Example #1
0
  public IDToken verifyIDToken(RealmModel realm, String encodedIDToken) throws OAuthErrorException {
    JWSInput jws = new JWSInput(encodedIDToken);
    IDToken idToken = null;
    try {
      if (!RSAProvider.verify(jws, realm.getPublicKey())) {
        throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token");
      }
      idToken = jws.readJsonContent(IDToken.class);
    } catch (IOException e) {
      throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", e);
    }
    if (idToken.isExpired()) {
      throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Refresh token expired");
    }

    if (idToken.getIssuedAt() < realm.getNotBefore()) {
      throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token");
    }
    return idToken;
  }
Example #2
0
 public AccessTokenResponseBuilder generateIDToken() {
   if (accessToken == null) {
     throw new IllegalStateException("accessToken not set");
   }
   idToken = new IDToken();
   idToken.id(KeycloakModelUtils.generateId());
   idToken.subject(accessToken.getSubject());
   idToken.audience(client.getClientId());
   idToken.issuedNow();
   idToken.issuedFor(accessToken.getIssuedFor());
   idToken.issuer(accessToken.getIssuer());
   idToken.setSessionState(accessToken.getSessionState());
   if (realm.getAccessTokenLifespan() > 0) {
     idToken.expiration(Time.currentTime() + realm.getAccessTokenLifespan());
   }
   transformIDToken(
       session, idToken, realm, client, userSession.getUser(), userSession, clientSession);
   return this;
 }
Example #3
0
  @Test
  public void testUnwrap() throws Exception {
    // just experimenting with unwrapped and any properties
    IDToken test = new IDToken();
    test.getOtherClaims().put("phone_number", "978-666-0000");
    test.getOtherClaims().put("email_verified", "true");
    test.getOtherClaims().put("yo", "true");
    Map<String, String> nested = new HashMap<String, String>();
    nested.put("foo", "bar");
    test.getOtherClaims().put("nested", nested);
    String json = JsonSerialization.writeValueAsPrettyString(test);
    System.out.println(json);

    test = JsonSerialization.readValue(json, IDToken.class);
    System.out.println("email_verified property: " + test.getEmailVerified());
    System.out.println("property: " + test.getPhoneNumber());
    System.out.println("map: " + test.getOtherClaims().get("phone_number"));
    Assert.assertNotNull(test.getPhoneNumber());
    Assert.assertNotNull(test.getOtherClaims().get("yo"));
    Assert.assertNull(test.getOtherClaims().get("phone_number"));
    nested = (Map<String, String>) test.getOtherClaims().get("nested");
    Assert.assertNotNull(nested);
    Assert.assertNotNull(nested.get("foo"));
  }