libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Support RAR (Rich Authorization Request) for ClientCredentialsGrantType via protocol mapper until RAR is fully implemented.

Browse source 
Set authorization_details in a client note in ClientCredentialsGrantType so it can be accessed from a protocol mapper.

Closes #32488

Signed-off-by: Laurids Møller Jepsen <laurids.jepsen@cryptomathic.com>
This commit is contained in:
Laurids Møller Jepsen 2024-10-21 13:19:15 +02:00 committed by Marek Posolda
parent 8015e14530
commit 21da25e146
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
View file

@ -80,6 +80,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
public static final String LOGIN_PROTOCOL = "openid-connect";
public static final String STATE_PARAM = "state";
public static final String SCOPE_PARAM = "scope";
public static final String AUTHORIZATION_DETAILS_PARAM = "authorization_details";
public static final String CODE_PARAM = "code";
public static final String RESPONSE_TYPE_PARAM = "response_type";
public static final String GRANT_TYPE_PARAM = "grant_type";

11
services/src/main/java/org/keycloak/protocol/oidc/grants/ClientCredentialsGrantType.java
View file

@ -106,6 +106,7 @@ public class ClientCredentialsGrantType extends OAuth2GrantTypeBase {
authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
setAuthorizationDetailsNoteIfIncluded(authSession);
// persisting of userSession by default
UserSessionModel.SessionPersistenceState sessionPersistenceState = UserSessionModel.SessionPersistenceState.PERSISTENT;
@ -192,4 +193,14 @@ public class ClientCredentialsGrantType extends OAuth2GrantTypeBase {
return EventType.CLIENT_LOGIN;
}
/**
* Setting a client note with authorization_details to support custom protocol mappers using RAR (Rich Authorization Request)
* until RAR is fully implemented.
*/
private void setAuthorizationDetailsNoteIfIncluded(AuthenticationSessionModel authSession) {
String authorizationDetails = formParams.getFirst(OIDCLoginProtocol.AUTHORIZATION_DETAILS_PARAM);
if (authorizationDetails != null) {
authSession.setClientNote(OIDCLoginProtocol.AUTHORIZATION_DETAILS_PARAM, authorizationDetails);
}
}
}