sent bearer token with the request

dasniko · Feb 4, 2025 · 407d4c0 · 407d4c0
1 parent b8bf376
commit 407d4c0
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/tokenmapper/pom.xml b/tokenmapper/pom.xml
@@ -14,6 +14,12 @@
 	<version>1.0-SNAPSHOT</version>
 
 	<dependencies>
+		<dependency>
+			<groupId>dasniko.keycloak</groupId>
+			<artifactId>keycloak-utils</artifactId>
+			<version>1.0-SNAPSHOT</version>
+			<scope>provided</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.keycloak</groupId>
 			<artifactId>keycloak-server-spi</artifactId>

diff --git a/tokenmapper/src/main/java/dasniko/keycloak/tokenmapper/EchoMapper.java b/tokenmapper/src/main/java/dasniko/keycloak/tokenmapper/EchoMapper.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.google.auto.service.AutoService;
+import de.keycloak.util.TokenUtils;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.keycloak.broker.provider.util.SimpleHttp;
@@ -30,9 +31,11 @@ public class EchoMapper extends AbstractOIDCProtocolMapper implements UserInfoTo
 
 	static final String URL = "url";
 	static final String URL_DEFAULT = "https://postman-echo.com/get";
+	static final String CLIENT_ID = "clientId";
 
 	static {
 		configProperties.add(new ProviderConfigProperty(URL, "Echo URL", "URL of external echo service", ProviderConfigProperty.STRING_TYPE, URL_DEFAULT));
+		configProperties.add(new ProviderConfigProperty(CLIENT_ID, "API Auth client_id", "As which client the API-client should authenticate itself.", ProviderConfigProperty.CLIENT_LIST_TYPE, ""));
 		OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
 		OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, EchoMapper.class);
 	}
@@ -66,9 +69,12 @@ public List<ProviderConfigProperty> getConfigProperties() {
 	@SneakyThrows
 	protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {
 		String url = mappingModel.getConfig().getOrDefault(URL, URL_DEFAULT);
+		String clientId = mappingModel.getConfig().getOrDefault(CLIENT_ID, "");
+		String accessToken = clientId.isEmpty() ? "" : TokenUtils.generateServiceAccountAccessToken(keycloakSession, clientId, null, null);
 		String username = userSession.getUser().getUsername();
 		log.debug("Requesting URL: {}?username={}", url, username);
-		Map<String, Object> echo = SimpleHttp.doGet(url, keycloakSession).param("username", username).acceptJson().asJson(new TypeReference<>() {});
+		Map<String, Object> echo = SimpleHttp.doGet(url, keycloakSession).param("username", username)
+			.auth(accessToken).acceptJson().asJson(new TypeReference<>() {});
 		OIDCAttributeMapperHelper.mapClaim(token, mappingModel, echo);
 	}
 }