KEYCLOAK-27 Basic social flow with automatic registration and non-duplicated username
This commit is contained in:
parent
b2544dbe8f
commit
932ed10c17
8 changed files with 68 additions and 9 deletions
|
@ -6,6 +6,7 @@
|
|||
"sslNotRequired": true,
|
||||
"cookieLoginAllowed": true,
|
||||
"registrationAllowed": true,
|
||||
"automaticRegistrationAfterSocialLogin": true,
|
||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"requiredCredentials": [ "password" ],
|
||||
|
|
|
@ -37,6 +37,8 @@ public class RealmEntity implements Serializable {
|
|||
@AttributeValue
|
||||
private boolean social;
|
||||
@AttributeValue
|
||||
private boolean automaticRegistrationAfterSocialLogin;
|
||||
@AttributeValue
|
||||
private int tokenLifespan;
|
||||
@AttributeValue
|
||||
private int accessCodeLifespan;
|
||||
|
@ -106,6 +108,14 @@ public class RealmEntity implements Serializable {
|
|||
this.social = social;
|
||||
}
|
||||
|
||||
public boolean isAutomaticRegistrationAfterSocialLogin() {
|
||||
return automaticRegistrationAfterSocialLogin;
|
||||
}
|
||||
|
||||
public void setAutomaticRegistrationAfterSocialLogin(boolean automaticRegistrationAfterSocialLogin) {
|
||||
this.automaticRegistrationAfterSocialLogin = automaticRegistrationAfterSocialLogin;
|
||||
}
|
||||
|
||||
public int getTokenLifespan() {
|
||||
return tokenLifespan;
|
||||
}
|
||||
|
|
|
@ -46,6 +46,7 @@ import org.keycloak.services.managers.RealmManager;
|
|||
import org.keycloak.services.managers.TokenManager;
|
||||
import org.keycloak.services.models.RealmModel;
|
||||
import org.keycloak.services.models.RoleModel;
|
||||
import org.keycloak.services.models.SocialLinkModel;
|
||||
import org.keycloak.services.models.UserModel;
|
||||
import org.keycloak.services.resources.flows.Flows;
|
||||
import org.keycloak.services.resources.flows.OAuthFlows;
|
||||
|
@ -134,22 +135,36 @@ public class SocialResource {
|
|||
return oauth.forwardToSecurityFailure("Failed to process social callback");
|
||||
}
|
||||
|
||||
// TODO Lookup user based on attribute for provider id - this is so a user can have a friendly username + link a
|
||||
// user to
|
||||
// multiple social logins
|
||||
UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId());
|
||||
SocialLinkModel socialLink = new SocialLinkModel(provider.getId(), socialUser.getUsername());
|
||||
UserModel user = realm.getUserBySocialLink(socialLink);
|
||||
|
||||
if (user == null) {
|
||||
if (!realm.isRegistrationAllowed()) {
|
||||
return oauth.forwardToSecurityFailure("Registration not allowed");
|
||||
}
|
||||
|
||||
user = realm.addUser(provider.getId() + "." + socialUser.getId());
|
||||
user.setAttribute(provider.getId() + ".id", socialUser.getId());
|
||||
// Automatically register user into realm with his social username (don't redirect to registration screen)
|
||||
if (realm.isAutomaticRegistrationAfterSocialLogin()) {
|
||||
|
||||
if (realm.getUser(socialUser.getUsername()) != null) {
|
||||
// TODO: Username is already in realm. Show message and let user to bind accounts
|
||||
throw new IllegalStateException("Username " + socialUser.getUsername() +
|
||||
" already registered in the realm. TODO: bind accounts...");
|
||||
|
||||
// TODO: Maybe we should search also by email and bind accounts if user with this email is
|
||||
// already registered. But actually Keycloak allows duplicate emails
|
||||
} else {
|
||||
user = realm.addUser(socialUser.getUsername());
|
||||
}
|
||||
|
||||
realm.addSocialLink(user, socialLink);
|
||||
|
||||
for (RoleModel role : realm.getDefaultRoles()) {
|
||||
realm.grantRole(user, role);
|
||||
}
|
||||
} else {
|
||||
// TODO: redirect to registration screen with pre-filled info
|
||||
}
|
||||
}
|
||||
|
||||
if (!user.isEnabled()) {
|
||||
|
|
|
@ -75,6 +75,7 @@ public class AdapterTest {
|
|||
realmModel.setPrivateKeyPem("0234234");
|
||||
realmModel.setPublicKeyPem("0234234");
|
||||
realmModel.setTokenLifespan(1000);
|
||||
realmModel.setAutomaticRegistrationAfterSocialLogin(true);
|
||||
realmModel.addDefaultRole("foo");
|
||||
|
||||
System.out.println(realmModel.getId());
|
||||
|
@ -86,6 +87,7 @@ public class AdapterTest {
|
|||
Assert.assertEquals(realmModel.getName(), "JUGGLER");
|
||||
Assert.assertEquals(realmModel.getPrivateKeyPem(), "0234234");
|
||||
Assert.assertEquals(realmModel.getPublicKeyPem(), "0234234");
|
||||
Assert.assertEquals(realmModel.isAutomaticRegistrationAfterSocialLogin(), true);
|
||||
Assert.assertEquals(1, realmModel.getDefaultRoles().size());
|
||||
Assert.assertEquals("foo", realmModel.getDefaultRoles().get(0).getName());
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package org.keycloak.social;
|
|||
public class SocialUser {
|
||||
|
||||
private String id;
|
||||
private String username;
|
||||
private String firstName;
|
||||
private String lastName;
|
||||
private String email;
|
||||
|
@ -19,6 +20,14 @@ public class SocialUser {
|
|||
this.id = id;
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public String getFirstName() {
|
||||
return firstName;
|
||||
}
|
||||
|
|
|
@ -82,6 +82,13 @@ public class FacebookProvider implements SocialProvider {
|
|||
FacebookUser facebookUser = loadUser(accessToken, client);
|
||||
|
||||
SocialUser socialUser = new SocialUser(facebookUser.getId());
|
||||
socialUser.setUsername(facebookUser.getUsername());
|
||||
|
||||
// This could happen with Facebook testing users
|
||||
if (facebookUser.getUsername() == null || facebookUser.getUsername().length() == 0) {
|
||||
socialUser.setUsername(facebookUser.getId());
|
||||
}
|
||||
|
||||
socialUser.setEmail(facebookUser.getEmail());
|
||||
socialUser.setLastName(facebookUser.getLastName());
|
||||
socialUser.setFirstName(facebookUser.getFirstName());
|
||||
|
|
|
@ -106,6 +106,10 @@ public class GoogleProvider implements SocialProvider {
|
|||
Userinfo userInfo = oauth2.userinfo().get().execute();
|
||||
|
||||
SocialUser user = new SocialUser(userInfo.getId());
|
||||
|
||||
// Use email as username for Google
|
||||
user.setUsername(userInfo.getEmail());
|
||||
|
||||
user.setFirstName(userInfo.getGivenName());
|
||||
user.setLastName(userInfo.getFamilyName());
|
||||
user.setEmail(userInfo.getEmail());
|
||||
|
|
|
@ -77,7 +77,18 @@ public class TwitterProvider implements SocialProvider {
|
|||
twitter4j.User twitterUser = twitter.verifyCredentials();
|
||||
|
||||
SocialUser user = new SocialUser(Long.toString(twitterUser.getId()));
|
||||
user.setFirstName(twitterUser.getName());
|
||||
|
||||
// Use screenName as username for Twitter
|
||||
user.setUsername(twitterUser.getScreenName());
|
||||
|
||||
String twitterName = twitterUser.getName();
|
||||
int spaceIndex = twitterName.lastIndexOf(' ');
|
||||
if (spaceIndex != -1) {
|
||||
user.setFirstName(twitterName.substring(0, spaceIndex));
|
||||
user.setLastName(twitterName.substring(spaceIndex + 1));
|
||||
} else {
|
||||
user.setFirstName(twitterName);
|
||||
}
|
||||
|
||||
return user;
|
||||
} catch (Exception e) {
|
||||
|
|
Loading…
Reference in a new issue