public IDToken verifyIDToken(RealmModel realm, String encodedIDToken) throws OAuthErrorException { JWSInput jws = new JWSInput(encodedIDToken); IDToken idToken = null; try { if (!RSAProvider.verify(jws, realm.getPublicKey())) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token"); } idToken = jws.readJsonContent(IDToken.class); } catch (IOException e) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Invalid refresh token", e); } if (idToken.isExpired()) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Refresh token expired"); } if (idToken.getIssuedAt() < realm.getNotBefore()) { throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token"); } return idToken; }
public AccessTokenResponseBuilder generateIDToken() { if (accessToken == null) { throw new IllegalStateException("accessToken not set"); } idToken = new IDToken(); idToken.id(KeycloakModelUtils.generateId()); idToken.subject(accessToken.getSubject()); idToken.audience(client.getClientId()); idToken.issuedNow(); idToken.issuedFor(accessToken.getIssuedFor()); idToken.issuer(accessToken.getIssuer()); idToken.setSessionState(accessToken.getSessionState()); if (realm.getAccessTokenLifespan() > 0) { idToken.expiration(Time.currentTime() + realm.getAccessTokenLifespan()); } transformIDToken( session, idToken, realm, client, userSession.getUser(), userSession, clientSession); return this; }
@Test public void testUnwrap() throws Exception { // just experimenting with unwrapped and any properties IDToken test = new IDToken(); test.getOtherClaims().put("phone_number", "978-666-0000"); test.getOtherClaims().put("email_verified", "true"); test.getOtherClaims().put("yo", "true"); Map<String, String> nested = new HashMap<String, String>(); nested.put("foo", "bar"); test.getOtherClaims().put("nested", nested); String json = JsonSerialization.writeValueAsPrettyString(test); System.out.println(json); test = JsonSerialization.readValue(json, IDToken.class); System.out.println("email_verified property: " + test.getEmailVerified()); System.out.println("property: " + test.getPhoneNumber()); System.out.println("map: " + test.getOtherClaims().get("phone_number")); Assert.assertNotNull(test.getPhoneNumber()); Assert.assertNotNull(test.getOtherClaims().get("yo")); Assert.assertNull(test.getOtherClaims().get("phone_number")); nested = (Map<String, String>) test.getOtherClaims().get("nested"); Assert.assertNotNull(nested); Assert.assertNotNull(nested.get("foo")); }