I'm trying to implement an Authenticator Execution Script in Keycloak 6.0.X, which retrieves an external IDP token for the user and transforms it before adding it back into the jwt/access token. The script runs asa 'Post Login Flow' Execution.
I'm so far unable to access either the user access token or the external IDP token directly within the script.
/*
* Template for JavaScript based authenticator's.
* See org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory
*/
// import enum for error lookup
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
/**
* An example authenticate function.
*
* The following variables are available for convenience:
* user - current user {@see org.keycloak.models.UserModel}
* realm - current realm {@see org.keycloak.models.RealmModel}
* session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
* httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
* script - current script {@see org.keycloak.models.ScriptModel}
* authenticationSession - current authentication session {@see org.keycloak.sessions.AuthenticationSessionModel}
* LOG - current logger {@see org.jboss.logging.Logger}
*
* You one can extract current http request headers via:
* httpRequest.getHttpHeaders().getHeaderString("Forwarded")
*
* @param context {@see org.keycloak.authentication.AuthenticationFlowContext}
*/
function authenticate(context) {
var username = user ? user.username : "anonymous";
LOG.info(script.name + " trace auth for: " + username);
var federatedIdentity = session.users().getFederatedIdentities(user, realm);
LOG.info(script.name + " federatedIdentity= " + federatedIdentity);
var token = federatedIdentity.getToken();
var authShouldFail = false;
if (authShouldFail) {
context.failure(AuthenticationFlowError.INVALID_USER);
return;
}
context.success();
}
I'm able to successfully get the FederatedIdentityModel which according to the docs should have a getToken() method however the script fails at this method call with the following error:
TypeError: federatedIdentity.getToken is not a function in eval
I've tried using Object.getOwnPropertyNames(session)
to see what fields and methods are available on these variables but it turns our they're not Javascript Objects at all..
TypeError: org.keycloak.services.DefaultKeycloakSession@2f2807cd is not an Object in eval
More digging reveals:
session instanceof Object
returns false
while typeof session
returns 'object'
Any ideas or inspiration would be much appreciated!
getFederatedIdentities
返回一个 Set,因此您需要:
var federatedIdentity = session.users().getFederatedIdentities(user, realm).toArray()[0];
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.