KEYCLOAK-5518

services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java

@@ -591,7 +591,8 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
 
             BrokeredIdentityContext context = extractIdentity(null, idTokenType ? null : subjectToken, parsedToken);
             if (context == null) {
-                logger.debug("Failed to extractIdentity() from id token.  Disabling User Info service might fix this");
+                event.detail(Details.REASON, "Failed to extract identity from token");
+                event.error(Errors.INVALID_TOKEN);
                 throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
 
             }

services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java

@@ -24,11 +24,13 @@ import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.social.SocialIdentityProvider;
+import org.keycloak.events.EventBuilder;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.representations.IDToken;
 import org.keycloak.representations.JsonWebToken;
 
+import javax.ws.rs.core.MultivaluedMap;
 import java.io.IOException;
 
 /**
@@ -98,6 +100,12 @@ public class GitLabIdentityProvider extends OIDCIdentityProvider  implements Soc
 		return identity;
 	}
 
+	@Override
+	public BrokeredIdentityContext exchangeExternal(EventBuilder event, MultivaluedMap<String, String> params) {
+		return null;
+	}
+
+
 
 
 

services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java

@@ -16,13 +16,32 @@
  */
 package org.keycloak.social.google;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.OAuthErrorException;
+import org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider;
 import org.keycloak.broker.oidc.OIDCIdentityProvider;
 import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+import org.keycloak.broker.provider.BrokeredIdentityContext;
+import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.social.SocialIdentityProvider;
 import org.keycloak.common.ClientConnection;
 import org.keycloak.common.util.KeycloakUriBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventBuilder;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.representations.AccessTokenResponse;
+import org.keycloak.representations.IDToken;
+import org.keycloak.representations.JsonWebToken;
+import org.keycloak.services.ErrorResponseException;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -60,4 +79,43 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
         return uri;
     }
 
+    protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken) throws IOException {
+        String id = idToken.getSubject();
+        BrokeredIdentityContext identity = new BrokeredIdentityContext(id);
+        String name = (String) idToken.getOtherClaims().get(IDToken.NAME);
+        String preferredUsername = (String) idToken.getOtherClaims().get(getUsernameClaimName());
+        String email = (String) idToken.getOtherClaims().get(IDToken.EMAIL);
+
+         identity.getContextData().put(VALIDATED_ID_TOKEN, idToken);
+
+        identity.setId(id);
+        identity.setName(name);
+        identity.setEmail(email);
+
+        identity.setBrokerUserId(getConfig().getAlias() + "." + id);
+
+        if (preferredUsername == null) {
+            preferredUsername = email;
+        }
+
+        if (preferredUsername == null) {
+            preferredUsername = id;
+        }
+
+        identity.setUsername(preferredUsername);
+        if (tokenResponse != null && tokenResponse.getSessionState() != null) {
+            identity.setBrokerSessionId(getConfig().getAlias() + "." + tokenResponse.getSessionState());
+        }
+        if (tokenResponse != null) identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse);
+        if (tokenResponse != null) processAccessTokenResponse(identity, tokenResponse);
+        return identity;
+    }
+
+
+    @Override
+    public BrokeredIdentityContext exchangeExternal(EventBuilder event, MultivaluedMap<String, String> params) {
+        return null;
+    }
+
+
 }