From 21da25e1462284c01ed9b0847daeb8f32385f96d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurids=20M=C3=B8ller=20Jepsen?= Date: Mon, 21 Oct 2024 13:19:15 +0200 Subject: [PATCH] Support RAR (Rich Authorization Request) for ClientCredentialsGrantType via protocol mapper until RAR is fully implemented. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set authorization_details in a client note in ClientCredentialsGrantType so it can be accessed from a protocol mapper. Closes #32488 Signed-off-by: Laurids Møller Jepsen --- .../org/keycloak/protocol/oidc/OIDCLoginProtocol.java | 1 + .../oidc/grants/ClientCredentialsGrantType.java | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java index 37e2407c08..0bcae1ef42 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java @@ -80,6 +80,7 @@ public class OIDCLoginProtocol implements LoginProtocol { public static final String LOGIN_PROTOCOL = "openid-connect"; public static final String STATE_PARAM = "state"; public static final String SCOPE_PARAM = "scope"; + public static final String AUTHORIZATION_DETAILS_PARAM = "authorization_details"; public static final String CODE_PARAM = "code"; public static final String RESPONSE_TYPE_PARAM = "response_type"; public static final String GRANT_TYPE_PARAM = "grant_type"; diff --git a/services/src/main/java/org/keycloak/protocol/oidc/grants/ClientCredentialsGrantType.java b/services/src/main/java/org/keycloak/protocol/oidc/grants/ClientCredentialsGrantType.java index 1420c56535..be51b274fc 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/grants/ClientCredentialsGrantType.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/ClientCredentialsGrantType.java @@ -106,6 +106,7 @@ public class ClientCredentialsGrantType extends OAuth2GrantTypeBase { authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName())); authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope); + setAuthorizationDetailsNoteIfIncluded(authSession); // persisting of userSession by default UserSessionModel.SessionPersistenceState sessionPersistenceState = UserSessionModel.SessionPersistenceState.PERSISTENT; @@ -192,4 +193,14 @@ public class ClientCredentialsGrantType extends OAuth2GrantTypeBase { return EventType.CLIENT_LOGIN; } + /** + * Setting a client note with authorization_details to support custom protocol mappers using RAR (Rich Authorization Request) + * until RAR is fully implemented. + */ + private void setAuthorizationDetailsNoteIfIncluded(AuthenticationSessionModel authSession) { + String authorizationDetails = formParams.getFirst(OIDCLoginProtocol.AUTHORIZATION_DETAILS_PARAM); + if (authorizationDetails != null) { + authSession.setClientNote(OIDCLoginProtocol.AUTHORIZATION_DETAILS_PARAM, authorizationDetails); + } + } }