diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java new file mode 100755 index 0000000000..7f3817b1c4 --- /dev/null +++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java @@ -0,0 +1,133 @@ +package org.keycloak.broker.oidc.mappers; + +import java.util.ArrayList; +import java.util.List; + +import org.codehaus.jackson.JsonNode; +import org.jboss.logging.Logger; +import org.keycloak.broker.oidc.OIDCIdentityProvider; +import org.keycloak.broker.provider.AbstractIdentityProviderMapper; +import org.keycloak.broker.provider.BrokeredIdentityContext; +import org.keycloak.models.IdentityProviderMapperModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.provider.ProviderConfigProperty; + +/** + * Abstract class for Social Provider mappers which allow mapping of JSON user profile field into Keycloak user attribute. + * Concrete mapper classes with own ID and provider mapping must be implemented for each social provider who uses {@link JsonNode} user profile. + * + * @author Vlastimil Elias (velias at redhat dot com) + */ +public abstract class AbstractJsonUserAttributeMapper extends AbstractIdentityProviderMapper { + + protected static final Logger logger = Logger.getLogger(AbstractJsonUserAttributeMapper.class); + + protected static final Logger LOGGER_DUMP_USER_PROFILE = Logger.getLogger("org.keycloak.social.user_profile_dump"); + + /** + * Config param where name of mapping source JSON User Profile field is stored. + */ + public static final String CONF_JSON_FIELD = "jsonField"; + /** + * Config param where name of mapping target USer attribute is stored. + */ + public static final String CONF_USER_ATTRIBUTE = "userAttribute"; + + /** + * Key in {@link BrokeredIdentityContext#getContextData()} where {@link JsonNode} with user profile is stored. + */ + public static final String CONTEXT_JSON_NODE = OIDCIdentityProvider.USER_INFO; + + private static final List configProperties = new ArrayList(); + + static { + ProviderConfigProperty property; + ProviderConfigProperty property1; + property1 = new ProviderConfigProperty(); + property1.setName(CONF_JSON_FIELD); + property1.setLabel("Social Profile JSON Field Name"); + property1.setHelpText("Name of field in Social provider User Profile JSON data to get value from."); + property1.setType(ProviderConfigProperty.STRING_TYPE); + configProperties.add(property1); + property = new ProviderConfigProperty(); + property.setName(CONF_USER_ATTRIBUTE); + property.setLabel("User Attribute Name"); + property.setHelpText("User attribute name to store information into."); + property.setType(ProviderConfigProperty.STRING_TYPE); + configProperties.add(property); + } + + public static void storeUserProfileForMapper(BrokeredIdentityContext user, JsonNode profile) { + user.getContextData().put(AbstractJsonUserAttributeMapper.CONTEXT_JSON_NODE, profile); + if (LOGGER_DUMP_USER_PROFILE.isDebugEnabled()) + LOGGER_DUMP_USER_PROFILE.debug("User Profile JSON Data: " + profile); + } + + @Override + public List getConfigProperties() { + return configProperties; + } + + @Override + public String getDisplayCategory() { + return "Attribute Importer"; + } + + @Override + public String getDisplayType() { + return "Attribute Importer"; + } + + @Override + public String getHelpText() { + return "Import user profile information if it exists in Social provider JSON data into the specified user attribute."; + } + + @Override + public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { + String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE); + if (attribute == null) { + logger.debug("Attribute is not configured"); + return; + } + + String value = getJsonValue(mapperModel, context); + if (value != null) { + user.setAttribute(attribute, value); + } + } + + @Override + public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { + // we do not update user profile from social provider + } + + protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { + + String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD); + if (jsonField == null) { + logger.debug("JSON field is not configured"); + return null; + } + + JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE); + + if (profileJsonNode != null) { + JsonNode value = profileJsonNode.get(jsonField); + if (value != null) { + String ret = value.asText(); + if (ret != null && !ret.trim().isEmpty()) + return ret.trim(); + else + return null; + } + } else { + logger.debug("User profile JSON node is not available."); + } + + return null; + } + +} diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java index 40a883b24a..cd36006976 100755 --- a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java +++ b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java @@ -3,10 +3,11 @@ package org.keycloak.social.github; import org.codehaus.jackson.JsonNode; import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider; import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig; +import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; import org.keycloak.broker.oidc.util.JsonSimpleHttp; -import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.IdentityBrokerException; +import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.social.SocialIdentityProvider; /** @@ -14,40 +15,42 @@ import org.keycloak.social.SocialIdentityProvider; */ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider { - public static final String AUTH_URL = "https://github.com/login/oauth/authorize"; - public static final String TOKEN_URL = "https://github.com/login/oauth/access_token"; - public static final String PROFILE_URL = "https://api.github.com/user"; - public static final String DEFAULT_SCOPE = "user:email"; + public static final String AUTH_URL = "https://github.com/login/oauth/authorize"; + public static final String TOKEN_URL = "https://github.com/login/oauth/access_token"; + public static final String PROFILE_URL = "https://api.github.com/user"; + public static final String DEFAULT_SCOPE = "user:email"; - public GitHubIdentityProvider(OAuth2IdentityProviderConfig config) { - super(config); - config.setAuthorizationUrl(AUTH_URL); - config.setTokenUrl(TOKEN_URL); - config.setUserInfoUrl(PROFILE_URL); - } + public GitHubIdentityProvider(OAuth2IdentityProviderConfig config) { + super(config); + config.setAuthorizationUrl(AUTH_URL); + config.setTokenUrl(TOKEN_URL); + config.setUserInfoUrl(PROFILE_URL); + } - @Override - protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { - try { - JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken)); + @Override + protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) { + try { + JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken)); - BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); + BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id")); - String username = getJsonProperty(profile, "login"); - user.setUsername(username); - user.setName(getJsonProperty(profile, "name")); - user.setEmail(getJsonProperty(profile, "email")); - user.setIdpConfig(getConfig()); - user.setIdp(this); + String username = getJsonProperty(profile, "login"); + user.setUsername(username); + user.setName(getJsonProperty(profile, "name")); + user.setEmail(getJsonProperty(profile, "email")); + user.setIdpConfig(getConfig()); + user.setIdp(this); - return user; - } catch (Exception e) { - throw new IdentityBrokerException("Could not obtain user profile from github.", e); - } - } + AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile); - @Override - protected String getDefaultScopes() { - return DEFAULT_SCOPE; - } + return user; + } catch (Exception e) { + throw new IdentityBrokerException("Could not obtain user profile from github.", e); + } + } + + @Override + protected String getDefaultScopes() { + return DEFAULT_SCOPE; + } } diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java b/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java new file mode 100644 index 0000000000..b4a6359076 --- /dev/null +++ b/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java @@ -0,0 +1,29 @@ +/* + * JBoss, Home of Professional Open Source + * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @authors tag. All rights reserved. + */ +package org.keycloak.social.github; + +import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; + +/** + * User attribute mapper. + * + * @author Vlastimil Elias (velias at redhat dot com) + */ +public class GitHubUserAttributeMapper extends AbstractJsonUserAttributeMapper { + + private static final String[] cp = new String[] { GitHubIdentityProviderFactory.PROVIDER_ID }; + + @Override + public String[] getCompatibleProviders() { + return cp; + } + + @Override + public String getId() { + return "github-user-attribute-mapper"; + } + +} diff --git a/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper new file mode 100755 index 0000000000..25972f6fa3 --- /dev/null +++ b/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper @@ -0,0 +1 @@ +org.keycloak.social.github.GitHubUserAttributeMapper \ No newline at end of file