libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

If registration is not allowed for a realm it should not be possible to login with social login unless the user already exists

Browse source
This commit is contained in:
Stian Thorgersen 2013-08-15 16:34:44 +01:00
parent 0301094fc9
commit a65c8695d7
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -144,6 +144,10 @@ public class SocialResource {
UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId()); UserModel user = realm.getUser(provider.getId() + "." + socialUser.getId());
if (user == null) { if (user == null) {
if (!realm.isRegistrationAllowed()) {
return oauth.forwardToSecurityFailure("Registration not allowed");
}
user = realm.addUser(provider.getId() + "." + socialUser.getId()); user = realm.addUser(provider.getId() + "." + socialUser.getId());
user.setAttribute(provider.getId() + ".id", socialUser.getId()); user.setAttribute(provider.getId() + ".id", socialUser.getId());