Details
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index a18540f..626aab8 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -25,9 +25,11 @@ import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.AccessCodeEntry;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.TokenManager;
@@ -87,6 +89,9 @@ public class OAuthFlows {
}
public Response processAccessCode(String scopeParam, String state, String redirect, UserModel client, UserModel user) {
+ isTotpConfigurationRequired(user);
+ isEmailVerificationRequired(user);
+
RoleModel resourceRole = realm.getRole(Constants.APPLICATION_ROLE);
RoleModel identityRequestRole = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
boolean isResource = realm.hasRole(client, resourceRole);
@@ -126,4 +131,20 @@ public class OAuthFlows {
return Flows.forms(realm, request, uriInfo).setError(message).createErrorPage();
}
+ private void isTotpConfigurationRequired(UserModel user) {
+ for (RequiredCredentialModel c : realm.getRequiredCredentials()) {
+ if (c.getType().equals(CredentialRepresentation.TOTP) && !user.isTotp()) {
+ user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
+ log.debug("User is required to configure totp");
+ }
+ }
+ }
+
+ private void isEmailVerificationRequired(UserModel user) {
+ if (realm.isVerifyEmail() && !user.isEmailVerified()) {
+ user.addRequiredAction(RequiredAction.VERIFY_EMAIL);
+ log.debug("User is required to verify email");
+ }
+ }
+
}
diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index 4914c8a..b7d3bd7 100755
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -78,9 +78,6 @@ public class SocialResource {
private HttpRequest request;
@Context
- private HttpResponse response;
-
- @Context
ResourceContext resourceContext;
@Context
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 79992d6..3263715 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -230,9 +230,6 @@ public class TokenService {
return Flows.forms(realm, request, uriInfo).setError(Messages.INVALID_USER).setFormData(formData).createLogin();
}
- isTotpConfigurationRequired(user);
- isEmailVerificationRequired(user);
-
AuthenticationStatus status = authManager.authenticateForm(realm, user, formData);
switch (status) {
@@ -255,22 +252,6 @@ public class TokenService {
return service;
}
- private void isTotpConfigurationRequired(UserModel user) {
- for (RequiredCredentialModel c : realm.getRequiredCredentials()) {
- if (c.getType().equals(CredentialRepresentation.TOTP) && !user.isTotp()) {
- user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
- logger.debug("User is required to configure totp");
- }
- }
- }
-
- private void isEmailVerificationRequired(UserModel user) {
- if (realm.isVerifyEmail() && !user.isEmailVerified()) {
- user.addRequiredAction(RequiredAction.VERIFY_EMAIL);
- logger.debug("User is required to verify email");
- }
- }
-
@Path("registrations")
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
