[keycloak-user] Getting the user id from the access token
Juan Diego
juandiego83 at gmail.com
Mon Jul 13 12:57:07 EDT 2015
Ok, I was using getId() ok got it
On Sat, Jul 11, 2015 at 3:54 AM, Marek Posolda <mposolda at redhat.com> wrote:
> I suggest to look into our demo, which handles this well and shows
> various info about user:
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template
>
> By default, the User ID can be obtained directly from the principal
> (unless you're configure "principal-attribute" in your keycloak.json ) :
>
> String userId = kcPrincipal.getName();
>
> From access token it can be obtained as well:
>
> String userId = accessToken.getSubject()
>
> See the example on how to retrieve more user data (but it's pretty
> straightforward from the getter methods. Like getter for email as Scott
> pointed)
>
> Marek
>
>
> On 11.7.2015 01:27, Juan Diego wrote:
>
> Are you identifying you user mainly by the email?
>
> On Fri, Jul 10, 2015 at 6:24 PM, Scott Dunbar <scott at xigole.com> wrote:
>
>> It is injected into the bean - sorry, might not have been enough code
>> before. A small example:
>>
>> import javax.annotation.Resource;
>> import javax.annotation.security.RolesAllowed;
>> import javax.ejb.SessionContext;
>> import javax.ejb.Stateless;
>> import javax.ws.rs.GET;
>> import javax.ws.rs.Path;
>> import javax.ws.rs.Produces;
>> import javax.ws.rs.core.MediaType;
>> import javax.ws.rs.core.Response;
>>
>> import org.apache.commons.logging.Log;
>> import org.apache.commons.logging.LogFactory;
>>
>> import org.keycloak.KeycloakPrincipal;
>> import org.keycloak.KeycloakSecurityContext;
>> import org.keycloak.representations.IDToken;
>>
>> @Path("/user")
>> @Stateless
>> public class UserService {
>> private static final Log log = LogFactory.getLog(UserService.class);
>>
>> @Resource
>> private SessionContext sessionContext;
>>
>> @Path("/getCurrentUserInfo")
>> @Produces({ MediaType.APPLICATION_JSON })
>> @GET
>> @RolesAllowed({"someRole"})
>> public Response getCurrentUser() {
>>
>> @SuppressWarnings("unchecked")
>> KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
>> IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();
>>
>> log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
>>
>> // your return is likely something more useful
>> return Response.ok().build();
>> }
>> }
>>
>>
>> Your use case might be different but this is how it is working for me.
>> Again, there may be a better way.
>>
>>
>>
>>
>> On 07/10/2015 05:01 PM, Juan Diego wrote:
>>
>> Where do you get sessionContext from?
>>
>> On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott at xigole.com> wrote:
>>
>>> I use something like:
>>>
>>> import org.keycloak.KeycloakPrincipal;
>>> import org.keycloak.KeycloakSecurityContext;
>>> import org.keycloak.representations.IDToken;
>>>
>>> ...
>>>
>>> @Resource
>>> private SessionContext sessionContext;
>>>
>>> ...
>>>
>>> @SuppressWarnings("unchecked")
>>> KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
>>> IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();
>>>
>>> log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
>>>
>>>
>>> Not sure if that's the recommended way but it works well.
>>>
>>>
>>> On 07/10/2015 04:48 PM, Juan Diego wrote:
>>>
>>> Hi
>>>
>>> I want to be able to update the user password and some preferences from
>>> my web app, in order to update some of the user info from my portal i can
>>> see in the rest api that you need the user ID.
>>> I have a backend with java that should connect to my keycloak server
>>> once it gets the token
>>>
>>> KeycloakSecurityContext securityContext = (KeycloakSecurityContext)
>>> httpRequest
>>> .getAttribute(KeycloakSecurityContext.class.getName());
>>>
>>> AccessToken accessToken = securityContext.getToken();
>>>
>>> I dont know how to get info from the accesToken, or does the access
>>> token class already has methods to do that. I know this is more of a
>>> question of design. This part is not really clear for me.
>>>
>>> Thanks
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> --
>>> Scott Dunbar
>>> Xigole Systems, Inc.
>>> Enterprise consulting, development, and hosting
>>> 303·667·6343
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>> --
>> Scott Dunbar
>> Xigole Systems, Inc.
>> Enterprise consulting, development, and hosting
>> 303·667·6343
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150713/aef8e3b3/attachment.html
More information about the keycloak-user
mailing list