public Response redirectAccessCode(
AccessCodeEntry accessCode,
UserSessionModel session,
String state,
String redirect,
boolean rememberMe) {
String code = accessCode.getCode();
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code);
log.debugv("redirectAccessCode: state: {0}", state);
if (state != null) redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
Cookie remember =
request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
rememberMe = rememberMe || remember != null;
// refresh the cookies!
authManager.createLoginCookie(realm, accessCode.getUser(), session, uriInfo, rememberMe);
if (rememberMe) authManager.createRememberMeCookie(realm, uriInfo);
return location.build();
}
public Response processAccessCode(
String scopeParam,
String state,
String redirect,
ClientModel client,
UserModel user,
UserSessionModel session,
String username,
boolean rememberMe,
String authMethod,
Audit audit) {
isTotpConfigurationRequired(user);
isEmailVerificationRequired(user);
boolean isResource = client instanceof ApplicationModel;
AccessCodeEntry accessCode =
tokenManager.createAccessCode(scopeParam, state, redirect, realm, client, user, session);
accessCode.setUsername(username);
accessCode.setRememberMe(rememberMe);
accessCode.setAuthMethod(authMethod);
log.debugv("processAccessCode: isResource: {0}", isResource);
log.debugv(
"processAccessCode: go to oauth page?: {0}",
(!isResource
&& (accessCode.getRealmRolesRequested().size() > 0
|| accessCode.getResourceRolesRequested().size() > 0)));
audit.detail(Details.CODE_ID, accessCode.getId());
Set<RequiredAction> requiredActions = user.getRequiredActions();
if (!requiredActions.isEmpty()) {
accessCode.setRequiredActions(new HashSet<UserModel.RequiredAction>(requiredActions));
accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
RequiredAction action = user.getRequiredActions().iterator().next();
if (action.equals(RequiredAction.VERIFY_EMAIL)) {
audit
.clone()
.event(EventType.SEND_VERIFY_EMAIL)
.detail(Details.EMAIL, accessCode.getUser().getEmail())
.success();
}
return Flows.forms(providerSession, realm, uriInfo)
.setAccessCode(accessCode.getId(), accessCode.getCode())
.setUser(user)
.createResponse(action);
}
if (!isResource
&& (accessCode.getRealmRolesRequested().size() > 0
|| accessCode.getResourceRolesRequested().size() > 0)) {
accessCode.setExpiration(Time.currentTime() + realm.getAccessCodeLifespanUserAction());
return Flows.forms(providerSession, realm, uriInfo)
.setAccessCode(accessCode.getId(), accessCode.getCode())
.setAccessRequest(
accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested())
.setClient(client)
.createOAuthGrant();
}
if (redirect != null) {
audit.success();
return redirectAccessCode(accessCode, session, state, redirect, rememberMe);
} else {
return null;
}
}