Re: [keycloak-user] Get the user of the current request from the KeycloakSession?
Thanks, but I'm not sure I understand you correctly. Let me clearify:
- I'm extending the Keycloak REST webservices with some custom
resources, for instance:
http://127.0.0.1:8080/auth/realms/<realmId>/docdata/<myResource> (a
piece of code from Pedro made this possible)
- I'm implementing an SPI (also from Pedro's change) that gets a
KeycloakSession object to 'work with'.
- I do authenticate on the keycloak server using a token (OpenID
Connect) that I got from a previous succesful login.
- Somewhere in the Keycloak internals this token is validated and a
User(Model/Session) is found that corresponds to this token.
- <assumption>: This User is saved somewhere in the session context
Now, my question is: How can I get hold of this User(Model/Session),
given that I have just a KeycloakSession object?
Through debugging I see that session.sessions() has a UserSessionEntity
for my current request, but since there might be more at the same time,
how can I relate my current request to the one User that is associated
with it?
On 16/12/15 15:52, Bill Burke wrote:
On 12/16/2015 9:37 AM, Erik Mulder wrote:
> Seems like a simple scenario, but I can't figure it out: I have an
> instance of the KeycloakSession and I want to get the UserModel for the
> current request. Is this possible?
>
> Context: I'm creating a custom REST service that runs inside keycloak
> and needs to get some data that is related to the current authenticated
> user. For instance the realm and client I can get through the
> session.getContext().getClient/Realm(). I would expect a getUser() there
> too, but I can't find it anywhere 'in' the session.
>
> If this isn't possible, shouldn't it be? Or if not, why not?
>
I'm assuming this REST request is from a browser Javascript client?
Login sessions are maintained only through a cookie. You'd have to
login through the browser first, then read the cookie.
BTW, cookies are a really bad way of securing a REST interface. Your
REST interface becomes vulnerable to CSRF attacks. I suggest you use a
token to secure your REST interface. If you are already using
keycloak.js to login in, you can obtain the token from the Keycloak
javascript interface and use that to invoke your service.