<div dir="ltr">Hi Erik,<div><br></div><div>I did something similar but in my case I have the username as a form attribute in the request, so if it possible in your scenario to get the username as a string, this is one possible solution:</div><div><br></div>UserModel user = session.users().getUserByUsername(<b>username</b>, session.realms().getRealmByName(realm.getName()));<br><div><br></div><div>Not 100% sure if that's what you need, I hope it is :)</div><div><br></div><div>Regards,</div><div>Fab</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 17 December 2015 at 02:34, Erik Mulder <span dir="ltr"><<a href="mailto:erik.mulder@docdatapayments.com" target="_blank">erik.mulder@docdatapayments.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks, but I'm not sure I understand you correctly. Let me clearify:<br>
- I'm extending the Keycloak REST webservices with some custom<br>
resources, for instance:<br>
<a href="http://127.0.0.1:8080/auth/realms/" rel="noreferrer" target="_blank">http://127.0.0.1:8080/auth/realms/</a><realmId>/docdata/<myResource> (a<br>
piece of code from Pedro made this possible)<br>
- I'm implementing an SPI (also from Pedro's change) that gets a<br>
KeycloakSession object to 'work with'.<br>
- I do authenticate on the keycloak server using a token (OpenID<br>
Connect) that I got from a previous succesful login.<br>
- Somewhere in the Keycloak internals this token is validated and a<br>
User(Model/Session) is found that corresponds to this token.<br>
- <assumption>: This User is saved somewhere in the session context<br>
<br>
Now, my question is: How can I get hold of this User(Model/Session),<br>
given that I have just a KeycloakSession object?<br>
<br>
Through debugging I see that session.sessions() has a UserSessionEntity<br>
for my current request, but since there might be more at the same time,<br>
how can I relate my current request to the one User that is associated<br>
with it?<br>
<span class="im HOEnZb"><br>
<br>
<br>
On 16/12/15 15:52, Bill Burke wrote:<br>
> On 12/16/2015 9:37 AM, Erik Mulder wrote:<br>
>> Seems like a simple scenario, but I can't figure it out: I have an<br>
>> instance of the KeycloakSession and I want to get the UserModel for the<br>
>> current request. Is this possible?<br>
>><br>
>> Context: I'm creating a custom REST service that runs inside keycloak<br>
>> and needs to get some data that is related to the current authenticated<br>
>> user. For instance the realm and client I can get through the<br>
>> session.getContext().getClient/Realm(). I would expect a getUser() there<br>
>> too, but I can't find it anywhere 'in' the session.<br>
>><br>
>> If this isn't possible, shouldn't it be? Or if not, why not?<br>
>><br>
> I'm assuming this REST request is from a browser Javascript client?<br>
> Login sessions are maintained only through a cookie. You'd have to<br>
> login through the browser first, then read the cookie.<br>
><br>
> BTW, cookies are a really bad way of securing a REST interface. Your<br>
> REST interface becomes vulnerable to CSRF attacks. I suggest you use a<br>
> token to secure your REST interface. If you are already using<br>
> keycloak.js to login in, you can obtain the token from the Keycloak<br>
> javascript interface and use that to invoke your service.<br>
><br>
><br>
<br>
<br>
</span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>