2 * ============LICENSE_START=======================================================
3 * ONAP : ccsdk features
4 * ================================================================================
5 * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers;
24 import com.fasterxml.jackson.core.JsonProcessingException;
25 import com.fasterxml.jackson.databind.JsonMappingException;
26 import java.util.HashMap;
27 import java.util.List;
29 import java.util.stream.Collectors;
30 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.KeycloakUserTokenPayload;
31 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
32 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
34 public class KeycloakProviderService extends AuthService {
36 public static final String ID = "keycloak";
37 private Map<String, String> additionalTokenVerifierParams;
39 public KeycloakProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) {
40 super(config, redirectUri, tokenCreator);
41 this.additionalTokenVerifierParams = new HashMap<>();
42 this.additionalTokenVerifierParams.put("grant_type", "authorization_code");
46 protected String getTokenVerifierUri() {
47 return "/auth/realms/onap/protocol/openid-connect/token";
51 protected String getLoginUrl(String callbackUrl) {
53 "%s/auth/realms/onap/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
54 this.config.getUrl(), urlEncode(this.config.getClientId()), this.config.getScope(),
55 urlEncode(callbackUrl));
59 protected List<String> mapRoles(List<String> data) {
60 final Map<String,String> map = this.config.getRoleMapping();
61 List<String> filteredRoles =
62 data.stream().filter(role -> !role.equals("uma_authorization") && !role.equals("offline_access"))
63 .map(r -> map.getOrDefault(r, r)).collect(Collectors.toList());
68 protected ResponseType getResponseType() {
69 return ResponseType.CODE;
73 protected Map<String, String> getAdditionalTokenVerifierParams() {
74 return this.additionalTokenVerifierParams;
79 protected boolean doSeperateRolesRequest() {
84 protected UserTokenPayload mapAccessToken(String spayload) throws JsonMappingException, JsonProcessingException {
85 KeycloakUserTokenPayload payload = mapper.readValue(spayload, KeycloakUserTokenPayload.class);
86 UserTokenPayload data = new UserTokenPayload();
87 data.setExp(payload.getExp() * 1000L);
88 data.setFamilyName(payload.getFamilyName());
89 data.setGivenName(payload.getGivenName());
90 data.setPreferredUsername(payload.getPreferredUsername());
91 data.setRoles(this.mapRoles(payload.getRealmAccess().getRoles()));
96 protected UserTokenPayload requestUserRoles(String access_token, long expires_at) {
101 protected boolean verifyState(String state) {
Code Review / ccsdk / features.git / blob