@GET
@Path("/set-oidc-request")
@Produces(org.keycloak.utils.MediaType.APPLICATION_JWT)
@NoCache
public void setOIDCRequest(
@QueryParam("realmName") String realmName,
@QueryParam("clientId") String clientId,
@QueryParam("redirectUri") String redirectUri,
@QueryParam("maxAge") String maxAge,
@QueryParam("jwaAlgorithm") String jwaAlgorithm) {
Map<String, Object> oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, clientId);
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri);
if (maxAge != null) {
oidcRequest.put(OIDCLoginProtocol.MAX_AGE_PARAM, Integer.parseInt(maxAge));
}
Algorithm alg = Enum.valueOf(Algorithm.class, jwaAlgorithm);
if (alg == Algorithm.none) {
clientData.setOidcRequest(new JWSBuilder().jsonContent(oidcRequest).none());
} else if (alg == Algorithm.RS256) {
if (clientData.getSigningKeyPair() == null) {
throw new BadRequestException("Requested RS256, but signing key not set");
}
PrivateKey privateKey = clientData.getSigningKeyPair().getPrivate();
String kid = KeyUtils.createKeyId(clientData.getSigningKeyPair().getPublic());
clientData.setOidcRequest(
new JWSBuilder().kid(kid).jsonContent(oidcRequest).rsa256(privateKey));
} else {
throw new BadRequestException("Unknown argument: " + jwaAlgorithm);
}
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/generate-keys")
@NoCache
public Map<String, String> generateKeys() {
try {
KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048);
clientData.setSigningKeyPair(keyPair);
} catch (Exception e) {
throw new BadRequestException("Error generating signing keypair", e);
}
return getKeysAsPem();
}
