stackoom
  简体   繁体   中英

Keycloak custom authenticator script - how to get the access token or external idp token of the user within the script context?

 原文  2020-03-11 03:39:53       javascript/ authentication/ keycloak

Question

I'm trying to implement an Authenticator Execution Script in Keycloak 6.0.X, which retrieves an external IDP token for the user and transforms it before adding it back into the jwt/access token. The script runs asa 'Post Login Flow' Execution.

I'm so far unable to access either the user access token or the external IDP token directly within the script.

    /*
    * Template for JavaScript based authenticator's.
    * See org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory
    */

    // import enum for error lookup
    AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");

    /**
    * An example authenticate function.
    *
    * The following variables are available for convenience:
    * user - current user {@see org.keycloak.models.UserModel}
    * realm - current realm {@see org.keycloak.models.RealmModel}
    * session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
    * httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
    * script - current script {@see org.keycloak.models.ScriptModel}
    * authenticationSession - current authentication session {@see org.keycloak.sessions.AuthenticationSessionModel}
    * LOG - current logger {@see org.jboss.logging.Logger}
    *
    * You one can extract current http request headers via:
    * httpRequest.getHttpHeaders().getHeaderString("Forwarded")
    *
    * @param context {@see org.keycloak.authentication.AuthenticationFlowContext}
    */

function authenticate(context) {

    var username = user ? user.username : "anonymous";
    LOG.info(script.name + " trace auth for: " + username);

    var federatedIdentity = session.users().getFederatedIdentities(user, realm);
    LOG.info(script.name + " federatedIdentity= " + federatedIdentity);

    var token = federatedIdentity.getToken();

    var authShouldFail = false;
    if (authShouldFail) {

        context.failure(AuthenticationFlowError.INVALID_USER);
        return;
    }

    context.success();
}

I'm able to successfully get the FederatedIdentityModel which according to the docs should have a getToken() method however the script fails at this method call with the following error:

TypeError: federatedIdentity.getToken is not a function in eval

I've tried using Object.getOwnPropertyNames(session) to see what fields and methods are available on these variables but it turns our they're not Javascript Objects at all..

TypeError: org.keycloak.services.DefaultKeycloakSession@2f2807cd is not an Object in eval

More digging reveals:

session instanceof Object returns false while typeof session returns 'object'

Any ideas or inspiration would be much appreciated!

1 answers

solution1
 0  2021-02-24 10:59:18

getFederatedIdentities返回一个 Set,因此您需要:

var federatedIdentity = session.users().getFederatedIdentities(user, realm).toArray()[0];

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Keycloak: Script Authenticator missing? How to get user email with google access token? Get Azure REST access token in Postman pre-request script How to Get Access to Page's Script Context How to request access token for Reddit on Google Apps Script getting a google analytics access token and how to use it in google sheets script How to retrieve token from script Get client session id from Keycloak access token Instagram how to get user id from access token using javascript? How to get facebook user access token without using sdk?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM