KEYCLOAK-14940 refresh expired idtoken

2020-07-29 11:12:29 -03:00 · 2020-07-29 11:12:29 -03:00 · 541063f2ce
commit 541063f2ce
parent 1e6c37e423
1 changed files with 18 additions and 3 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RefreshableKeycloakSecurityContext.java
@ -63,6 +63,18 @@ public class RefreshableKeycloakSecurityContext extends KeycloakSecurityContext
        return super.getTokenString();
    }

+    @Override
+    public IDToken getIdToken() {
+        refreshExpiredToken(true);
+        return super.getIdToken();
+    }
+
+    @Override
+    public String getIdTokenString() {
+        refreshExpiredToken(true);
+        return super.getIdTokenString();
+    }
+
    public String getRefreshToken() {
        return refreshToken;
    }
@ -139,25 +151,28 @@ public class RefreshableKeycloakSecurityContext extends KeycloakSecurityContext
            }
            String tokenString = response.getToken();
            AccessToken token = null;
+            IDToken idToken = null;
            try {
                AdapterTokenVerifier.VerifiedTokens tokens = AdapterTokenVerifier.verifyTokens(tokenString, response.getIdToken(), deployment);
                token = tokens.getAccessToken();
+                idToken = tokens.getIdToken();
                log.debug("Token Verification succeeded!");
            } catch (VerificationException e) {
                log.error("failed verification of token");
                return false;
            }
-
            // If the TTL is greater-or-equal to the expire time on the refreshed token, have to abort or go into an infinite refresh loop
            if (!isTokenTimeToLiveSufficient(token)) {
                log.error("failed to refresh the token with a longer time-to-live than the minimum");
                return false;
            }
-
            if (response.getNotBeforePolicy() > deployment.getNotBefore()) {
                deployment.updateNotBefore(response.getNotBeforePolicy());
            }
-
+            if (idToken != null) {
+                this.idToken = idToken;
+                this.idTokenString = response.getIdToken();
+            }
            this.token = token;
            if (response.getRefreshToken() != null) {
                if (log.isTraceEnabled()) {