Add information about token expiry to events
Closes #28311 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
parent
e7a4635620
commit
0e1a7c6f8e
2 changed files with 15 additions and 0 deletions
|
@ -100,4 +100,6 @@ public interface Details {
|
|||
|
||||
String LOGOUT_TRIGGERED_BY_ACTION_TOKEN = "logout_triggered_by_action_token";
|
||||
String LOGOUT_TRIGGERED_BY_REQUIRED_ACTION = "logout_triggered_by_required_action";
|
||||
String ACCESS_TOKEN_EXPIRATION_TIME = "access_token_expiration_time";
|
||||
String AGE_OF_REFRESH_TOKEN = "age_of_refresh_token";
|
||||
}
|
||||
|
|
|
@ -99,6 +99,7 @@ import org.keycloak.util.TokenUtil;
|
|||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
|
@ -438,6 +439,8 @@ public class TokenManager {
|
|||
responseBuilder.generateIDToken().generateAccessTokenHash();
|
||||
}
|
||||
|
||||
storeRefreshTimingInformation(event, refreshToken, validation.newToken);
|
||||
|
||||
return responseBuilder;
|
||||
}
|
||||
|
||||
|
@ -456,6 +459,16 @@ public class TokenManager {
|
|||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Store information to identify early token refreshes of clients which stress the IAM system.
|
||||
*/
|
||||
private void storeRefreshTimingInformation(EventBuilder event, RefreshToken refreshToken, AccessToken newToken) {
|
||||
long expirationAccessToken = newToken.getExp() - newToken.getIat();
|
||||
long ageOfRefreshToken = newToken.getIat() - refreshToken.getIat();
|
||||
event.detail(Details.ACCESS_TOKEN_EXPIRATION_TIME, Long.toString(expirationAccessToken));
|
||||
event.detail(Details.AGE_OF_REFRESH_TOKEN, Long.toString(ageOfRefreshToken));
|
||||
}
|
||||
|
||||
private void validateTokenReuseForRefresh(KeycloakSession session, RealmModel realm, RefreshToken refreshToken,
|
||||
TokenValidation validation) throws OAuthErrorException {
|
||||
if (realm.isRevokeRefreshToken()) {
|
||||
|
|
Loading…
Reference in a new issue