Re: [keycloak-user] Getting the user id from the access token

Are you identifying you user mainly by the email? On Fri, Jul 10, 2015 at 6:24 PM, Scott Dunbar <scott(a)xigole.com <mailto:scott@xigole.com>> wrote: It is injected into the bean - sorry, might not have been enough code before. A small example: import javax.annotation.Resource; import javax.annotation.security.RolesAllowed; import javax.ejb.SessionContext; import javax.ejb.Stateless; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakSecurityContext; import org.keycloak.representations.IDToken; @Path("/user") @Stateless public class UserService { private static final Log log = LogFactory.getLog(UserService.class); @Resource private SessionContext sessionContext; @Path("/getCurrentUserInfo") @Produces({ MediaType.APPLICATION_JSON }) @GET @RolesAllowed({"someRole"}) public Response getCurrentUser() { @SuppressWarnings("unchecked") KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); // your return is likely something more useful return Response.ok().build(); } } Your use case might be different but this is how it is working for me. Again, there may be a better way. On 07/10/2015 05:01 PM, Juan Diego wrote: > Where do you get sessionContext from? > > On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott(a)xigole.com > <mailto:scott@xigole.com>> wrote: > > I use something like: > > import org.keycloak.KeycloakPrincipal; > import org.keycloak.KeycloakSecurityContext; > import org.keycloak.representations.IDToken; > > ... > > @Resource > private SessionContext sessionContext; > > ... > > @SuppressWarnings("unchecked") > KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); > IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); > > log.debug( "email from token is \"" + idToken.getEmail() + "\"" ); > > > Not sure if that's the recommended way but it works well. > > > On 07/10/2015 04:48 PM, Juan Diego wrote: >> Hi >> >> I want to be able to update the user password and some >> preferences from my web app, in order to update some of the >> user info from my portal i can see in the rest api that you >> need the user ID. >> I have a backend with java that should connect to my >> keycloak server once it gets the token >> >> KeycloakSecurityContext securityContext = >> (KeycloakSecurityContext) httpRequest >> .getAttribute(KeycloakSecurityContext.class.getName()); >> >> AccessToken accessToken = securityContext.getToken(); >> >> I dont know how to get info from the accesToken, or does the >> access token class already has methods to do that. I know >> this is more of a question of design. This part is not >> really clear for me. >> >> Thanks >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > -- > Scott Dunbar > Xigole Systems, Inc. > Enterprise consulting, development, and hosting > 303·667·6343 > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > -- Scott Dunbar Xigole Systems, Inc. Enterprise consulting, development, and hosting 303·667·6343 _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user