[keycloak-user] IdentityProvider access to AuthenticationSession
Ronaldo Hideki Yamada
ronaldo.yamada at serpro.gov.br
Wed Jul 31 16:32:31 EDT 2019
Hi people,
I was implementing a PKCE handshake with an OAUTH provider, everything works, but by now my codeVerifier is static!
On method createAuthorizationUrl I can get a instance from request.getAuthenticationSession(), but on inner class I cant.
I need access to a instance of AuthenticationSession on Endpoint inner class. to retrieve an random string.
Some ideas?
==== Some parts of my code ======================
...
public class NeoIDProvider extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
public final static String codeVerifier = NeoIDUtil.S256("neoid");
public NeoIDProvider(KeycloakSession session, OIDCIdentityProviderConfig config) {
super(session, config);
}
@Override
protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
return super.createAuthorizationUrl(request).queryParam("code_challenge", NeoIDUtil.S256(codeVerifier))
.queryParam("code_challenge_method", "S256");
}
@Override
public Object callback(RealmModel realm, AuthenticationCallback callback, EventBuilder event) {
return new Endpoint(callback, realm, event) {
@Override
public SimpleHttp generateTokenRequest(String authorizationCode) {
return super.generateTokenRequest(authorizationCode)
.param("code_verifier", codeVerifier);
}
};
}
...
======================================================
Ronaldo Hideki Yamada
Analista
Superintendência de Prod e Serviços-Eng de Infra de Tecnologia da Informação
Diretoria de Operações
(11)2173-1797
-
"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."
"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
More information about the keycloak-user
mailing list