Hi, Given that request is an instance of HttpServletRequest you can access the security context like that KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); If there is a refresh tokena and you need access to that: RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); If there is no refresh token and you only want to access the other token: KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext(); Here is an example on how to get the access and id token: KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken()); String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken()); In order to also get the refresh token you can try the following: RefreshToken refreshToken; try { refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class); } catch (JWSInputException e) { throw new IOException(e); } String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken); Hope this helps. Kind regards, Herbert Herbert Mühlburger Senior System Engineer T +43 316 8003 F +43 316 8003 1080 BearingPoint Technology GmbH Seering 6, Block B 8141 Premstätten Austria herbert.muehlburger(a)bearingpoint.com www.bearingpoint.com ________________________________________ Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; im Auftrag von Alik Elzin <kilaka(a)gmail.com&gt; Gesendet: Montag, 02. Oktober 2017 07:06 An: keycloak-user(a)lists.jboss.org Cc: Ben.david(a)hpe.com Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc? Hi. In Keycloak's account-linking <http://www.keycloak.org/docs/3.2/server_development/topics/identity-broke... documentation, there's a code snippet: KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()). Why would the KeycloakSecurityContext be set in the httpServletRequest? Where does this code should run? In what context? Thanks. * Also posted the question in SO: https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecurit... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user ________________________________ BearingPoint Technology GmbH Sitz: Premstätten bei Graz Firmenbuchgericht: Landesgericht für ZRS Graz Firmenbuchnummer: FN 44354b The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.

Hi,​ The context is an example implementation of a Spring Boot App Controller method like the following: @GetMapping("/products") public String getProducts(HttpServletRequest request, Model model) throws IOException { KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext(); String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken()); String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken()); RefreshToken refreshToken; try { refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class); } catch (JWSInputException e) { throw new IOException(e); } String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken); model.addAttribute("idToken", idTokenPretty); model.addAttribute("accessToken", accessTokenPretty); model.addAttribute("refreshToken", refreshTokenPretty); model.addAttribute("products", productService.getProducts()); return "products"; } ​Kind regards, Herbert​ ________________________________ Von: Alik Elzin <kilaka(a)gmail.com&gt; Gesendet: Montag, 02. Oktober 2017 12:35 An: Muehlburger, Herbert Cc: keycloak-user(a)lists.jboss.org Betreff: Re: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc? I'm missing the whole context here. Where does this code should run? In what context? On Mon, Oct 2, 2017 at 10:12 AM, Muehlburger, Herbert <herbert.muehlburger@bearingpoint.com<mailto:herbert.muehlburger@bearingpoint.com>> wrote: Hi, Given that request is an instance of HttpServletRequest you can access the security context like that KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); If there is a refresh tokena and you need access to that: RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); If there is no refresh token and you only want to access the other token: KeycloakSecurityContext context = token.getAccount().getKeycloakSecurityContext(); Here is an example on how to get the access and id token: KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) request.getUserPrincipal(); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) token.getAccount().getKeycloakSecurityContext(); String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getToken()); String idTokenPretty = JsonSerialization.writeValueAsPrettyString(session.getIdToken()); In order to also get the refresh token you can try the following: RefreshToken refreshToken; try { refreshToken = new JWSInput(session.getRefreshToken()).readJsonContent(RefreshToken.class); } catch (JWSInputException e) { throw new IOException(e); } String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken); Hope this helps. Kind regards, Herbert Herbert Mühlburger Senior System Engineer T +43 316 8003<tel:%2B43%20316%208003> F +43 316 8003 1080<tel:%2B43%20316%208003%201080> BearingPoint Technology GmbH Seering 6, Block B 8141 Premstätten Austria herbert.muehlburger@bearingpoint.com<mailto:herbert.muehlburger@bearingpoint.com> www.bearingpoint.com<http://www.bearingpoint.com> ________________________________________ Von: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org> <keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>> im Auftrag von Alik Elzin <kilaka@gmail.com<mailto:kilaka@gmail.com>> Gesendet: Montag, 02. Oktober 2017 07:06 An: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Cc: Ben.david@hpe.com<mailto:Ben.david@hpe.com> Betreff: [keycloak-user] How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc? Hi. In Keycloak's account-linking <http://www.keycloak.org/docs/3.2/server_development/topics/identity-broke... documentation, there's a code snippet: KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()). Why would the KeycloakSecurityContext be set in the httpServletRequest? Where does this code should run? In what context? Thanks. * Also posted the question in SO: https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecurit... _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user ________________________________ BearingPoint Technology GmbH Sitz: Premstätten bei Graz Firmenbuchgericht: Landesgericht für ZRS Graz Firmenbuchnummer: FN 44354b The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user ________________________________ BearingPoint Technology GmbH Sitz: Premstätten bei Graz Firmenbuchgericht: Landesgericht für ZRS Graz Firmenbuchnummer: FN 44354b The information in this email is confidential and may be legally privileged. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.