There's no way to get the user from the KeycloakContext. Some endpoints rely on bearer token for authentication (admin endpoints), some on the server-side cookie (account) and others use a special code in the query params (authentication flows).

Assuming you are creating a REST endpoint that requires authentication using a bearer token you need to manually extract and verify the token. This is how the admin endpoints does it:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java#L139

On 17 December 2015 at 10:06, Erik Mulder <erik.mulder@docdatapayments.com> wrote:
Thanks Fabricio, that sounds like the sort of thing I'm looking for, but I have nothing else in scope than the KeycloakSession object.
@Bill: My question is independent from the changes of Pedro.

So let's try it once more: how can I get the User(Model) of the authenticated user of the current request, if I just have a reference to the KeycloakSession? It seems to me that this should be possible, but there seems to be no way to do it. Maybe there should be a getUser() added on the KeycloakContext?



On 16/12/15 22:40, Fabricio Milone wrote:
Hi Erik,

I did something similar but in my case I have the username as a form attribute in the request, so if it possible in your scenario to get the username as a string, this is one possible solution:

UserModel user = session.users().getUserByUsername(username, session.realms().getRealmByName(realm.getName()));

Not 100% sure if that's what you need, I hope it is :)

Regards,
Fab

On 17 December 2015 at 02:34, Erik Mulder <erik.mulder@docdatapayments.com> wrote:
Thanks, but I'm not sure I understand you correctly. Let me clearify:
- I'm extending the Keycloak REST webservices with some custom
resources, for instance:
http://127.0.0.1:8080/auth/realms/<realmId>/docdata/<myResource> (a
piece of code from Pedro made this possible)
- I'm implementing an SPI (also from Pedro's change) that gets a
KeycloakSession object to 'work with'.
- I do authenticate on the keycloak server using a token (OpenID
Connect) that I got from a previous succesful login.
- Somewhere in the Keycloak internals this token is validated and a
User(Model/Session) is found that corresponds to this token.
- <assumption>: This User is saved somewhere in the session context

Now, my question is: How can I get hold of this User(Model/Session),
given that I have just a KeycloakSession object?

Through debugging I see that session.sessions() has a UserSessionEntity
for my current request, but since there might be more at the same time,
how can I relate my current request to the one User that is associated
with it?



On 16/12/15 15:52, Bill Burke wrote:
> On 12/16/2015 9:37 AM, Erik Mulder wrote:
>> Seems like a simple scenario, but I can't figure it out: I have an
>> instance of the KeycloakSession and I want to get the UserModel for the
>> current request. Is this possible?
>>
>> Context: I'm creating a custom REST service that runs inside keycloak
>> and needs to get some data that is related to the current authenticated
>> user. For instance the realm and client I can get through the
>> session.getContext().getClient/Realm(). I would expect a getUser() there
>> too, but I can't find it anywhere 'in' the session.
>>
>> If this isn't possible, shouldn't it be? Or if not, why not?
>>
> I'm assuming this REST request is from a browser Javascript client?
> Login sessions are maintained only through a cookie.  You'd have to
> login through the browser first, then read the cookie.
>
> BTW, cookies are a really bad way of securing a REST interface.  Your
> REST interface becomes vulnerable to CSRF attacks.  I suggest you use a
> token to secure your REST interface.  If you are already using
> keycloak.js to login in, you can obtain the token from the Keycloak
> javascript interface and use that to invoke your service.
>
>


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user