[英]Keycloak custom authenticator script - how to get the access token or external idp token of the user within the script context?
我正在嘗試在 Keycloak 6.0.X 中實現一個身份驗證器執行腳本,它為用戶檢索外部 IDP 令牌並在將其添加回 jwt/訪問令牌之前對其進行轉換。 該腳本作為“登錄后流程”執行運行。
到目前為止,我無法直接在腳本中訪問用戶訪問令牌或外部 IDP 令牌。
/*
* Template for JavaScript based authenticator's.
* See org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory
*/
// import enum for error lookup
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
/**
* An example authenticate function.
*
* The following variables are available for convenience:
* user - current user {@see org.keycloak.models.UserModel}
* realm - current realm {@see org.keycloak.models.RealmModel}
* session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
* httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
* script - current script {@see org.keycloak.models.ScriptModel}
* authenticationSession - current authentication session {@see org.keycloak.sessions.AuthenticationSessionModel}
* LOG - current logger {@see org.jboss.logging.Logger}
*
* You one can extract current http request headers via:
* httpRequest.getHttpHeaders().getHeaderString("Forwarded")
*
* @param context {@see org.keycloak.authentication.AuthenticationFlowContext}
*/
function authenticate(context) {
var username = user ? user.username : "anonymous";
LOG.info(script.name + " trace auth for: " + username);
var federatedIdentity = session.users().getFederatedIdentities(user, realm);
LOG.info(script.name + " federatedIdentity= " + federatedIdentity);
var token = federatedIdentity.getToken();
var authShouldFail = false;
if (authShouldFail) {
context.failure(AuthenticationFlowError.INVALID_USER);
return;
}
context.success();
}
我能夠成功獲得 FederatedIdentityModel,根據文檔應該有一個 getToken() 方法,但是腳本在此方法調用時失敗,並出現以下錯誤:
類型錯誤:federatedIdentity.getToken 不是 eval 中的函數
我已經嘗試使用Object.getOwnPropertyNames(session)
來查看這些變量上有哪些字段和方法可用,但結果表明它們根本不是 Javascript 對象。
類型錯誤:org.keycloak.services.DefaultKeycloakSession@2f2807cd 不是 eval 中的對象
更多挖掘揭示:
session instanceof Object
返回false
而typeof session
返回'object'
任何想法或靈感將不勝感激!
getFederatedIdentities
返回一個 Set,因此您需要:
var federatedIdentity = session.users().getFederatedIdentities(user, realm).toArray()[0];
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.