Created
May 30, 2024 17:17
-
-
Save thomasdarimont/e2b095f457bef0475099818c60411703 to your computer and use it in GitHub Desktop.
Custom AccessTokenIntrospection https://github.com/thomasdarimont/keycloak-project-example/tree/main/keycloak/extensions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.github.thomasdarimont.keycloak.custom.oidc.introspection; | |
import com.google.auto.service.AutoService; | |
import jakarta.ws.rs.core.Response; | |
import lombok.extern.jbosslog.JBossLog; | |
import org.keycloak.events.EventBuilder; | |
import org.keycloak.models.KeycloakSession; | |
import org.keycloak.models.UserModel; | |
import org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider; | |
import org.keycloak.protocol.oidc.AccessTokenIntrospectionProviderFactory; | |
import org.keycloak.protocol.oidc.TokenIntrospectionProvider; | |
import org.keycloak.protocol.oidc.TokenIntrospectionProviderFactory; | |
import java.util.Map; | |
import java.util.Optional; | |
@JBossLog | |
public class CustomAccessTokenIntrospection extends AccessTokenIntrospectionProvider { | |
private final KeycloakSession session; | |
public CustomAccessTokenIntrospection(KeycloakSession session) { | |
super(session); | |
this.session = session; | |
} | |
@Override | |
public Response introspect(String token, EventBuilder eventBuilder) { | |
if (token.contains("azure")) { | |
// callout to azure token itnrosection | |
Optional<UserModel> first = session.users() | |
.searchForUserByUserAttributeStream(session.getContext().getRealm(), "azureTenant", "tenantid").findFirst(); | |
UserModel userModel = first.get(); | |
return Response.ok(Map.of("azure","data", "foo", userModel.getEmail())).build(); | |
} | |
log.infof("Custom token introspection. token=%s", token); | |
return super.introspect(token, eventBuilder); | |
} | |
@AutoService(TokenIntrospectionProviderFactory.class) | |
public static class Factory extends AccessTokenIntrospectionProviderFactory { | |
@Override | |
public TokenIntrospectionProvider create(KeycloakSession session) { | |
return new CustomAccessTokenIntrospection(session); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment