2 * ============LICENSE_START=======================================================
3 * ONAP : ccsdk features
4 * ================================================================================
5 * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers;
24 import com.fasterxml.jackson.core.JsonProcessingException;
25 import com.fasterxml.jackson.databind.JsonMappingException;
26 import java.util.HashMap;
27 import java.util.List;
29 import java.util.stream.Collectors;
30 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.KeycloakUserTokenPayload;
31 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
32 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
33 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
35 public class KeycloakProviderService extends AuthService {
37 public static final String ID = "keycloak";
38 private Map<String, String> additionalTokenVerifierParams;
40 public KeycloakProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService {
41 super(config, redirectUri, tokenCreator);
42 this.additionalTokenVerifierParams = new HashMap<>();
43 this.additionalTokenVerifierParams.put("grant_type", "authorization_code");
47 protected String getTokenVerifierUri() {
48 return String.format("/auth/realms/%s/protocol/openid-connect/token", urlEncode(this.config.getRealmName()));
52 protected String getLoginUrl(String callbackUrl) {
54 "%s/auth/realms/%s/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
55 this.config.getUrl(), urlEncode(this.config.getRealmName()), urlEncode(this.config.getClientId()),
56 this.config.getScope(), urlEncode(callbackUrl));
60 protected List<String> mapRoles(List<String> data) {
61 final Map<String, String> map = this.config.getRoleMapping();
62 List<String> filteredRoles =
63 data.stream().filter(role -> !role.equals("uma_authorization") && !role.equals("offline_access"))
64 .map(r -> map.getOrDefault(r, r)).collect(Collectors.toList());
69 protected ResponseType getResponseType() {
70 return ResponseType.CODE;
74 protected Map<String, String> getAdditionalTokenVerifierParams() {
75 return this.additionalTokenVerifierParams;
80 protected boolean doSeperateRolesRequest() {
85 protected UserTokenPayload mapAccessToken(String spayload) throws JsonMappingException, JsonProcessingException {
86 KeycloakUserTokenPayload payload = mapper.readValue(spayload, KeycloakUserTokenPayload.class);
87 UserTokenPayload data = new UserTokenPayload();
88 data.setIat(payload.getIat() * 1000L);
89 data.setExp(payload.getExp() * 1000L);
90 data.setFamilyName(payload.getFamilyName());
91 data.setGivenName(payload.getGivenName());
92 data.setPreferredUsername(payload.getPreferredUsername());
93 data.setRoles(this.mapRoles(payload.getRealmAccess().getRoles()));
98 protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) {
103 protected boolean verifyState(String state) {
Code Review / ccsdk / features.git / blob