Get Access Token in SPI

[Markus Kienleitner]

Is there a way to get an access token (or jwt token) in a Listener SPI?

We have a legacy application that needs the tokens in its own DB. Is there any way to forward the JWT Token?

Thx!

[Thomas Darimont]

Hello Markus,

if the event listener is invoked during the HTTP request processing for the Keycloak API call, then you could try to use

the ResteasyProviderFactory to access the thread-local request data:

ResteasyProviderFactory.getContextData(HttpRequest.class).getHttpHeaders().getRequestHeader(HttpHeaders.AUTHORIZATION);

Cheers,

Thomas

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/1e47ef5b-0a84-4470-8980-ed049e8d1c06n%40googlegroups.com.

[Markus Kienleitner]

Hi Thomas, 

cool coincidence, because we use your embedded Keycloak variant in Spring Boot - cool work!

With your suggestion, I only get the Base64 encoded client credentials from Authorization Header.

Maybe there is a way to get this information in the spring environment?

[Thomas Darimont]

Hi Markus,

thank you :)

AFAIK there is nothing fancy to get the decoded access token, but I think the following will work:

KeycloakSession session = ResteasyProviderFactory.getContextData(KeycloakSession.class);
AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
AccessToken token = authResult.getToken();

Cheers,

Thomas

[Markus Kienleitner]

Thank you for your quick reply. 

Unfortunately, I expressed myself incorrectly in the original question. I want to forward the token when I create it.

For example, the event `CODE_TO_TOKEN` has the token ID.
I have a KeycloakSession and an event that contains the ID of the token.