Added prompt option to auth/login. If prompt='none' is specified the authentication form or grant forms will not be displayed, instead an error is returned
This commit is contained in:
parent
9e4d5f0eb6
commit
2bb3753289
3 changed files with 23 additions and 6 deletions
|
@ -19,7 +19,9 @@ window.keycloak = (function () {
|
|||
}
|
||||
}
|
||||
|
||||
processCallback();
|
||||
if (!processCallback()) {
|
||||
window.location.href = getLoginUrl() + '&prompt=none';
|
||||
}
|
||||
}
|
||||
|
||||
kc.login = function () {
|
||||
|
|
|
@ -42,10 +42,7 @@ import javax.ws.rs.core.UriInfo;
|
|||
import javax.ws.rs.ext.Providers;
|
||||
|
||||
import java.security.PrivateKey;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -446,7 +443,7 @@ public class TokenService {
|
|||
@GET
|
||||
public Response loginPage(final @QueryParam("response_type") String responseType,
|
||||
final @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
|
||||
final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
|
||||
final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt) {
|
||||
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
|
||||
|
||||
if (!realm.isEnabled()) {
|
||||
|
@ -483,6 +480,10 @@ public class TokenService {
|
|||
return oauth.processAccessCode(scopeParam, state, redirect, client, user);
|
||||
}
|
||||
|
||||
if (prompt != null && prompt.equals("none")) {
|
||||
return oauth.redirectError(client, "access_denied", state, redirect);
|
||||
}
|
||||
|
||||
return Flows.forms(realm, request, uriInfo).forwardToLogin();
|
||||
}
|
||||
|
||||
|
|
|
@ -85,6 +85,20 @@ public class OAuthFlows {
|
|||
return location.build();
|
||||
}
|
||||
|
||||
public Response redirectError(UserModel client, String error, String state, String redirect) {
|
||||
Set<String> redirectUris = client.getRedirectUris();
|
||||
if (!redirectUris.isEmpty() && !redirectUris.contains(redirect)) {
|
||||
return forwardToSecurityFailure("Invalid redirect_uri " + redirect);
|
||||
}
|
||||
|
||||
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
|
||||
if (state != null) {
|
||||
redirectUri.queryParam("state", state);
|
||||
}
|
||||
|
||||
return Response.status(302).location(redirectUri.build()).build();
|
||||
}
|
||||
|
||||
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
|
||||
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
|
||||
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
|
||||
|
|
Loading…
Reference in a new issue