From f7ab942a5c75b60e71af9503cdee7fe792d9d5c2 Mon Sep 17 00:00:00 2001 From: Mauro Mugnaini Date: Fri, 17 Dec 2021 17:56:56 +0100 Subject: [PATCH] Added refresh token from the encoded JWT form only of the `refresh_token` function; for public client types only. --- .../gcube/common/keycloak/DefaultKeycloakClient.java | 10 ++++++++++ .../org/gcube/common/keycloak/KeycloakClient.java | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java index 1f801aa..cb06ca1 100644 --- a/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java +++ b/src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java @@ -216,6 +216,16 @@ public class DefaultKeycloakClient implements KeycloakClient { return refreshToken(tokenURL, clientId, clientSecret, tokenResponse.getRefreshToken()); } + @Override + public TokenResponse refreshToken(String refreshTokenJWTString) throws KeycloakClientException { + try { + String clientId = ModelUtils.getClientIdFromToken(ModelUtils.getRefreshTokenFrom(refreshTokenJWTString)); + return refreshToken(clientId, refreshTokenJWTString); + } catch (Exception e) { + throw new KeycloakClientException("Cannot construct access token object from token response", e); + } + } + @Override public TokenResponse refreshToken(String clientId, String refreshTokenJWTString) throws KeycloakClientException { return refreshToken(clientId, null, refreshTokenJWTString); diff --git a/src/main/java/org/gcube/common/keycloak/KeycloakClient.java b/src/main/java/org/gcube/common/keycloak/KeycloakClient.java index a0a10e6..ba8a3e2 100644 --- a/src/main/java/org/gcube/common/keycloak/KeycloakClient.java +++ b/src/main/java/org/gcube/common/keycloak/KeycloakClient.java @@ -148,6 +148,18 @@ public interface KeycloakClient { TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException; + /** + * Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response. + * + * Client id will be read from "issued for" refresh token's claim and client secret will be not sent. + *
NOTE: For public clients types only. + * + * @param refreshTokenJWTString the previously issued refresh token JWT string taken from the same token response of the access token parameter + * @return the refreshed token as {@link TokenResponse} object + * @throws KeycloakClientException if something goes wrong performing the refresh query + */ + TokenResponse refreshToken(String refreshTokenJWTString) throws KeycloakClientException; + /** * Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided * client id and the refresh token JWT encoded string obtained with the access token in the previous token response.