|
||||
public void setContentType(String contentType) {
|
||||
this.contentType = contentType;
|
||||
}
|
||||
|
||||
public String getContentType() {
|
||||
return contentType;
|
||||
}
|
||||
|
||||
public boolean hasJSONPayload() {
|
||||
return getContentType().endsWith("json");
|
||||
}
|
||||
|
||||
public void setResponseString(String responseString) {
|
||||
this.responseString = responseString;
|
||||
}
|
||||
|
||||
public String getResponseString() {
|
||||
return responseString;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class KeycloakClientFactory {
|
||||
|
||||
protected static final Logger logger = LoggerFactory.getLogger(KeycloakClientFactory.class);
|
||||
|
||||
public static KeycloakClient newInstance() {
|
||||
logger.debug("Instantiating a new keycloak client instance");
|
||||
return new DefaultKeycloakClient();
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,154 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
public class AccessToken extends IDToken {
|
||||
|
||||
private static final long serialVersionUID = 6364784008775737335L;
|
||||
|
||||
public static class Access implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1634782115467850693L;
|
||||
|
||||
@JsonProperty("roles")
|
||||
protected Set<String> roles;
|
||||
|
||||
@JsonProperty("verify_caller")
|
||||
protected Boolean verifyCaller;
|
||||
|
||||
public Access() {
|
||||
}
|
||||
|
||||
public Access clone() {
|
||||
Access access = new Access();
|
||||
access.verifyCaller = verifyCaller;
|
||||
if (roles != null) {
|
||||
access.roles = new HashSet<>();
|
||||
access.roles.addAll(roles);
|
||||
}
|
||||
return access;
|
||||
}
|
||||
|
||||
public Set<String> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
public Access roles(Set<String> roles) {
|
||||
this.roles = roles;
|
||||
return this;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public boolean isUserInRole(String role) {
|
||||
if (roles == null)
|
||||
return false;
|
||||
return roles.contains(role);
|
||||
}
|
||||
|
||||
public Access addRole(String role) {
|
||||
if (roles == null)
|
||||
roles = new HashSet<>();
|
||||
roles.add(role);
|
||||
return this;
|
||||
}
|
||||
|
||||
public Boolean getVerifyCaller() {
|
||||
return verifyCaller;
|
||||
}
|
||||
|
||||
public Access verifyCaller(Boolean required) {
|
||||
this.verifyCaller = required;
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
@JsonProperty("trusted-certs")
|
||||
protected Set<String> trustedCertificates;
|
||||
|
||||
@JsonProperty("allowed-origins")
|
||||
protected Set<String> allowedOrigins;
|
||||
|
||||
@JsonProperty("realm_access")
|
||||
protected Access realmAccess;
|
||||
|
||||
@JsonProperty("resource_access")
|
||||
protected Map<String, Access> resourceAccess;
|
||||
|
||||
@JsonProperty("scope")
|
||||
protected String scope;
|
||||
|
||||
@JsonIgnore
|
||||
public Map<String, Access> getResourceAccess() {
|
||||
return resourceAccess == null ? Collections.<String, Access>emptyMap() : resourceAccess;
|
||||
}
|
||||
|
||||
public void setResourceAccess(Map<String, Access> resourceAccess) {
|
||||
this.resourceAccess = resourceAccess;
|
||||
}
|
||||
|
||||
public Access addAccess(String service) {
|
||||
if (resourceAccess == null) {
|
||||
resourceAccess = new HashMap<>();
|
||||
}
|
||||
|
||||
Access access = resourceAccess.get(service);
|
||||
if (access != null)
|
||||
return access;
|
||||
access = new Access();
|
||||
resourceAccess.put(service, access);
|
||||
return access;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AccessToken id(String id) {
|
||||
return (AccessToken) super.id(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AccessToken issuer(String issuer) {
|
||||
return (AccessToken) super.issuer(issuer);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AccessToken subject(String subject) {
|
||||
return (AccessToken) super.subject(subject);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AccessToken type(String type) {
|
||||
return (AccessToken) super.type(type);
|
||||
}
|
||||
|
||||
public Set<String> getAllowedOrigins() {
|
||||
return allowedOrigins;
|
||||
}
|
||||
|
||||
public void setAllowedOrigins(Set<String> allowedOrigins) {
|
||||
this.allowedOrigins = allowedOrigins;
|
||||
}
|
||||
|
||||
public Access getRealmAccess() {
|
||||
return realmAccess;
|
||||
}
|
||||
|
||||
public void setRealmAccess(Access realmAccess) {
|
||||
this.realmAccess = realmAccess;
|
||||
}
|
||||
|
||||
public Set<String> getTrustedCertificates() {
|
||||
return trustedCertificates;
|
||||
}
|
||||
|
||||
public void setTrustedCertificates(Set<String> trustedCertificates) {
|
||||
this.trustedCertificates = trustedCertificates;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,80 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
public class AddressClaimSet {
|
||||
|
||||
public static final String FORMATTED = "formatted";
|
||||
public static final String STREET_ADDRESS = "street_address";
|
||||
public static final String LOCALITY = "locality";
|
||||
public static final String REGION = "region";
|
||||
public static final String POSTAL_CODE = "postal_code";
|
||||
public static final String COUNTRY = "country";
|
||||
|
||||
@JsonProperty(FORMATTED)
|
||||
protected String formattedAddress;
|
||||
|
||||
@JsonProperty(STREET_ADDRESS)
|
||||
protected String streetAddress;
|
||||
|
||||
@JsonProperty(LOCALITY)
|
||||
protected String locality;
|
||||
|
||||
@JsonProperty(REGION)
|
||||
protected String region;
|
||||
|
||||
@JsonProperty(POSTAL_CODE)
|
||||
protected String postalCode;
|
||||
|
||||
@JsonProperty(COUNTRY)
|
||||
protected String country;
|
||||
|
||||
public String getFormattedAddress() {
|
||||
return this.formattedAddress;
|
||||
}
|
||||
|
||||
public void setFormattedAddress(String formattedAddress) {
|
||||
this.formattedAddress = formattedAddress;
|
||||
}
|
||||
|
||||
public String getStreetAddress() {
|
||||
return this.streetAddress;
|
||||
}
|
||||
|
||||
public void setStreetAddress(String streetAddress) {
|
||||
this.streetAddress = streetAddress;
|
||||
}
|
||||
|
||||
public String getLocality() {
|
||||
return this.locality;
|
||||
}
|
||||
|
||||
public void setLocality(String locality) {
|
||||
this.locality = locality;
|
||||
}
|
||||
|
||||
public String getRegion() {
|
||||
return this.region;
|
||||
}
|
||||
|
||||
public void setRegion(String region) {
|
||||
this.region = region;
|
||||
}
|
||||
|
||||
public String getPostalCode() {
|
||||
return this.postalCode;
|
||||
}
|
||||
|
||||
public void setPostalCode(String postalCode) {
|
||||
this.postalCode = postalCode;
|
||||
}
|
||||
|
||||
public String getCountry() {
|
||||
return this.country;
|
||||
}
|
||||
|
||||
public void setCountry(String country) {
|
||||
this.country = country;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,337 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
public class IDToken extends JsonWebToken {
|
||||
|
||||
private static final long serialVersionUID = 8406175387651749097L;
|
||||
|
||||
public static final String NONCE = "nonce";
|
||||
public static final String AUTH_TIME = "auth_time";
|
||||
public static final String SESSION_STATE = "session_state";
|
||||
public static final String AT_HASH = "at_hash";
|
||||
public static final String C_HASH = "c_hash";
|
||||
public static final String NAME = "name";
|
||||
public static final String GIVEN_NAME = "given_name";
|
||||
public static final String FAMILY_NAME = "family_name";
|
||||
public static final String MIDDLE_NAME = "middle_name";
|
||||
public static final String NICKNAME = "nickname";
|
||||
public static final String PREFERRED_USERNAME = "preferred_username";
|
||||
public static final String PROFILE = "profile";
|
||||
public static final String PICTURE = "picture";
|
||||
public static final String WEBSITE = "website";
|
||||
public static final String EMAIL = "email";
|
||||
public static final String EMAIL_VERIFIED = "email_verified";
|
||||
public static final String GENDER = "gender";
|
||||
public static final String BIRTHDATE = "birthdate";
|
||||
public static final String ZONEINFO = "zoneinfo";
|
||||
public static final String LOCALE = "locale";
|
||||
public static final String PHONE_NUMBER = "phone_number";
|
||||
public static final String PHONE_NUMBER_VERIFIED = "phone_number_verified";
|
||||
public static final String ADDRESS = "address";
|
||||
public static final String UPDATED_AT = "updated_at";
|
||||
public static final String CLAIMS_LOCALES = "claims_locales";
|
||||
public static final String ACR = "acr";
|
||||
|
||||
public static final String S_HASH = "s_hash";
|
||||
|
||||
public IDToken() {
|
||||
}
|
||||
|
||||
@JsonProperty(NONCE)
|
||||
protected String nonce;
|
||||
|
||||
protected Long auth_time;
|
||||
|
||||
@JsonProperty(SESSION_STATE)
|
||||
protected String sessionState;
|
||||
|
||||
@JsonProperty(AT_HASH)
|
||||
protected String accessTokenHash;
|
||||
|
||||
@JsonProperty(C_HASH)
|
||||
protected String codeHash;
|
||||
|
||||
@JsonProperty(NAME)
|
||||
protected String name;
|
||||
|
||||
@JsonProperty(GIVEN_NAME)
|
||||
protected String givenName;
|
||||
|
||||
@JsonProperty(FAMILY_NAME)
|
||||
protected String familyName;
|
||||
|
||||
@JsonProperty(MIDDLE_NAME)
|
||||
protected String middleName;
|
||||
|
||||
@JsonProperty(NICKNAME)
|
||||
protected String nickName;
|
||||
|
||||
@JsonProperty(PREFERRED_USERNAME)
|
||||
protected String preferredUsername;
|
||||
|
||||
@JsonProperty(PROFILE)
|
||||
protected String profile;
|
||||
|
||||
@JsonProperty(PICTURE)
|
||||
protected String picture;
|
||||
|
||||
@JsonProperty(WEBSITE)
|
||||
protected String website;
|
||||
|
||||
@JsonProperty(EMAIL)
|
||||
protected String email;
|
||||
|
||||
@JsonProperty(EMAIL_VERIFIED)
|
||||
protected Boolean emailVerified;
|
||||
|
||||
@JsonProperty(GENDER)
|
||||
protected String gender;
|
||||
|
||||
@JsonProperty(BIRTHDATE)
|
||||
protected String birthdate;
|
||||
|
||||
@JsonProperty(ZONEINFO)
|
||||
protected String zoneinfo;
|
||||
|
||||
@JsonProperty(LOCALE)
|
||||
protected String locale;
|
||||
|
||||
@JsonProperty(PHONE_NUMBER)
|
||||
protected String phoneNumber;
|
||||
|
||||
@JsonProperty(PHONE_NUMBER_VERIFIED)
|
||||
protected Boolean phoneNumberVerified;
|
||||
|
||||
@JsonProperty(ADDRESS)
|
||||
protected AddressClaimSet address;
|
||||
|
||||
@JsonProperty(UPDATED_AT)
|
||||
protected Long updatedAt;
|
||||
|
||||
@JsonProperty(CLAIMS_LOCALES)
|
||||
protected String claimsLocales;
|
||||
|
||||
@JsonProperty(ACR)
|
||||
protected String acr;
|
||||
|
||||
@JsonProperty(S_HASH)
|
||||
protected String stateHash;
|
||||
|
||||
public String getNonce() {
|
||||
return nonce;
|
||||
}
|
||||
|
||||
public void setNonce(String nonce) {
|
||||
this.nonce = nonce;
|
||||
}
|
||||
|
||||
public Long getAuth_time() {
|
||||
return auth_time;
|
||||
}
|
||||
|
||||
public void setAuth_time(Long auth_time) {
|
||||
this.auth_time = auth_time;
|
||||
}
|
||||
|
||||
public String getSessionState() {
|
||||
return sessionState;
|
||||
}
|
||||
|
||||
public void setSessionState(String sessionState) {
|
||||
this.sessionState = sessionState;
|
||||
}
|
||||
|
||||
public String getAccessTokenHash() {
|
||||
return accessTokenHash;
|
||||
}
|
||||
|
||||
public void setAccessTokenHash(String accessTokenHash) {
|
||||
this.accessTokenHash = accessTokenHash;
|
||||
}
|
||||
|
||||
public String getCodeHash() {
|
||||
return codeHash;
|
||||
}
|
||||
|
||||
public void setCodeHash(String codeHash) {
|
||||
this.codeHash = codeHash;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getGivenName() {
|
||||
return this.givenName;
|
||||
}
|
||||
|
||||
public void setGivenName(String givenName) {
|
||||
this.givenName = givenName;
|
||||
}
|
||||
|
||||
public String getFamilyName() {
|
||||
return this.familyName;
|
||||
}
|
||||
|
||||
public void setFamilyName(String familyName) {
|
||||
this.familyName = familyName;
|
||||
}
|
||||
|
||||
public String getMiddleName() {
|
||||
return this.middleName;
|
||||
}
|
||||
|
||||
public void setMiddleName(String middleName) {
|
||||
this.middleName = middleName;
|
||||
}
|
||||
|
||||
public String getNickName() {
|
||||
return this.nickName;
|
||||
}
|
||||
|
||||
public void setNickName(String nickName) {
|
||||
this.nickName = nickName;
|
||||
}
|
||||
|
||||
public String getPreferredUsername() {
|
||||
return this.preferredUsername;
|
||||
}
|
||||
|
||||
public void setPreferredUsername(String preferredUsername) {
|
||||
this.preferredUsername = preferredUsername;
|
||||
}
|
||||
|
||||
public String getProfile() {
|
||||
return this.profile;
|
||||
}
|
||||
|
||||
public void setProfile(String profile) {
|
||||
this.profile = profile;
|
||||
}
|
||||
|
||||
public String getPicture() {
|
||||
return this.picture;
|
||||
}
|
||||
|
||||
public void setPicture(String picture) {
|
||||
this.picture = picture;
|
||||
}
|
||||
|
||||
public String getWebsite() {
|
||||
return this.website;
|
||||
}
|
||||
|
||||
public void setWebsite(String website) {
|
||||
this.website = website;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
return this.email;
|
||||
}
|
||||
|
||||
public void setEmail(String email) {
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
public Boolean getEmailVerified() {
|
||||
return this.emailVerified;
|
||||
}
|
||||
|
||||
public void setEmailVerified(Boolean emailVerified) {
|
||||
this.emailVerified = emailVerified;
|
||||
}
|
||||
|
||||
public String getGender() {
|
||||
return this.gender;
|
||||
}
|
||||
|
||||
public void setGender(String gender) {
|
||||
this.gender = gender;
|
||||
}
|
||||
|
||||
public String getBirthdate() {
|
||||
return this.birthdate;
|
||||
}
|
||||
|
||||
public void setBirthdate(String birthdate) {
|
||||
this.birthdate = birthdate;
|
||||
}
|
||||
|
||||
public String getZoneinfo() {
|
||||
return this.zoneinfo;
|
||||
}
|
||||
|
||||
public void setZoneinfo(String zoneinfo) {
|
||||
this.zoneinfo = zoneinfo;
|
||||
}
|
||||
|
||||
public String getLocale() {
|
||||
return this.locale;
|
||||
}
|
||||
|
||||
public void setLocale(String locale) {
|
||||
this.locale = locale;
|
||||
}
|
||||
|
||||
public String getPhoneNumber() {
|
||||
return this.phoneNumber;
|
||||
}
|
||||
|
||||
public void setPhoneNumber(String phoneNumber) {
|
||||
this.phoneNumber = phoneNumber;
|
||||
}
|
||||
|
||||
public Boolean getPhoneNumberVerified() {
|
||||
return this.phoneNumberVerified;
|
||||
}
|
||||
|
||||
public void setPhoneNumberVerified(Boolean phoneNumberVerified) {
|
||||
this.phoneNumberVerified = phoneNumberVerified;
|
||||
}
|
||||
|
||||
public AddressClaimSet getAddress() {
|
||||
return address;
|
||||
}
|
||||
|
||||
public void setAddress(AddressClaimSet address) {
|
||||
this.address = address;
|
||||
}
|
||||
|
||||
public Long getUpdatedAt() {
|
||||
return this.updatedAt;
|
||||
}
|
||||
|
||||
public void setUpdatedAt(Long updatedAt) {
|
||||
this.updatedAt = updatedAt;
|
||||
}
|
||||
|
||||
public String getClaimsLocales() {
|
||||
return this.claimsLocales;
|
||||
}
|
||||
|
||||
public void setClaimsLocales(String claimsLocales) {
|
||||
this.claimsLocales = claimsLocales;
|
||||
}
|
||||
|
||||
public String getAcr() {
|
||||
return acr;
|
||||
}
|
||||
|
||||
public void setAcr(String acr) {
|
||||
this.acr = acr;
|
||||
}
|
||||
|
||||
public String getStateHash() {
|
||||
return stateHash;
|
||||
}
|
||||
|
||||
public void setStateHash(String stateHash) {
|
||||
this.stateHash = stateHash;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,211 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnyGetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnySetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import org.gcube.com.fasterxml.jackson.databind.annotation.JsonDeserialize;
|
||||
import org.gcube.com.fasterxml.jackson.databind.annotation.JsonSerialize;
|
||||
import org.gcube.common.keycloak.model.util.StringOrArrayDeserializer;
|
||||
import org.gcube.common.keycloak.model.util.StringOrArraySerializer;
|
||||
import org.gcube.common.keycloak.model.util.Time;
|
||||
|
||||
public class JsonWebToken implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = -8136409077130940942L;
|
||||
|
||||
@JsonProperty("jti")
|
||||
protected String id;
|
||||
|
||||
protected Long exp;
|
||||
protected Long nbf;
|
||||
protected Long iat;
|
||||
|
||||
@JsonProperty("iss")
|
||||
protected String issuer;
|
||||
@JsonProperty("aud")
|
||||
@JsonSerialize(using = StringOrArraySerializer.class)
|
||||
@JsonDeserialize(using = StringOrArrayDeserializer.class)
|
||||
protected String[] audience;
|
||||
@JsonProperty("sub")
|
||||
protected String subject;
|
||||
@JsonProperty("typ")
|
||||
protected String type;
|
||||
@JsonProperty("azp")
|
||||
public String issuedFor;
|
||||
protected Map<String, Object> otherClaims = new HashMap<>();
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public JsonWebToken id(String id) {
|
||||
this.id = id;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Long getExp() {
|
||||
return exp;
|
||||
}
|
||||
|
||||
public JsonWebToken exp(Long exp) {
|
||||
this.exp = exp;
|
||||
return this;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public boolean isExpired() {
|
||||
return exp != null && exp != 0 ? Time.currentTime() > exp : false;
|
||||
}
|
||||
|
||||
public Long getNbf() {
|
||||
return nbf;
|
||||
}
|
||||
|
||||
public JsonWebToken nbf(Long nbf) {
|
||||
this.nbf = nbf;
|
||||
return this;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public boolean isNotBefore(int allowedTimeSkew) {
|
||||
return nbf != null ? Time.currentTime() + allowedTimeSkew >= nbf : true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests that the token is not expired and is not-before.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@JsonIgnore
|
||||
public boolean isActive() {
|
||||
return isActive(0);
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public boolean isActive(int allowedTimeSkew) {
|
||||
return !isExpired() && isNotBefore(allowedTimeSkew);
|
||||
}
|
||||
|
||||
public Long getIat() {
|
||||
return iat;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set issuedAt to the current time
|
||||
*/
|
||||
@JsonIgnore
|
||||
public JsonWebToken issuedNow() {
|
||||
iat = Long.valueOf(Time.currentTime());
|
||||
return this;
|
||||
}
|
||||
|
||||
public JsonWebToken iat(Long iat) {
|
||||
this.iat = iat;
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getIssuer() {
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public JsonWebToken issuer(String issuer) {
|
||||
this.issuer = issuer;
|
||||
return this;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public String[] getAudience() {
|
||||
return audience;
|
||||
}
|
||||
|
||||
public boolean hasAudience(String audience) {
|
||||
if (this.audience == null)
|
||||
return false;
|
||||
for (String a : this.audience) {
|
||||
if (a.equals(audience)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public JsonWebToken audience(String... audience) {
|
||||
this.audience = audience;
|
||||
return this;
|
||||
}
|
||||
|
||||
public JsonWebToken addAudience(String audience) {
|
||||
if (this.audience == null) {
|
||||
this.audience = new String[] { audience };
|
||||
} else {
|
||||
// Check if audience is already there
|
||||
for (String aud : this.audience) {
|
||||
if (audience.equals(aud)) {
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
String[] newAudience = Arrays.copyOf(this.audience, this.audience.length + 1);
|
||||
newAudience[this.audience.length] = audience;
|
||||
this.audience = newAudience;
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
public String getSubject() {
|
||||
return subject;
|
||||
}
|
||||
|
||||
public JsonWebToken subject(String subject) {
|
||||
this.subject = subject;
|
||||
return this;
|
||||
}
|
||||
|
||||
public void setSubject(String subject) {
|
||||
this.subject = subject;
|
||||
}
|
||||
|
||||
public String getType() {
|
||||
return type;
|
||||
}
|
||||
|
||||
public JsonWebToken type(String type) {
|
||||
this.type = type;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* OAuth client the token was issued for.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getIssuedFor() {
|
||||
return issuedFor;
|
||||
}
|
||||
|
||||
public JsonWebToken issuedFor(String issuedFor) {
|
||||
this.issuedFor = issuedFor;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a map of any other claims and data that might be in the IDToken. Could be custom claims set up by the auth server
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@JsonAnyGetter
|
||||
public Map<String, Object> getOtherClaims() {
|
||||
return otherClaims;
|
||||
}
|
||||
|
||||
@JsonAnySetter
|
||||
public void setOtherClaims(String name, Object value) {
|
||||
otherClaims.put(name, value);
|
||||
}
|
||||
}
|
@ -0,0 +1,97 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import java.util.Base64;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonInclude.Include;
|
||||
import org.gcube.com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectWriter;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class ModelUtils {
|
||||
|
||||
protected static final Logger logger = LoggerFactory.getLogger(ModelUtils.class);
|
||||
|
||||
private static final ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
static {
|
||||
mapper.setSerializationInclusion(Include.NON_NULL);
|
||||
}
|
||||
|
||||
public static String toJSONString(Object object) {
|
||||
return toJSONString(object, false);
|
||||
}
|
||||
|
||||
public static String toJSONString(Object object, boolean prettyPrint) {
|
||||
ObjectWriter writer = prettyPrint ? mapper.writerWithDefaultPrettyPrinter() : mapper.writer();
|
||||
try {
|
||||
return writer.writeValueAsString(object);
|
||||
} catch (JsonProcessingException e) {
|
||||
logger.error("Cannot pretty print object", e);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static byte[] getDecodedPayload(String value) {
|
||||
return getBase64Decoded(getEncodedPayload(value));
|
||||
}
|
||||
|
||||
public static String getAccessTokenPayloadStringFrom(TokenResponse tokenResponse) throws Exception {
|
||||
return getAccessTokenPayloadStringFrom(tokenResponse, true);
|
||||
}
|
||||
|
||||
public static String getAccessTokenPayloadStringFrom(TokenResponse tokenResponse, boolean prettyPrint) throws Exception {
|
||||
return toJSONString(getAccessTokenFrom(tokenResponse, Object.class), prettyPrint);
|
||||
}
|
||||
|
||||
public static AccessToken getAccessTokenFrom(TokenResponse tokenResponse) throws Exception {
|
||||
return getAccessTokenFrom(tokenResponse, RefreshToken.class);
|
||||
}
|
||||
|
||||
private static <T> T getAccessTokenFrom(TokenResponse tokenResponse, Class<T> clazz) throws Exception {
|
||||
return mapper.readValue(getDecodedPayload(tokenResponse.getAccessToken()), clazz);
|
||||
}
|
||||
|
||||
public static String getRefreshTokenPayloadStringFrom(TokenResponse tokenResponse) throws Exception {
|
||||
return getRefreshTokenPayloadStringFrom(tokenResponse, true);
|
||||
}
|
||||
|
||||
public static String getRefreshTokenPayloadStringFrom(TokenResponse tokenResponse, boolean prettyPrint) throws Exception {
|
||||
return toJSONString(getRefreshTokenFrom(tokenResponse, Object.class), prettyPrint);
|
||||
}
|
||||
|
||||
public static RefreshToken getRefreshTokenFrom(TokenResponse tokenResponse) throws Exception {
|
||||
return getRefreshTokenFrom(tokenResponse, RefreshToken.class);
|
||||
}
|
||||
|
||||
private static <T> T getRefreshTokenFrom(TokenResponse tokenResponse, Class<T> clazz) throws Exception {
|
||||
return mapper.readValue(getDecodedPayload(tokenResponse.getRefreshToken()), clazz);
|
||||
}
|
||||
|
||||
protected static byte[] getBase64Decoded(String string) {
|
||||
return Base64.getDecoder().decode(string);
|
||||
}
|
||||
|
||||
protected static String splitAndGet(String encodedJWT, int index) {
|
||||
String[] split = encodedJWT.split("\\.");
|
||||
if (split.length == 3) {
|
||||
return split[index];
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public static String getEncodedHeader(String encodedJWT) {
|
||||
return splitAndGet(encodedJWT, 0);
|
||||
}
|
||||
|
||||
public static String getEncodedPayload(String encodedJWT) {
|
||||
return splitAndGet(encodedJWT, 1);
|
||||
}
|
||||
|
||||
public static String getEncodedSignature(String encodedJWT) {
|
||||
return splitAndGet(encodedJWT, 2);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,21 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
public class RefreshToken extends AccessToken {
|
||||
|
||||
private static final long serialVersionUID = 2646534143077862960L;
|
||||
|
||||
public RefreshToken() {
|
||||
}
|
||||
|
||||
public RefreshToken(AccessToken token) {
|
||||
super();
|
||||
this.issuer = token.issuer;
|
||||
this.subject = token.subject;
|
||||
this.issuedFor = token.issuedFor;
|
||||
this.sessionState = token.sessionState;
|
||||
this.nonce = token.nonce;
|
||||
this.audience = new String[] { token.issuer };
|
||||
this.scope = token.scope;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,133 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnyGetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnySetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class TokenResponse implements Serializable {
|
||||
|
||||
protected static Logger logger = LoggerFactory.getLogger(TokenResponse.class);
|
||||
|
||||
private static final long serialVersionUID = -7063122428186284827L;
|
||||
|
||||
@JsonProperty("access_token")
|
||||
protected String accessToken;
|
||||
|
||||
@JsonProperty("expires_in")
|
||||
protected long expiresIn;
|
||||
|
||||
@JsonProperty("refresh_expires_in")
|
||||
protected long refreshExpiresIn;
|
||||
|
||||
@JsonProperty("refresh_token")
|
||||
protected String refreshToken;
|
||||
|
||||
@JsonProperty("token_type")
|
||||
protected String tokenType;
|
||||
|
||||
@JsonProperty("id_token")
|
||||
protected String idToken;
|
||||
|
||||
@JsonProperty("not-before-policy")
|
||||
protected int notBeforePolicy;
|
||||
|
||||
@JsonProperty("session_state")
|
||||
protected String sessionState;
|
||||
|
||||
protected Map<String, Object> otherClaims = new HashMap<>();
|
||||
|
||||
@JsonProperty("scope")
|
||||
protected String scope;
|
||||
|
||||
public TokenResponse() {
|
||||
}
|
||||
|
||||
public String getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
public String getAccessToken() {
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
public void setSccessToken(String accessToken) {
|
||||
this.accessToken = accessToken;
|
||||
}
|
||||
|
||||
public long getExpiresIn() {
|
||||
return expiresIn;
|
||||
}
|
||||
|
||||
public void setExpiresIn(long expiresIn) {
|
||||
this.expiresIn = expiresIn;
|
||||
}
|
||||
|
||||
public long getRefreshExpiresIn() {
|
||||
return refreshExpiresIn;
|
||||
}
|
||||
|
||||
public void setRefreshExpiresIn(long refreshExpiresIn) {
|
||||
this.refreshExpiresIn = refreshExpiresIn;
|
||||
}
|
||||
|
||||
public String getRefreshToken() {
|
||||
return refreshToken;
|
||||
}
|
||||
|
||||
public void setRefreshToken(String refreshToken) {
|
||||
this.refreshToken = refreshToken;
|
||||
}
|
||||
|
||||
public String getTokenType() {
|
||||
return tokenType;
|
||||
}
|
||||
|
||||
public void setTokenType(String tokenType) {
|
||||
this.tokenType = tokenType;
|
||||
}
|
||||
|
||||
public String getIdToken() {
|
||||
return idToken;
|
||||
}
|
||||
|
||||
public void setIdToken(String idToken) {
|
||||
this.idToken = idToken;
|
||||
}
|
||||
|
||||
public int getNotBeforePolicy() {
|
||||
return notBeforePolicy;
|
||||
}
|
||||
|
||||
public void setNotBeforePolicy(int notBeforePolicy) {
|
||||
this.notBeforePolicy = notBeforePolicy;
|
||||
}
|
||||
|
||||
public String getSessionState() {
|
||||
return sessionState;
|
||||
}
|
||||
|
||||
public void setSessionState(String sessionState) {
|
||||
this.sessionState = sessionState;
|
||||
}
|
||||
|
||||
@JsonAnyGetter
|
||||
public Map<String, Object> getOtherClaims() {
|
||||
return otherClaims;
|
||||
}
|
||||
|
||||
@JsonAnySetter
|
||||
public void setOtherClaims(String name, Object value) {
|
||||
otherClaims.put(name, value);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,309 @@
|
||||
package org.gcube.common.keycloak.model;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnyGetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonAnySetter;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
import org.gcube.com.fasterxml.jackson.databind.annotation.JsonDeserialize;
|
||||
import org.gcube.com.fasterxml.jackson.databind.annotation.JsonSerialize;
|
||||
import org.gcube.common.keycloak.model.util.StringOrArrayDeserializer;
|
||||
import org.gcube.common.keycloak.model.util.StringOrArraySerializer;
|
||||
|
||||
/**
|
||||
* @author pedroigor
|
||||
*/
|
||||
public class UserInfo {
|
||||
|
||||
// Should be in signed UserInfo response
|
||||
@JsonProperty("iss")
|
||||
protected String issuer;
|
||||
@JsonProperty("aud")
|
||||
@JsonSerialize(using = StringOrArraySerializer.class)
|
||||
@JsonDeserialize(using = StringOrArrayDeserializer.class)
|
||||
protected String[] audience;
|
||||
|
||||
@JsonProperty("sub")
|
||||
protected String sub;
|
||||
|
||||
@JsonProperty("name")
|
||||
protected String name;
|
||||
|
||||
@JsonProperty("given_name")
|
||||
protected String givenName;
|
||||
|
||||
@JsonProperty("family_name")
|
||||
protected String familyName;
|
||||
|
||||
@JsonProperty("middle_name")
|
||||
protected String middleName;
|
||||
|
||||
@JsonProperty("nickname")
|
||||
protected String nickName;
|
||||
|
||||
@JsonProperty("preferred_username")
|
||||
protected String preferredUsername;
|
||||
|
||||
@JsonProperty("profile")
|
||||
protected String profile;
|
||||
|
||||
@JsonProperty("picture")
|
||||
protected String picture;
|
||||
|
||||
@JsonProperty("website")
|
||||
protected String website;
|
||||
|
||||
@JsonProperty("email")
|
||||
protected String email;
|
||||
|
||||
@JsonProperty("email_verified")
|
||||
protected Boolean emailVerified;
|
||||
|
||||
@JsonProperty("gender")
|
||||
protected String gender;
|
||||
|
||||
@JsonProperty("birthdate")
|
||||
protected String birthdate;
|
||||
|
||||
@JsonProperty("zoneinfo")
|
||||
protected String zoneinfo;
|
||||
|
||||
@JsonProperty("locale")
|
||||
protected String locale;
|
||||
|
||||
@JsonProperty("phone_number")
|
||||
protected String phoneNumber;
|
||||
|
||||
@JsonProperty("phone_number_verified")
|
||||
protected Boolean phoneNumberVerified;
|
||||
|
||||
@JsonProperty("address")
|
||||
protected AddressClaimSet address;
|
||||
|
||||
@JsonProperty("updated_at")
|
||||
protected Long updatedAt;
|
||||
|
||||
@JsonProperty("claims_locales")
|
||||
protected String claimsLocales;
|
||||
|
||||
protected Map<String, Object> otherClaims = new HashMap<>();
|
||||
|
||||
public String getIssuer() {
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public void setIssuer(String issuer) {
|
||||
this.issuer = issuer;
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
public String[] getAudience() {
|
||||
return audience;
|
||||
}
|
||||
|
||||
public boolean hasAudience(String audience) {
|
||||
for (String a : this.audience) {
|
||||
if (a.equals(audience)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public void setAudience(String... audience) {
|
||||
this.audience = audience;
|
||||
}
|
||||
|
||||
public String getSubject() {
|
||||
return this.sub;
|
||||
}
|
||||
|
||||
public void setSubject(String subject) {
|
||||
this.sub = subject;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getGivenName() {
|
||||
return this.givenName;
|
||||
}
|
||||
|
||||
public void setGivenName(String givenName) {
|
||||
this.givenName = givenName;
|
||||
}
|
||||
|
||||
public String getFamilyName() {
|
||||
return this.familyName;
|
||||
}
|
||||
|
||||
public void setFamilyName(String familyName) {
|
||||
this.familyName = familyName;
|
||||
}
|
||||
|
||||
public String getMiddleName() {
|
||||
return this.middleName;
|
||||
}
|
||||
|
||||
public void setMiddleName(String middleName) {
|
||||
this.middleName = middleName;
|
||||
}
|
||||
|
||||
public String getNickName() {
|
||||
return this.nickName;
|
||||
}
|
||||
|
||||
public void setNickName(String nickName) {
|
||||
this.nickName = nickName;
|
||||
}
|
||||
|
||||
public String getPreferredUsername() {
|
||||
return this.preferredUsername;
|
||||
}
|
||||
|
||||
public void setPreferredUsername(String preferredUsername) {
|
||||
this.preferredUsername = preferredUsername;
|
||||
}
|
||||
|
||||
public String getProfile() {
|
||||
return this.profile;
|
||||
}
|
||||
|
||||
public void setProfile(String profile) {
|
||||
this.profile = profile;
|
||||
}
|
||||
|
||||
public String getPicture() {
|
||||
return this.picture;
|
||||
}
|
||||
|
||||
public void setPicture(String picture) {
|
||||
this.picture = picture;
|
||||
}
|
||||
|
||||
public String getWebsite() {
|
||||
return this.website;
|
||||
}
|
||||
|
||||
public void setWebsite(String website) {
|
||||
this.website = website;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
return this.email;
|
||||
}
|
||||
|
||||
public void setEmail(String email) {
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
public Boolean getEmailVerified() {
|
||||
return this.emailVerified;
|
||||
}
|
||||
|
||||
public void setEmailVerified(Boolean emailVerified) {
|
||||
this.emailVerified = emailVerified;
|
||||
}
|
||||
|
||||
public String getGender() {
|
||||
return this.gender;
|
||||
}
|
||||
|
||||
public void setGender(String gender) {
|
||||
this.gender = gender;
|
||||
}
|
||||
|
||||
public String getBirthdate() {
|
||||
return this.birthdate;
|
||||
}
|
||||
|
||||
public void setBirthdate(String birthdate) {
|
||||
this.birthdate = birthdate;
|
||||
}
|
||||
|
||||
public String getZoneinfo() {
|
||||
return this.zoneinfo;
|
||||
}
|
||||
|
||||
public void setZoneinfo(String zoneinfo) {
|
||||
this.zoneinfo = zoneinfo;
|
||||
}
|
||||
|
||||
public String getLocale() {
|
||||
return this.locale;
|
||||
}
|
||||
|
||||
public void setLocale(String locale) {
|
||||
this.locale = locale;
|
||||
}
|
||||
|
||||
public String getPhoneNumber() {
|
||||
return this.phoneNumber;
|
||||
}
|
||||
|
||||
public void setPhoneNumber(String phoneNumber) {
|
||||
this.phoneNumber = phoneNumber;
|
||||
}
|
||||
|
||||
public Boolean getPhoneNumberVerified() {
|
||||
return this.phoneNumberVerified;
|
||||
}
|
||||
|
||||
public void setPhoneNumberVerified(Boolean phoneNumberVerified) {
|
||||
this.phoneNumberVerified = phoneNumberVerified;
|
||||
}
|
||||
|
||||
public AddressClaimSet getAddress() {
|
||||
return address;
|
||||
}
|
||||
|
||||
public void setAddress(AddressClaimSet address) {
|
||||
this.address = address;
|
||||
}
|
||||
|
||||
public Long getUpdatedAt() {
|
||||
return this.updatedAt;
|
||||
}
|
||||
|
||||
public void setUpdatedAt(Long updatedAt) {
|
||||
this.updatedAt = updatedAt;
|
||||
}
|
||||
|
||||
public String getSub() {
|
||||
return this.sub;
|
||||
}
|
||||
|
||||
public void setSub(String sub) {
|
||||
this.sub = sub;
|
||||
}
|
||||
|
||||
public String getClaimsLocales() {
|
||||
return this.claimsLocales;
|
||||
}
|
||||
|
||||
public void setClaimsLocales(String claimsLocales) {
|
||||
this.claimsLocales = claimsLocales;
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a map of any other claims and data that might be in the UserInfo. Could be custom claims set up by the auth server
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@JsonAnyGetter
|
||||
public Map<String, Object> getOtherClaims() {
|
||||
return otherClaims;
|
||||
}
|
||||
|
||||
@JsonAnySetter
|
||||
public void setOtherClaims(String name, Object value) {
|
||||
otherClaims.put(name, value);
|
||||
}
|
||||
}
|
@ -0,0 +1,41 @@
|
||||
package org.gcube.common.keycloak.model.util;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.core.JsonParser;
|
||||
import org.gcube.com.fasterxml.jackson.databind.DeserializationContext;
|
||||
import org.gcube.com.fasterxml.jackson.databind.JsonDeserializer;
|
||||
import org.gcube.com.fasterxml.jackson.databind.JsonNode;
|
||||
import org.gcube.com.fasterxml.jackson.databind.node.ArrayNode;
|
||||
|
||||
public class StringListMapDeserializer extends JsonDeserializer<Object> {
|
||||
|
||||
@Override
|
||||
public Object deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
|
||||
JsonNode jsonNode = jsonParser.readValueAsTree();
|
||||
Iterator<Map.Entry<String, JsonNode>> itr = jsonNode.fields();
|
||||
Map<String, List<String>> map = new HashMap<>();
|
||||
while (itr.hasNext()) {
|
||||
Map.Entry<String, JsonNode> e = itr.next();
|
||||
List<String> values = new LinkedList<>();
|
||||
if (!e.getValue().isArray()) {
|
||||
values.add((e.getValue().isNull()) ? null : e.getValue().asText());
|
||||
} else {
|
||||
ArrayNode a = (ArrayNode) e.getValue();
|
||||
Iterator<JsonNode> vitr = a.elements();
|
||||
while (vitr.hasNext()) {
|
||||
JsonNode node = vitr.next();
|
||||
values.add((node.isNull() ? null : node.asText()));
|
||||
}
|
||||
}
|
||||
map.put(e.getKey(), values);
|
||||
}
|
||||
return map;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,29 @@
|
||||
package org.gcube.common.keycloak.model.util;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.core.JsonParser;
|
||||
import org.gcube.com.fasterxml.jackson.databind.DeserializationContext;
|
||||
import org.gcube.com.fasterxml.jackson.databind.JsonDeserializer;
|
||||
import org.gcube.com.fasterxml.jackson.databind.JsonNode;
|
||||
|
||||
public class StringOrArrayDeserializer extends JsonDeserializer<Object> {
|
||||
|
||||
@Override
|
||||
public Object deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
|
||||
JsonNode jsonNode = jsonParser.readValueAsTree();
|
||||
if (jsonNode.isArray()) {
|
||||
ArrayList<String> a = new ArrayList<>(1);
|
||||
Iterator<JsonNode> itr = jsonNode.iterator();
|
||||
while (itr.hasNext()) {
|
||||
a.add(itr.next().textValue());
|
||||
}
|
||||
return a.toArray(new String[a.size()]);
|
||||
} else {
|
||||
return new String[] { jsonNode.textValue() };
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,25 @@
|
||||
package org.gcube.common.keycloak.model.util;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.core.JsonGenerator;
|
||||
import org.gcube.com.fasterxml.jackson.databind.JsonSerializer;
|
||||
import org.gcube.com.fasterxml.jackson.databind.SerializerProvider;
|
||||
|
||||
public class StringOrArraySerializer extends JsonSerializer<Object> {
|
||||
@Override
|
||||
public void serialize(Object o, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
|
||||
String[] array = (String[]) o;
|
||||
if (array == null) {
|
||||
jsonGenerator.writeNull();
|
||||
} else if (array.length == 1) {
|
||||
jsonGenerator.writeString(array[0]);
|
||||
} else {
|
||||
jsonGenerator.writeStartArray();
|
||||
for (String s : array) {
|
||||
jsonGenerator.writeString(s);
|
||||
}
|
||||
jsonGenerator.writeEndArray();
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,67 @@
|
||||
package org.gcube.common.keycloak.model.util;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
public class Time {
|
||||
|
||||
private static int offset;
|
||||
|
||||
/**
|
||||
* Returns current time in seconds adjusted by adding {@link #offset) seconds.
|
||||
* @return see description
|
||||
*/
|
||||
public static int currentTime() {
|
||||
return ((int) (System.currentTimeMillis() / 1000)) + offset;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns current time in milliseconds adjusted by adding {@link #offset) seconds.
|
||||
* @return see description
|
||||
*/
|
||||
public static long currentTimeMillis() {
|
||||
return System.currentTimeMillis() + (offset * 1000L);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns {@link Date} object, its value set to time
|
||||
* @param time Time in milliseconds since the epoch
|
||||
* @return see description
|
||||
*/
|
||||
public static Date toDate(int time) {
|
||||
return new Date(time * 1000L);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns {@link Date} object, its value set to time
|
||||
* @param time Time in milliseconds since the epoch
|
||||
* @return see description
|
||||
*/
|
||||
public static Date toDate(long time) {
|
||||
return new Date(time);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns time in milliseconds for a time in seconds. No adjustment is made to the parameter.
|
||||
* @param time Time in seconds since the epoch
|
||||
* @return Time in milliseconds
|
||||
*/
|
||||
public static long toMillis(int time) {
|
||||
return time * 1000L;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Time offset in seconds that will be added to {@link #currentTime()} and {@link #currentTimeMillis()}.
|
||||
*/
|
||||
public static int getOffset() {
|
||||
return offset;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets time offset in seconds that will be added to {@link #currentTime()} and {@link #currentTimeMillis()}.
|
||||
* @param offset Offset (in seconds)
|
||||
*/
|
||||
public static void setOffset(int offset) {
|
||||
Time.offset = offset;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,69 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import java.net.URL;
|
||||
|
||||
import org.gcube.common.keycloak.model.ModelUtils;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class TestKeycloakClient {
|
||||
|
||||
protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);
|
||||
|
||||
private static final String DEV_ENDPOINT = "http://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token";
|
||||
private static final String CLIENT_ID = "keycloak-client";
|
||||
private static final String CLIENT_SECRET = "38f76152-2b7c-418f-9b67-66f4cc2f401e";
|
||||
private static final String TEST_AUDIENCE = "conductor-server";
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
ScopeProvider.instance.set("/gcube");
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEndpointDiscovery() throws Exception {
|
||||
logger.info("Start testing Keycloak endpoint discovery...");
|
||||
URL url = KeycloakClientFactory.newInstance().findTokenEndpointURL();
|
||||
Assert.assertNotNull(url);
|
||||
Assert.assertTrue(url.getProtocol().equals("https"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testQueryUMATokenWithDiscoveryInCurrentScope() throws Exception {
|
||||
logger.info("Start testing query UMA token from Keycloak with endpoint discovery and current scope...");
|
||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, null);
|
||||
TestModels.checkTokenResponse(tr);
|
||||
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testQueryUMATokenWithDiscovery() throws Exception {
|
||||
logger.info("Start testing query UMA token from Keycloak with endpoint discovery...");
|
||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE,
|
||||
null);
|
||||
|
||||
TestModels.checkTokenResponse(tr);
|
||||
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testQueryUMAToken() throws Exception {
|
||||
logger.info("Start testing query UMA token from Keycloak with URL...");
|
||||
TokenResponse tr = KeycloakClientFactory.newInstance()
|
||||
.queryUMAToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE, null);
|
||||
|
||||
TestModels.checkTokenResponse(tr);
|
||||
TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,89 @@
|
||||
package org.gcube.common.keycloak;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.keycloak.model.AccessToken;
|
||||
import org.gcube.common.keycloak.model.ModelUtils;
|
||||
import org.gcube.common.keycloak.model.RefreshToken;
|
||||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class TestModels {
|
||||
|
||||
protected static final Logger logger = LoggerFactory.getLogger(TestModels.class);
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
}
|
||||
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTokenResponseForOIDC() throws Exception {
|
||||
logger.info("Start testing OIDC token response object binding...");
|
||||
TokenResponse tr = new ObjectMapper().readValue(new File("src/test/resources/oidc-token-response.json"),
|
||||
TokenResponse.class);
|
||||
|
||||
logger.debug("OIDC token response:\n{}", ModelUtils.toJSONString(tr, true));
|
||||
checkTokenResponse(tr);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTokenResponseForUMA() throws Exception {
|
||||
logger.info("Start testing UMA token response object binding...");
|
||||
TokenResponse tr = new ObjectMapper().readValue(new File("src/test/resources/uma-token-response.json"),
|
||||
TokenResponse.class);
|
||||
|
||||
logger.debug("UMA token response:\n{}", ModelUtils.toJSONString(tr, true));
|
||||
checkTokenResponse(tr);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUMAAccessToken() throws Exception {
|
||||
logger.info("Start testing access token object binding...");
|
||||
AccessToken at = new ObjectMapper().readValue(new File("src/test/resources/uma-access-token.json"),
|
||||
AccessToken.class);
|
||||
|
||||
checkAccessToken(at, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUMARefreshToken() throws Exception {
|
||||
logger.info("Start testing refresh token object binding...");
|
||||
RefreshToken rt = new ObjectMapper().readValue(new File("src/test/resources/uma-refresh-token.json"),
|
||||
RefreshToken.class);
|
||||
|
||||
checkRefreshToken(rt);
|
||||
}
|
||||
|
||||
public static void checkTokenResponse(TokenResponse tr) throws Exception {
|
||||
Assert.assertNotNull(tr);
|
||||
Assert.assertEquals("bearer", tr.getTokenType().toLowerCase());
|
||||
Assert.assertNotNull(tr.getAccessToken());
|
||||
Assert.assertNotNull(tr.getRefreshToken());
|
||||
}
|
||||
|
||||
public static void checkAccessToken(AccessToken at, String preferredUsername) {
|
||||
logger.debug("Access token:\n{}", ModelUtils.toJSONString(at, true));
|
||||
Assert.assertNotNull(at.getPreferredUsername());
|
||||
if (preferredUsername != null) {
|
||||
Assert.assertEquals(preferredUsername, at.getPreferredUsername());
|
||||
}
|
||||
Assert.assertNotNull(at.getAudience());
|
||||
}
|
||||
|
||||
public static void checkRefreshToken(RefreshToken rt) {
|
||||
logger.debug("Refresh token:\n{}", ModelUtils.toJSONString(rt, true));
|
||||
Assert.assertNotNull(rt.getOtherClaims());
|
||||
Assert.assertNotNull(rt.getAudience());
|
||||
}
|
||||
}
|
@ -0,0 +1,30 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
||||
<log4j:configuration
|
||||
xmlns="http://jakarta.apache.org/log4j/"
|
||||
xmlns:log4j="http://jakarta.apache.org/log4j/">
|
||||
|
||||
<appender name="console"
|
||||
class="org.apache.log4j.ConsoleAppender">
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<param name="ConversionPattern"
|
||||
value="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" />
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<logger name="org.gcube" additivity="false">
|
||||
<level value="TRACE" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
|
||||
<logger>
|
||||
<level value="INFO" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
|
||||
<root>
|
||||
<level value="DEBUG" />
|
||||
<appender-ref ref="console" />
|
||||
</root>
|
||||
|
||||
</log4j:configuration>
|
@ -0,0 +1,10 @@
|
||||
{
|
||||
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2MjIyMTYxNjEsImlhdCI6MTYyMjIxNTg2MSwianRpIjoiZDM5MWQ4MTQtYTFmNi00YTQwLTlhYTMtM2Y1MWVjNTk5ODhjIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMWM4NDEwOGEtMjAxZC00ZTIwLThhZDItZDcyYjA4ZDU4ZjhhIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibHI2Ml9wb3J0YWwiLCJzZXNzaW9uX3N0YXRlIjoiMWEwNTRiYjctNGQ4Ny00NGE5LWFkMWYtMTc0NmVmMmRkNTIyIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2Rldi5kNHNjaWVuY2Uub3JnIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsIkluZnJhc3RydWN0dXJlLUNsaWVudCIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJHaW5vIFN0aWxsYSIsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6Imdpbm8uc3RpbGxhIiwiZ2l2ZW5fbmFtZSI6Ikdpbm8iLCJsb2NhbGUiOiJpdCIsImZhbWlseV9uYW1lIjoiU3RpbGxhIiwiZW1haWwiOiJnaW5vQHN0aWxsYS5jb20ifQ.C43CAMgoHFhRNPACXPKDr_b1ytZeYeB2_AxTOl0jhG5YUpzoigtjwdrYptJbDtlO0fO3Ex9-KgKKBpUROMb0tC7YjuVgK6uGmaBcXGvA2S9mMLVlpl8u0KWJrrvzjPSSBHqH1fKZ6RHhZYkukMAeEeN5nT5SJoftiBNfnQi0wdjsN6fWUDLVQ3kYFQ_8C2RuO-yivSc9TyVpV-1M6ij7PEplWf2UjoygJKchs9R6x_sLHbaQHPTE24PMEY7GcEsgUwBXR3bkcWZ9cVuxAnbcIYITT-qC6V4YXodS2cYew3WoSaMl8LfTmIl7oFiv3lIDYvQ3dd-X8h1QkkbTPlVLOQ",
|
||||
"expires_in": 300,
|
||||
"refresh_expires_in": 1800,
|
||||
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjOTk5YmVjNC1iNDc4LTQ4Y2YtYmI5OS0wMWMxODY5NzcwNGIifQ.eyJleHAiOjE2MjIyMTc2NjEsImlhdCI6MTYyMjIxNTg2MSwianRpIjoiNzA2YzEyZjUtZDk3OS00MjVmLWI1NzctMzgxNWU4ZTdlNWM2IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsInN1YiI6IjFjODQxMDhhLTIwMWQtNGUyMC04YWQyLWQ3MmIwOGQ1OGY4YSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJscjYyX3BvcnRhbCIsInNlc3Npb25fc3RhdGUiOiIxYTA1NGJiNy00ZDg3LTQ0YTktYWQxZi0xNzQ2ZWYyZGQ1MjIiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUifQ.2nYaWSEIbzr56vKx39AxomfiWoSQweAnepf7p3maZMs",
|
||||
"token_type": "bearer",
|
||||
"not-before-policy": 1618317421,
|
||||
"session_state": "1a054bb7-4d87-44a9-ad1f-1746ef2dd522",
|
||||
"scope": "email profile"
|
||||
}
|
@ -0,0 +1,63 @@
|
||||
{
|
||||
"exp": 1621960710,
|
||||
"iat": 1621960410,
|
||||
"jti": "5a2a2240-8a32-40c9-8cc2-456dd8b089d9",
|
||||
"iss": "https://accounts.dev.d4science.org/auth/realms/d4science",
|
||||
"aud": "conductor-server",
|
||||
"sub": "a47dfe16-b4ed-44ed-a1d9-97ecd504360c",
|
||||
"typ": "Bearer",
|
||||
"azp": "keycloak-client",
|
||||
"session_state": "1550e4ef-5a92-430d-aa0f-242e5f8048de",
|
||||
"acr": "1",
|
||||
"realm_access": {
|
||||
"roles": [
|
||||
"offline_access",
|
||||
"Infrastructure-Client",
|
||||
"uma_authorization"
|
||||
]
|
||||
},
|
||||
"resource_access": {
|
||||
"keycloak-client": {
|
||||
"roles": [
|
||||
"uma_protection"
|
||||
]
|
||||
},
|
||||
"account": {
|
||||
"roles": [
|
||||
"manage-account",
|
||||
"manage-account-links",
|
||||
"view-profile"
|
||||
]
|
||||
}
|
||||
},
|
||||
"authorization": {
|
||||
"permissions": [
|
||||
{
|
||||
"scopes": [
|
||||
"get"
|
||||
],
|
||||
"rsid": "249fd469-79c5-4b85-b195-f29b3eb60345",
|
||||
"rsname": "metadata"
|
||||
},
|
||||
{
|
||||
"scopes": [
|
||||
"get",
|
||||
"start",
|
||||
"terminate"
|
||||
],
|
||||
"rsid": "a6f3eade-7404-4e5d-9070-800adb5aac4e",
|
||||
"rsname": "workflow"
|
||||
},
|
||||
{
|
||||
"rsid": "1b6c00b7-9139-4eaa-aac7-20231fee05a5",
|
||||
"rsname": "Default Resource"
|
||||
}
|
||||
]
|
||||
},
|
||||
"scope": "email profile",
|
||||
"clientId": "keycloak-client",
|
||||
"clientHost": "2.231.31.240",
|
||||
"email_verified": false,
|
||||
"preferred_username": "service-account-keycloak-client",
|
||||
"clientAddress": "2.231.31.240"
|
||||
}
|
@ -0,0 +1,36 @@
|
||||
{
|
||||
"exp": 1621962210,
|
||||
"iat": 1621960410,
|
||||
"jti": "ca223961-22a2-4171-af3e-f109749e83ea",
|
||||
"iss": "https://accounts.dev.d4science.org/auth/realms/d4science",
|
||||
"aud": "https://accounts.dev.d4science.org/auth/realms/d4science",
|
||||
"sub": "a47dfe16-b4ed-44ed-a1d9-97ecd504360c",
|
||||
"typ": "Refresh",
|
||||
"azp": "keycloak-client",
|
||||
"session_state": "1550e4ef-5a92-430d-aa0f-242e5f8048de",
|
||||
"authorization": {
|
||||
"permissions": [
|
||||
{
|
||||
"scopes": [
|
||||
"get"
|
||||
],
|
||||
"rsid": "249fd469-79c5-4b85-b195-f29b3eb60345",
|
||||
"rsname": "metadata"
|
||||
},
|
||||
{
|
||||
"scopes": [
|
||||
"get",
|
||||
"start",
|
||||
"terminate"
|
||||
],
|
||||
"rsid": "a6f3eade-7404-4e5d-9070-800adb5aac4e",
|
||||
"rsname": "workflow"
|
||||
},
|
||||
{
|
||||
"rsid": "1b6c00b7-9139-4eaa-aac7-20231fee05a5",
|
||||
"rsname": "Default Resource"
|
||||
}
|
||||
]
|
||||
},
|
||||
"scope": "email profile"
|
||||
}
|
@ -0,0 +1,9 @@
|
||||
{
|
||||
"upgraded": false,
|
||||
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJSSklZNEpoNF9qdDdvNmREY0NlUDFfS1l0akcxVExXVW9oMkQ2Tzk1bFNBIn0.eyJleHAiOjE2MjE5NjA3MTAsImlhdCI6MTYyMTk2MDQxMCwianRpIjoiNWEyYTIyNDAtOGEzMi00MGM5LThjYzItNDU2ZGQ4YjA4OWQ5IiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJjb25kdWN0b3Itc2VydmVyIiwic3ViIjoiYTQ3ZGZlMTYtYjRlZC00NGVkLWExZDktOTdlY2Q1MDQzNjBjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjE1NTBlNGVmLTVhOTItNDMwZC1hYTBmLTI0MmU1ZjgwNDhkZSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJJbmZyYXN0cnVjdHVyZS1DbGllbnQiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImtleWNsb2FrLWNsaWVudCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImdldCJdLCJyc2lkIjoiMjQ5ZmQ0NjktNzljNS00Yjg1LWIxOTUtZjI5YjNlYjYwMzQ1IiwicnNuYW1lIjoibWV0YWRhdGEifSx7InNjb3BlcyI6WyJnZXQiLCJzdGFydCIsInRlcm1pbmF0ZSJdLCJyc2lkIjoiYTZmM2VhZGUtNzQwNC00ZTVkLTkwNzAtODAwYWRiNWFhYzRlIiwicnNuYW1lIjoid29ya2Zsb3cifSx7InJzaWQiOiIxYjZjMDBiNy05MTM5LTRlYWEtYWFjNy0yMDIzMWZlZTA1YTUiLCJyc25hbWUiOiJEZWZhdWx0IFJlc291cmNlIn1dfSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiY2xpZW50SWQiOiJrZXljbG9hay1jbGllbnQiLCJjbGllbnRIb3N0IjoiMi4yMzEuMzEuMjQwIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQta2V5Y2xvYWstY2xpZW50IiwiY2xpZW50QWRkcmVzcyI6IjIuMjMxLjMxLjI0MCJ9.UKcREwcaJc9tpfUIsIfqbN-uON1lrtAcVQSoZan29hyQ-t8o6tjWS4-ix8JnWN8YBxU0Gbo1XcGx2NEnX7QCcAt9R46I9jpd5D9LBF-DF1G5zTVc1Cwm9-XcQ9vU_KDJ_qOzhcbPe1ZeAkYV4LpRXuPS7bBSUiNYExHoWBQTUTjNUc7rJRGWk14YKNjEgvri46RZw3ZZQ19JdjktyLz4WNGF8asSAmLXTeJ4q7O1kWttDzxjiz6QMW1378lYCb_GfXWsnAWbm7zpfz2-Fs3NmZO35BUw_jba_l_8Uog35X9qhsgcw2-_sWEB0vGLEHvz2zowpy70zjpoeHZYq6LeBw",
|
||||
"expires_in": 300,
|
||||
"refresh_expires_in": 1800,
|
||||
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjOTk5YmVjNC1iNDc4LTQ4Y2YtYmI5OS0wMWMxODY5NzcwNGIifQ.eyJleHAiOjE2MjE5NjIyMTAsImlhdCI6MTYyMTk2MDQxMCwianRpIjoiY2EyMjM5NjEtMjJhMi00MTcxLWFmM2UtZjEwOTc0OWU4M2VhIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5kZXYuZDRzY2llbmNlLm9yZy9hdXRoL3JlYWxtcy9kNHNjaWVuY2UiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmRldi5kNHNjaWVuY2Uub3JnL2F1dGgvcmVhbG1zL2Q0c2NpZW5jZSIsInN1YiI6ImE0N2RmZTE2LWI0ZWQtNDRlZC1hMWQ5LTk3ZWNkNTA0MzYwYyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJrZXljbG9hay1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiMTU1MGU0ZWYtNWE5Mi00MzBkLWFhMGYtMjQyZTVmODA0OGRlIiwiYXV0aG9yaXphdGlvbiI6eyJwZXJtaXNzaW9ucyI6W3sic2NvcGVzIjpbImdldCJdLCJyc2lkIjoiMjQ5ZmQ0NjktNzljNS00Yjg1LWIxOTUtZjI5YjNlYjYwMzQ1IiwicnNuYW1lIjoibWV0YWRhdGEifSx7InNjb3BlcyI6WyJnZXQiLCJzdGFydCIsInRlcm1pbmF0ZSJdLCJyc2lkIjoiYTZmM2VhZGUtNzQwNC00ZTVkLTkwNzAtODAwYWRiNWFhYzRlIiwicnNuYW1lIjoid29ya2Zsb3cifSx7InJzaWQiOiIxYjZjMDBiNy05MTM5LTRlYWEtYWFjNy0yMDIzMWZlZTA1YTUiLCJyc25hbWUiOiJEZWZhdWx0IFJlc291cmNlIn1dfSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0.63dE64hNYpxQRV-M5zOrLLWt9cehJI4DcIbHia977r4",
|
||||
"token_type": "Bearer",
|
||||
"not-before-policy": 1618317421
|
||||
}
|
Loading…
Reference in New Issue