Re: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

Hi, Given that request is an instance of HttpServletRequest you can access the security context like that KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); If there is a refresh tokena and you need access to that: RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); If there is no refresh token and you only want to access the other token: KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext(); Here is an example on how to get the access and id token: KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken()); String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken()); In order to also get the refresh token you can try the following: RefreshToken refreshToken; try { refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class); } catch (JWSInputException e) { throw new IOException(e); } String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken); Hope this helps. Kind regards, Herbert Herbert Mühlburger Senior System Engineer T +43 316 8003 F +43 316 8003 1080 BearingPoint Technology GmbH Seering 6, Block B 8141 Premstätten Austria herbert.muehlburger(a)bearingpoint.com www.bearingpoint.com ________________________________________ Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; im Auftrag von Alik Elzin <kilaka(a)gmail.com&gt; Gesendet: Montag, 02. Oktober 2017 07:06 An: keycloak-user(a)lists.jboss.org Cc: Ben.david(a)hpe.com Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc? Hi. In Keycloak's account-linking <http://www.keycloak.org/docs/3.2/server_development/topics/identity-broke... documentation, there's a code snippet: KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()). Why would the KeycloakSecurityContext be set in the httpServletRequest? Where does this code should run? In what context? Thanks. * Also posted the question in SO: https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecurit... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user ________________________________ BearingPoint Technology GmbH Sitz: Premstätten bei Graz Firmenbuchgericht: Landesgericht für ZRS Graz Firmenbuchnummer: FN 44354b The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.