• Home
• com.tngtech.keycloakmock
• mock
• 0.17.0
• source code
• TokenHelper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.tngtech.keycloakmock.impl.helper.TokenHelper Maven / Gradle / Ivy

package com.tngtech.keycloakmock.impl.helper;

import static com.tngtech.keycloakmock.api.TokenConfig.aTokenConfig;

import com.tngtech.keycloakmock.api.TokenConfig.Builder;
import com.tngtech.keycloakmock.impl.TokenGenerator;
import com.tngtech.keycloakmock.impl.UrlConfiguration;
import com.tngtech.keycloakmock.impl.session.Session;
import com.tngtech.keycloakmock.impl.session.UserData;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;

@Singleton
public class TokenHelper {

  private static final String NONCE = "nonce";

  @Nonnull private final TokenGenerator tokenGenerator;
  @Nonnull private final List resourcesToMapRolesTo;

  @Inject
  TokenHelper(
      @Nonnull TokenGenerator tokenGenerator,
      @Nonnull @Named("resources") List resourcesToMapRolesTo) {
    this.tokenGenerator = tokenGenerator;
    this.resourcesToMapRolesTo = resourcesToMapRolesTo;
  }

  @Nullable
  public String getToken(@Nonnull Session session, @Nonnull UrlConfiguration requestConfiguration) {
    UserData userData = session.getUserData();
    Builder builder =
        aTokenConfig()
            .withAuthorizedParty(session.getClientId())
            // at the moment, there is no explicit way of setting an audience
            .withAudience(session.getClientId())
            .withSubject(userData.getSubject())
            .withPreferredUsername(userData.getPreferredUsername())
            .withGivenName(userData.getGivenName())
            .withFamilyName(userData.getFamilyName())
            .withName(userData.getName())
            .withEmail(userData.getEmail())
            .withSessionId(session.getSessionId())
            // we currently don't do proper authorization anyway, so we can just act as if we were
            // compliant to ISO/IEC 29115 level 1 (see KEYCLOAK-3223 / KEYCLOAK-3314)
            .withAuthenticationContextClassReference("1");
    if (session.getNonce() != null) {
      builder.withClaim(NONCE, session.getNonce());
    }
    if (resourcesToMapRolesTo.isEmpty()) {
      builder.withRealmRoles(session.getRoles());
    } else {
      for (String resource : resourcesToMapRolesTo) {
        builder.withResourceRoles(resource, session.getRoles());
      }
    }

    // for simplicity, the access token is the same as the ID token
    return tokenGenerator.getToken(builder.build(), requestConfiguration);
  }

  @Nonnull
  public Map parseToken(@Nonnull String token) {
    return tokenGenerator.parseToken(token);
  }
}