Details
diff --git a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index ac7decf..6482544 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -591,7 +591,8 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
BrokeredIdentityContext context = extractIdentity(null, idTokenType ? null : subjectToken, parsedToken);
if (context == null) {
- logger.debug("Failed to extractIdentity() from id token. Disabling User Info service might fix this");
+ event.detail(Details.REASON, "Failed to extract identity from token");
+ event.error(Errors.INVALID_TOKEN);
throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
}
diff --git a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
index a35b4a3..f700d45 100755
--- a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
@@ -24,11 +24,13 @@ import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
+import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.JsonWebToken;
+import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
/**
@@ -98,6 +100,12 @@ public class GitLabIdentityProvider extends OIDCIdentityProvider implements Soc
return identity;
}
+ @Override
+ public BrokeredIdentityContext exchangeExternal(EventBuilder event, MultivaluedMap<String, String> params) {
+ return null;
+ }
+
+
diff --git a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
index 29429d0..afd0430 100755
--- a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
@@ -16,13 +16,32 @@
*/
package org.keycloak.social.google;
+import com.fasterxml.jackson.databind.JsonNode;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.OAuthErrorException;
+import org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider;
import org.keycloak.broker.oidc.OIDCIdentityProvider;
import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+import org.keycloak.broker.provider.BrokeredIdentityContext;
+import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.KeycloakUriBuilder;
+import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
+import org.keycloak.events.EventBuilder;
import org.keycloak.models.KeycloakSession;
+import org.keycloak.representations.AccessTokenResponse;
+import org.keycloak.representations.IDToken;
+import org.keycloak.representations.JsonWebToken;
+import org.keycloak.services.ErrorResponseException;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -60,4 +79,43 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
return uri;
}
+ protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken) throws IOException {
+ String id = idToken.getSubject();
+ BrokeredIdentityContext identity = new BrokeredIdentityContext(id);
+ String name = (String) idToken.getOtherClaims().get(IDToken.NAME);
+ String preferredUsername = (String) idToken.getOtherClaims().get(getUsernameClaimName());
+ String email = (String) idToken.getOtherClaims().get(IDToken.EMAIL);
+
+ identity.getContextData().put(VALIDATED_ID_TOKEN, idToken);
+
+ identity.setId(id);
+ identity.setName(name);
+ identity.setEmail(email);
+
+ identity.setBrokerUserId(getConfig().getAlias() + "." + id);
+
+ if (preferredUsername == null) {
+ preferredUsername = email;
+ }
+
+ if (preferredUsername == null) {
+ preferredUsername = id;
+ }
+
+ identity.setUsername(preferredUsername);
+ if (tokenResponse != null && tokenResponse.getSessionState() != null) {
+ identity.setBrokerSessionId(getConfig().getAlias() + "." + tokenResponse.getSessionState());
+ }
+ if (tokenResponse != null) identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse);
+ if (tokenResponse != null) processAccessTokenResponse(identity, tokenResponse);
+ return identity;
+ }
+
+
+ @Override
+ public BrokeredIdentityContext exchangeExternal(EventBuilder event, MultivaluedMap<String, String> params) {
+ return null;
+ }
+
+
}
