<div dir="ltr">There's no way to get the user from the KeycloakContext. Some endpoints rely on bearer token for authentication (admin endpoints), some on the server-side cookie (account) and others use a special code in the query params (authentication flows).<div><br></div><div>Assuming you are creating a REST endpoint that requires authentication using a bearer token you need to manually extract and verify the token. This is how the admin endpoints does it:</div><div><a href="https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java#L139">https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java#L139</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 17 December 2015 at 10:06, Erik Mulder <span dir="ltr"><<a href="mailto:erik.mulder@docdatapayments.com" target="_blank">erik.mulder@docdatapayments.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Thanks Fabricio, that sounds like the
sort of thing I'm looking for, but I have nothing else in scope
than the KeycloakSession object.<br>
@Bill: My question is independent from the changes of Pedro.<br>
<br>
So let's try it once more: how can I get the User(Model) of the
authenticated user of the current request, if I just have a
reference to the KeycloakSession? It seems to me that this should
be possible, but there seems to be no way to do it. Maybe there
should be a getUser() added on the KeycloakContext?<div><div class="h5"><br>
<br>
<br>
On 16/12/15 22:40, Fabricio Milone wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Hi Erik,
<div><br>
</div>
<div>I did something similar but in my case I have the username
as a form attribute in the request, so if it possible in your
scenario to get the username as a string, this is one possible
solution:</div>
<div><br>
</div>
UserModel user = session.users().getUserByUsername(<b>username</b>,
session.realms().getRealmByName(realm.getName()));<br>
<div><br>
</div>
<div>Not 100% sure if that's what you need, I hope it is :)</div>
<div><br>
</div>
<div>Regards,</div>
<div>Fab</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 17 December 2015 at 02:34, Erik
Mulder <span dir="ltr"><<a href="mailto:erik.mulder@docdatapayments.com" target="_blank">erik.mulder@docdatapayments.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks,
but I'm not sure I understand you correctly. Let me
clearify:<br>
- I'm extending the Keycloak REST webservices with some
custom<br>
resources, for instance:<br>
<a href="http://127.0.0.1:8080/auth/realms/" rel="noreferrer" target="_blank">http://127.0.0.1:8080/auth/realms/</a><realmId>/docdata/<myResource>
(a<br>
piece of code from Pedro made this possible)<br>
- I'm implementing an SPI (also from Pedro's change) that
gets a<br>
KeycloakSession object to 'work with'.<br>
- I do authenticate on the keycloak server using a token
(OpenID<br>
Connect) that I got from a previous succesful login.<br>
- Somewhere in the Keycloak internals this token is
validated and a<br>
User(Model/Session) is found that corresponds to this token.<br>
- <assumption>: This User is saved somewhere in the
session context<br>
<br>
Now, my question is: How can I get hold of this
User(Model/Session),<br>
given that I have just a KeycloakSession object?<br>
<br>
Through debugging I see that session.sessions() has a
UserSessionEntity<br>
for my current request, but since there might be more at the
same time,<br>
how can I relate my current request to the one User that is
associated<br>
with it?<br>
<span><br>
<br>
<br>
On 16/12/15 15:52, Bill Burke wrote:<br>
> On 12/16/2015 9:37 AM, Erik Mulder wrote:<br>
>> Seems like a simple scenario, but I can't figure
it out: I have an<br>
>> instance of the KeycloakSession and I want to get
the UserModel for the<br>
>> current request. Is this possible?<br>
>><br>
>> Context: I'm creating a custom REST service that
runs inside keycloak<br>
>> and needs to get some data that is related to the
current authenticated<br>
>> user. For instance the realm and client I can get
through the<br>
>> session.getContext().getClient/Realm(). I would
expect a getUser() there<br>
>> too, but I can't find it anywhere 'in' the
session.<br>
>><br>
>> If this isn't possible, shouldn't it be? Or if
not, why not?<br>
>><br>
> I'm assuming this REST request is from a browser
Javascript client?<br>
> Login sessions are maintained only through a cookie.
You'd have to<br>
> login through the browser first, then read the
cookie.<br>
><br>
> BTW, cookies are a really bad way of securing a REST
interface. Your<br>
> REST interface becomes vulnerable to CSRF attacks. I
suggest you use a<br>
> token to secure your REST interface. If you are
already using<br>
> keycloak.js to login in, you can obtain the token
from the Keycloak<br>
> javascript interface and use that to invoke your
service.<br>
><br>
><br>
<br>
<br>
</span>
<div>
<div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>