keycloak-memoizeit
Changes
examples/js/keycloak.js 4(+3 -1)
Details
examples/js/keycloak.js 4(+3 -1)
diff --git a/examples/js/keycloak.js b/examples/js/keycloak.js
index cdd9374..39cad77 100644
--- a/examples/js/keycloak.js
+++ b/examples/js/keycloak.js
@@ -19,7 +19,9 @@ window.keycloak = (function () {
}
}
- processCallback();
+ if (!processCallback()) {
+ window.location.href = getLoginUrl() + '&prompt=none';
+ }
}
kc.login = function () {
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index a9bc79b..ec4c783 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -85,6 +85,20 @@ public class OAuthFlows {
return location.build();
}
+ public Response redirectError(UserModel client, String error, String state, String redirect) {
+ Set<String> redirectUris = client.getRedirectUris();
+ if (!redirectUris.isEmpty() && !redirectUris.contains(redirect)) {
+ return forwardToSecurityFailure("Invalid redirect_uri " + redirect);
+ }
+
+ UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
+ if (state != null) {
+ redirectUri.queryParam("state", state);
+ }
+
+ return Response.status(302).location(redirectUri.build()).build();
+ }
+
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 7296d8e..16932ca 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -42,10 +42,7 @@ import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import java.security.PrivateKey;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -446,7 +443,7 @@ public class TokenService {
@GET
public Response loginPage(final @QueryParam("response_type") String responseType,
final @QueryParam("redirect_uri") String redirect, final @QueryParam("client_id") String clientId,
- final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state) {
+ final @QueryParam("scope") String scopeParam, final @QueryParam("state") String state, final @QueryParam("prompt") String prompt) {
OAuthFlows oauth = Flows.oauth(realm, request, uriInfo, authManager, tokenManager);
if (!realm.isEnabled()) {
@@ -483,6 +480,10 @@ public class TokenService {
return oauth.processAccessCode(scopeParam, state, redirect, client, user);
}
+ if (prompt != null && prompt.equals("none")) {
+ return oauth.redirectError(client, "access_denied", state, redirect);
+ }
+
return Flows.forms(realm, request, uriInfo).forwardToLogin();
}