Hi I want to be able to update the user password and some preferences from my web app, in order to update some of the user info from my portal i can see in the rest api that you need the user ID. I have a backend with java that should connect to my keycloak server once it gets the token KeycloakSecurityContext securityContext = (KeycloakSecurityContext) httpRequest .getAttribute(KeycloakSecurityContext.class.getName()); AccessToken accessToken = securityContext.getToken(); I dont know how to get info from the accesToken, or does the access token class already has methods to do that. I know this is more of a question of design. This part is not really clear for me. Thanks _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Where do you get sessionContext from? On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott(a)xigole.com&gt; wrote: > I use something like: > > import org.keycloak.KeycloakPrincipal; > import org.keycloak.KeycloakSecurityContext; > import org.keycloak.representations.IDToken; > > ... > > @Resource > private SessionContext sessionContext; > > ... > > @SuppressWarnings("unchecked") > KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); > IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); > > log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); > > > Not sure if that's the recommended way but it works well. > > > On 07/10/2015 04:48 PM, Juan Diego wrote: > > Hi > > I want to be able to update the user password and some preferences from > my web app, in order to update some of the user info from my portal i can > see in the rest api that you need the user ID. > I have a backend with java that should connect to my keycloak server > once it gets the token > > KeycloakSecurityContext securityContext = (KeycloakSecurityContext) > httpRequest > .getAttribute(KeycloakSecurityContext.class.getName()); > > AccessToken accessToken = securityContext.getToken(); > > I dont know how to get info from the accesToken, or does the access > token class already has methods to do that. I know this is more of a > question of design. This part is not really clear for me. > > Thanks > > > > _______________________________________________ > keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user > > > -- > Scott Dunbar > Xigole Systems, Inc. > Enterprise consulting, development, and hosting > 303·667·6343 > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >

It is injected into the bean - sorry, might not have been enough code before. A small example: import javax.annotation.Resource; import javax.annotation.security.RolesAllowed; import javax.ejb.SessionContext; import javax.ejb.Stateless; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakSecurityContext; import org.keycloak.representations.IDToken; @Path("/user") @Stateless public class UserService { private static final Log log = LogFactory.getLog(UserService.class); @Resource private SessionContext sessionContext; @Path("/getCurrentUserInfo") @Produces({ MediaType.APPLICATION_JSON }) @GET @RolesAllowed({"someRole"}) public Response getCurrentUser() { @SuppressWarnings("unchecked") KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); // your return is likely something more useful return Response.ok().build(); } } Your use case might be different but this is how it is working for me. Again, there may be a better way. On 07/10/2015 05:01 PM, Juan Diego wrote: Where do you get sessionContext from? On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott(a)xigole.com&gt; wrote: > I use something like: > > import org.keycloak.KeycloakPrincipal; > import org.keycloak.KeycloakSecurityContext; > import org.keycloak.representations.IDToken; > > ... > > @Resource > private SessionContext sessionContext; > > ... > > @SuppressWarnings("unchecked") > KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); > IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); > > log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); > > > Not sure if that's the recommended way but it works well. > > > On 07/10/2015 04:48 PM, Juan Diego wrote: > > Hi > > I want to be able to update the user password and some preferences from > my web app, in order to update some of the user info from my portal i can > see in the rest api that you need the user ID. > I have a backend with java that should connect to my keycloak server > once it gets the token > > KeycloakSecurityContext securityContext = (KeycloakSecurityContext) > httpRequest > .getAttribute(KeycloakSecurityContext.class.getName()); > > AccessToken accessToken = securityContext.getToken(); > > I dont know how to get info from the accesToken, or does the access > token class already has methods to do that. I know this is more of a > question of design. This part is not really clear for me. > > Thanks > > > > _______________________________________________ > keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user > > > -- > Scott Dunbar > Xigole Systems, Inc. > Enterprise consulting, development, and hosting > 303·667·6343 > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Scott Dunbar Xigole Systems, Inc. Enterprise consulting, development, and hosting 303·667·6343

I suggest to look into our demo, which handles this well and shows various info about user: https://github.com/keycloak/keycloak/tree/master/examples/demo-template By default, the User ID can be obtained directly from the principal (unless you're configure "principal-attribute" in your keycloak.json ) : String userId = kcPrincipal.getName(); From access token it can be obtained as well: String userId = accessToken.getSubject() See the example on how to retrieve more user data (but it's pretty straightforward from the getter methods. Like getter for email as Scott pointed) Marek On 11.7.2015 01:27, Juan Diego wrote: Are you identifying you user mainly by the email? On Fri, Jul 10, 2015 at 6:24 PM, Scott Dunbar <scott(a)xigole.com&gt; wrote: > It is injected into the bean - sorry, might not have been enough code > before. A small example: > > import javax.annotation.Resource; > import javax.annotation.security.RolesAllowed; > import javax.ejb.SessionContext; > import javax.ejb.Stateless; > import javax.ws.rs.GET; > import javax.ws.rs.Path; > import javax.ws.rs.Produces; > import javax.ws.rs.core.MediaType; > import javax.ws.rs.core.Response; > > import org.apache.commons.logging.Log; > import org.apache.commons.logging.LogFactory; > > import org.keycloak.KeycloakPrincipal; > import org.keycloak.KeycloakSecurityContext; > import org.keycloak.representations.IDToken; > > @Path("/user") > @Stateless > public class UserService { > private static final Log log = LogFactory.getLog(UserService.class); > > @Resource > private SessionContext sessionContext; > > @Path("/getCurrentUserInfo") > @Produces({ MediaType.APPLICATION_JSON }) > @GET > @RolesAllowed({"someRole"}) > public Response getCurrentUser() { > > @SuppressWarnings("unchecked") > KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); > IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); > > log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); > > // your return is likely something more useful > return Response.ok().build(); > } > } > > > Your use case might be different but this is how it is working for me. > Again, there may be a better way. > > > > > On 07/10/2015 05:01 PM, Juan Diego wrote: > > Where do you get sessionContext from? > > On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott(a)xigole.com&gt; wrote: > >> I use something like: >> >> import org.keycloak.KeycloakPrincipal; >> import org.keycloak.KeycloakSecurityContext; >> import org.keycloak.representations.IDToken; >> >> ... >> >> @Resource >> private SessionContext sessionContext; >> >> ... >> >> @SuppressWarnings("unchecked") >> KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); >> IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); >> >> log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); >> >> >> Not sure if that's the recommended way but it works well. >> >> >> On 07/10/2015 04:48 PM, Juan Diego wrote: >> >> Hi >> >> I want to be able to update the user password and some preferences from >> my web app, in order to update some of the user info from my portal i can >> see in the rest api that you need the user ID. >> I have a backend with java that should connect to my keycloak server >> once it gets the token >> >> KeycloakSecurityContext securityContext = (KeycloakSecurityContext) >> httpRequest >> .getAttribute(KeycloakSecurityContext.class.getName()); >> >> AccessToken accessToken = securityContext.getToken(); >> >> I dont know how to get info from the accesToken, or does the access >> token class already has methods to do that. I know this is more of a >> question of design. This part is not really clear for me. >> >> Thanks >> >> >> >> _______________________________________________ >> keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> -- >> Scott Dunbar >> Xigole Systems, Inc. >> Enterprise consulting, development, and hosting >> 303·667·6343 >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > -- > Scott Dunbar > Xigole Systems, Inc. > Enterprise consulting, development, and hosting > 303·667·6343 > _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user