Details
diff --git a/services/src/main/java/org/keycloak/authentication/actiontoken/AbstractActionTokenHander.java b/services/src/main/java/org/keycloak/authentication/actiontoken/AbstractActionTokenHander.java
index 06e2b53..0fb41d0 100644
--- a/services/src/main/java/org/keycloak/authentication/actiontoken/AbstractActionTokenHander.java
+++ b/services/src/main/java/org/keycloak/authentication/actiontoken/AbstractActionTokenHander.java
@@ -87,7 +87,7 @@ public abstract class AbstractActionTokenHander<T extends JsonWebToken> implemen
}
@Override
- public String getAuthenticationSessionIdFromToken(T token, ActionTokenContext<T> tokenContext) {
+ public String getAuthenticationSessionIdFromToken(T token, ActionTokenContext<T> tokenContext, AuthenticationSessionModel currentAuthSession) {
return token instanceof DefaultActionToken ? ((DefaultActionToken) token).getCompoundAuthenticationSessionId() : null;
}
diff --git a/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenHandler.java b/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenHandler.java
index 4f98070..6bb34f7 100644
--- a/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenHandler.java
+++ b/services/src/main/java/org/keycloak/authentication/actiontoken/ActionTokenHandler.java
@@ -22,6 +22,7 @@ import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.provider.Provider;
import org.keycloak.representations.JsonWebToken;
+import org.keycloak.sessions.AuthenticationSessionCompoundId;
import org.keycloak.sessions.AuthenticationSessionModel;
import javax.ws.rs.core.Response;
@@ -61,11 +62,14 @@ public interface ActionTokenHandler<T extends JsonWebToken> extends Provider {
}
/**
- * Returns an authentication session ID requested from within the given token
+ * Returns a compound authentication session ID requested from within the given token that the handler should attempt to join.
* @param token Token. Can be {@code null}
- * @return authentication session ID
+ * @param tokenContext
+ * @param currentAuthSession Authentication session that is currently in progress, {@code null} if no authentication session is not set
+ * @see AuthenticationSessionCompoundId
+ * @return Authentication session ID (can be {@code null} if the token does not contain authentication session ID)
*/
- String getAuthenticationSessionIdFromToken(T token, ActionTokenContext<T> tokenContext);
+ String getAuthenticationSessionIdFromToken(T token, ActionTokenContext<T> tokenContext, AuthenticationSessionModel currentAuthSession);
/**
* Returns a event type logged with {@link EventBuilder} class.
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index e552885..87711c7 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -503,7 +503,7 @@ public class LoginActionsService {
tokenContext = new ActionTokenContext(session, realm, uriInfo, clientConnection, request, event, handler, execution, this::processFlow, this::brokerLoginFlow);
try {
- String tokenAuthSessionCompoundId = handler.getAuthenticationSessionIdFromToken(token, tokenContext);
+ String tokenAuthSessionCompoundId = handler.getAuthenticationSessionIdFromToken(token, tokenContext, authSession);
if (tokenAuthSessionCompoundId != null) {
// This can happen if the token contains ID but user opens the link in a new browser
