Javascript KeyClope自定义验证器脚本-如何在脚本上下文中获取用户的访问令牌或外部idp令牌?
我正在尝试在KeyClope 6.0.X中实现一个验证器执行脚本,它为用户检索一个外部IDP令牌,并在将其添加回jwt/access令牌之前对其进行转换。脚本运行asa“登录后流”执行 到目前为止,我无法直接在脚本中访问用户访问令牌或外部IDP令牌Javascript KeyClope自定义验证器脚本-如何在脚本上下文中获取用户的访问令牌或外部idp令牌?,javascript,authentication,keycloak,Javascript,Authentication,Keycloak,我正在尝试在KeyClope 6.0.X中实现一个验证器执行脚本,它为用户检索一个外部IDP令牌,并在将其添加回jwt/access令牌之前对其进行转换。脚本运行asa“登录后流”执行 到目前为止,我无法直接在脚本中访问用户访问令牌或外部IDP令牌 /* * Template for JavaScript based authenticator's. * See org.keycloak.authentication.authenticators.browser.Scri
/*
* Template for JavaScript based authenticator's.
* See org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory
*/
// import enum for error lookup
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
/**
* An example authenticate function.
*
* The following variables are available for convenience:
* user - current user {@see org.keycloak.models.UserModel}
* realm - current realm {@see org.keycloak.models.RealmModel}
* session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
* httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
* script - current script {@see org.keycloak.models.ScriptModel}
* authenticationSession - current authentication session {@see org.keycloak.sessions.AuthenticationSessionModel}
* LOG - current logger {@see org.jboss.logging.Logger}
*
* You one can extract current http request headers via:
* httpRequest.getHttpHeaders().getHeaderString("Forwarded")
*
* @param context {@see org.keycloak.authentication.AuthenticationFlowContext}
*/
function authenticate(context) {
var username = user ? user.username : "anonymous";
LOG.info(script.name + " trace auth for: " + username);
var federatedIdentity = session.users().getFederatedIdentities(user, realm);
LOG.info(script.name + " federatedIdentity= " + federatedIdentity);
var token = federatedIdentity.getToken();
var authShouldFail = false;
if (authShouldFail) {
context.failure(AuthenticationFlowError.INVALID_USER);
return;
}
context.success();
}
我能够成功地获得根据
应具有getToken()方法,但脚本在此方法调用时失败,并出现以下错误:
TypeError:federatedIdentity.getToken不是eval中的函数
我尝试使用Object.getOwnPropertyNames(session)
查看这些变量上有哪些字段和方法可用,但结果证明它们根本不是Javascript对象
TypeError:org.keydape.services。DefaultKeycloakSession@2f2807cd不是评估中的对象
更多挖掘揭示:
sessioninstanceof Object
返回false
而会话类型
返回对象
任何想法或灵感都将不胜感激
getFederatedIdentities
返回一个集合,因此您需要:
var federatedIdentity = session.users().getFederatedIdentities(user, realm).toArray()[0];
getFederatedIdentities
返回一个集合,因此您需要:
var federatedIdentity = session.users().getFederatedIdentities(user, realm).toArray()[0];