package com.zhitan.common.config.keycloak;
|
|
import cn.hutool.core.codec.Base64;
|
import cn.hutool.core.lang.Dict;
|
import cn.hutool.core.util.StrUtil;
|
|
import cn.hutool.http.HttpRequest;
|
import cn.hutool.http.HttpResponse;
|
import com.xkcoding.http.support.HttpHeader;
|
import com.zhitan.common.utils.JsonUtils;
|
import com.zhitan.common.utils.spring.SpringUtils;
|
import me.zhyd.oauth.cache.AuthStateCache;
|
import me.zhyd.oauth.config.AuthConfig;
|
import me.zhyd.oauth.exception.AuthException;
|
import me.zhyd.oauth.model.AuthCallback;
|
import me.zhyd.oauth.model.AuthToken;
|
import me.zhyd.oauth.model.AuthUser;
|
import me.zhyd.oauth.request.AuthDefaultRequest;
|
import me.zhyd.oauth.utils.HttpUtils;
|
import me.zhyd.oauth.utils.UrlBuilder;
|
|
|
/**
|
* Keycloak OAuth2 认证请求
|
*/
|
|
public class AuthKeycloakRequest extends AuthDefaultRequest {
|
|
public static final String SERVER_URL = SpringUtils.getProperty("keycloak.server-url");
|
public static final String REALM = SpringUtils.getProperty("keycloak.realm");
|
|
public AuthKeycloakRequest(AuthConfig config) {
|
super(config, AuthKeycloakSource.KEYCLOAK);
|
}
|
|
public AuthKeycloakRequest(AuthConfig config, AuthStateCache authStateCache) {
|
super(config, AuthKeycloakSource.KEYCLOAK, authStateCache);
|
}
|
|
|
|
@Override
|
public AuthToken getAccessToken(AuthCallback authCallback) {
|
String body = doPostAuthorizationCode(authCallback.getCode());
|
Dict object = JsonUtils.parseMap(body);
|
|
if (object.containsKey("error")) {
|
throw new AuthException(object.getStr("error_description"));
|
}
|
if (object.containsKey("message")) {
|
throw new AuthException(object.getStr("message"));
|
}
|
|
return AuthToken.builder()
|
.accessToken(object.getStr("access_token"))
|
.refreshToken(object.getStr("refresh_token"))
|
.idToken(object.getStr("id_token"))
|
.tokenType(object.getStr("token_type"))
|
.expireIn(object.getInt("expires_in"))
|
.build();
|
}
|
|
@Override
|
public AuthUser getUserInfo(AuthToken authToken) {
|
String body = doGetUserInfo(authToken);
|
Dict object = JsonUtils.parseMap(body);
|
|
if (object.containsKey("error")) {
|
throw new AuthException(object.getStr("error_description"));
|
}
|
if (object.containsKey("message")) {
|
throw new AuthException(object.getStr("message"));
|
}
|
|
return AuthUser.builder()
|
.uuid(object.getStr("sub"))
|
.username(object.getStr("preferred_username"))
|
.nickname(object.getStr("name"))
|
.email(object.getStr("email"))
|
.token(authToken)
|
.source(this.source.toString())
|
.build();
|
}
|
|
@Override
|
protected String doPostAuthorizationCode(String code) {
|
HttpRequest request = HttpRequest.post(source.accessToken())
|
.header("Authorization", "Basic " + Base64.encode(config.getClientId()+":"+config.getClientSecret()))
|
.form("grant_type", "authorization_code")
|
.form("code", code)
|
.form("redirect_uri", config.getRedirectUri());
|
HttpResponse response = request.execute();
|
return response.body();
|
}
|
|
@Override
|
protected String doGetUserInfo(AuthToken authToken) {
|
try {
|
return new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
|
.add("Content-Type", "application/json")
|
.add("Authorization", "Bearer " + authToken.getAccessToken()), false).getBody();
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
return null;
|
}
|
|
@Override
|
public String authorize(String state) {
|
return UrlBuilder.fromBaseUrl(super.authorize(state))
|
.queryParam("scope","openid")
|
.build();
|
}
|
|
|
|
|
}
|
