libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Use the github /user/emails api endpoint if the github user did not set any public email.

Browse source 
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
This commit is contained in:
gregoirew 2017-11-11 15:49:22 +01:00 committed by Stian Thorgersen
parent a21a94078b
commit 13261b52db
1 changed files with 27 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
View file

@ -18,6 +18,8 @@
package org.keycloak.social.github; package org.keycloak.social.github;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import java.util.Iterator;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
@ -36,6 +38,7 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
public static final String AUTH_URL = "https://github.com/login/oauth/authorize"; public static final String AUTH_URL = "https://github.com/login/oauth/authorize";
public static final String TOKEN_URL = "https://github.com/login/oauth/access_token"; public static final String TOKEN_URL = "https://github.com/login/oauth/access_token";
public static final String PROFILE_URL = "https://api.github.com/user"; public static final String PROFILE_URL = "https://api.github.com/user";
public static final String EMAIL_URL = "https://api.github.com/user/emails";
public static final String DEFAULT_SCOPE = "user:email"; public static final String DEFAULT_SCOPE = "user:email";
public GitHubIdentityProvider(KeycloakSession session, OAuth2IdentityProviderConfig config) { public GitHubIdentityProvider(KeycloakSession session, OAuth2IdentityProviderConfig config) {
@ -78,12 +81,35 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
try { try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson(); JsonNode profile = SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
return extractIdentityFromProfile(null, profile); BrokeredIdentityContext user = extractIdentityFromProfile(null, profile);
if (user.getEmail() == null) {
user.setEmail(searchEmail(accessToken));
}
return user;
} catch (Exception e) { } catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user profile from github.", e); throw new IdentityBrokerException("Could not obtain user profile from github.", e);
} }
} }
private String searchEmail(String accessToken) {
try {
ArrayNode emails = (ArrayNode) SimpleHttp.doGet(EMAIL_URL, session).header("Authorization", "Bearer " + accessToken).asJson();
Iterator<JsonNode> loop = emails.elements();
while (loop.hasNext()) {
JsonNode mail = loop.next();
if (mail.get("primary").asBoolean()) {
return getJsonProperty(mail, "email");
}
}
} catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user email from github.", e);
}
throw new IdentityBrokerException("Primary email from github is not found.");
}
@Override @Override
protected String getDefaultScopes() { protected String getDefaultScopes() {
return DEFAULT_SCOPE; return DEFAULT_SCOPE;