[keycloak-user] Getting the user id from the access token

Marek Posolda mposolda at redhat.com
Sat Jul 11 04:54:36 EDT 2015 

I suggest to look into our demo, which handles this well and shows 
various info about user: 
https://github.com/keycloak/keycloak/tree/master/examples/demo-template

By default, the User ID can be obtained directly from the principal 
(unless you're configure "principal-attribute" in your keycloak.json ) :

String userId = kcPrincipal.getName();

 From access token it can be obtained as well:

String userId = accessToken.getSubject()

See the example on how to retrieve more user data (but it's pretty 
straightforward from the getter methods. Like getter for email as Scott 
pointed)

Marek

On 11.7.2015 01:27, Juan Diego wrote:
> Are you identifying you user mainly by the email?
>
> On Fri, Jul 10, 2015 at 6:24 PM, Scott Dunbar <scott at xigole.com 
> <mailto:scott at xigole.com>> wrote:
>
>     It is injected into the bean - sorry, might not have been enough
>     code before. A small example:
>
>     import javax.annotation.Resource;
>     import javax.annotation.security.RolesAllowed;
>     import javax.ejb.SessionContext;
>     import javax.ejb.Stateless;
>     import javax.ws.rs.GET;
>     import javax.ws.rs.Path;
>     import javax.ws.rs.Produces;
>     import javax.ws.rs.core.MediaType;
>     import javax.ws.rs.core.Response;
>
>     import org.apache.commons.logging.Log;
>     import org.apache.commons.logging.LogFactory;
>
>     import org.keycloak.KeycloakPrincipal;
>     import org.keycloak.KeycloakSecurityContext;
>     import org.keycloak.representations.IDToken;
>
>     @Path("/user")
>     @Stateless
>     public class UserService {
>          private static final Log log = LogFactory.getLog(UserService.class);
>
>          @Resource
>          private SessionContext sessionContext;
>
>          @Path("/getCurrentUserInfo")
>          @Produces({ MediaType.APPLICATION_JSON })
>          @GET
>          @RolesAllowed({"someRole"})
>          public Response getCurrentUser() {
>
>     	@SuppressWarnings("unchecked")
>              KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
>              IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();
>
>              log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
>
>              // your return is likely something more useful
>              return Response.ok().build();
>          }
>     }
>
>
>     Your use case might be different but this is how it is working for
>     me.  Again, there may be a better way.
>
>
>
>
>     On 07/10/2015 05:01 PM, Juan Diego wrote:
>>     Where do you get sessionContext from?
>>
>>     On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott at xigole.com
>>     <mailto:scott at xigole.com>> wrote:
>>
>>         I use something like:
>>
>>         import org.keycloak.KeycloakPrincipal;
>>         import org.keycloak.KeycloakSecurityContext;
>>         import org.keycloak.representations.IDToken;
>>
>>         ...
>>
>>         @Resource
>>         private SessionContext sessionContext;
>>
>>         ...
>>
>>         @SuppressWarnings("unchecked")
>>         KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
>>         IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();
>>
>>         log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
>>
>>
>>         Not sure if that's the recommended way but it works well.
>>
>>
>>         On 07/10/2015 04:48 PM, Juan Diego wrote:
>>>         Hi
>>>
>>>         I want to be able to update the user password and some
>>>         preferences from my web app, in order to update some of the
>>>         user info from my portal i can see in the rest api that you
>>>         need the user ID.
>>>         I have a backend with java that should connect to my
>>>         keycloak server once it gets the token
>>>
>>>         KeycloakSecurityContext securityContext =
>>>         (KeycloakSecurityContext) httpRequest
>>>         .getAttribute(KeycloakSecurityContext.class.getName());
>>>
>>>         AccessToken accessToken = securityContext.getToken();
>>>
>>>         I dont know how to get info from the accesToken, or does the
>>>         access token class already has methods to do that.  I know
>>>         this is more of a question of design.  This part is not
>>>         really clear for me.
>>>
>>>         Thanks
>>>
>>>
>>>
>>>         _______________________________________________
>>>         keycloak-user mailing list
>>>         keycloak-user at lists.jboss.org  <mailto:keycloak-user at lists.jboss.org>
>>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>         -- 
>>         Scott Dunbar
>>         Xigole Systems, Inc.
>>         Enterprise consulting, development, and hosting
>>         303·667·6343
>>
>>         _______________________________________________
>>         keycloak-user mailing list
>>         keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
>     -- 
>     Scott Dunbar
>     Xigole Systems, Inc.
>     Enterprise consulting, development, and hosting
>     303·667·6343
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150711/fbd5f10d/attachment.html

More information about the keycloak-user mailing list