612 return login(
"identity");
619 String action = formData.getFirst(
"action");
620 String providerId = formData.getFirst(
"providerId");
622 if (Validation.isEmpty(providerId)) {
624 return account.setError(Response.Status.BAD_REQUEST, Messages.MISSING_IDENTITY_PROVIDER).createResponse(AccountPages.FEDERATED_IDENTITY);
626 AccountSocialAction accountSocialAction = AccountSocialAction.getAction(action);
627 if (accountSocialAction == null) {
629 return account.setError(Response.Status.BAD_REQUEST, Messages.INVALID_FEDERATED_IDENTITY_ACTION).createResponse(AccountPages.FEDERATED_IDENTITY);
632 boolean hasProvider =
false;
634 for (IdentityProviderModel model :
realm.getIdentityProviders()) {
635 if (model.getAlias().equals(providerId)) {
642 return account.setError(Response.Status.BAD_REQUEST, Messages.IDENTITY_PROVIDER_NOT_FOUND).createResponse(AccountPages.FEDERATED_IDENTITY);
645 if (!user.isEnabled()) {
647 return account.setError(Response.Status.BAD_REQUEST, Messages.ACCOUNT_DISABLED).createResponse(AccountPages.FEDERATED_IDENTITY);
650 switch (accountSocialAction) {
652 String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(
session.getContext().getUri().getBaseUri(),
realm.getName())).build().toString();
655 String nonce = UUID.randomUUID().toString();
656 MessageDigest md = MessageDigest.getInstance(
"SHA-256");
658 byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
659 String hash = Base64Url.encode(check);
660 URI linkUrl = Urls.identityProviderLinkRequest(this.
session.getContext().getUri().getBaseUri(), providerId,
realm.getName());
661 linkUrl = UriBuilder.fromUri(linkUrl)
662 .queryParam(
"nonce", nonce)
663 .queryParam(
"hash", hash)
664 .queryParam(
"client_id",
client.getClientId())
665 .queryParam(
"redirect_uri", redirectUri)
667 return Response.seeOther(linkUrl)
669 }
catch (Exception spe) {
671 return account.setError(Response.Status.INTERNAL_SERVER_ERROR, Messages.IDENTITY_PROVIDER_REDIRECT_ERROR).createResponse(AccountPages.FEDERATED_IDENTITY);
674 FederatedIdentityModel link =
session.users().getFederatedIdentity(user, providerId,
realm);
679 session.users().removeFederatedIdentity(
realm, user, providerId);
681 logger.debugv(
"Social provider {0} removed successfully from user {1}", providerId, user.getUsername());
684 .detail(Details.USERNAME,
auth.
getUser().getUsername())
685 .detail(Details.IDENTITY_PROVIDER, link.getIdentityProvider())
686 .detail(Details.IDENTITY_PROVIDER_USERNAME, link.getUserName())
690 return account.setSuccess(Messages.IDENTITY_PROVIDER_REMOVED).createResponse(AccountPages.FEDERATED_IDENTITY);
693 return account.setError(Response.Status.BAD_REQUEST, Messages.FEDERATED_IDENTITY_REMOVING_LAST_PROVIDER).createResponse(AccountPages.FEDERATED_IDENTITY);
697 return account.setError(Response.Status.BAD_REQUEST, Messages.FEDERATED_IDENTITY_NOT_ACTIVE).createResponse(AccountPages.FEDERATED_IDENTITY);
700 throw new IllegalArgumentException();
static final Logger logger
Definition: AccountFormService.java:110
void csrfCheck(final MultivaluedMap< String, String > formData)
Definition: AccountFormService.java:1048
ClientModel getClient()
Definition: Auth.java:63
Auth auth
Definition: AbstractSecuredLocalService.java:70
Response login(String path)
Definition: AbstractSecuredLocalService.java:132
static boolean isPasswordSet(KeycloakSession session, RealmModel realm, UserModel user)
Definition: AccountFormService.java:945
UserModel getUser()
Definition: Auth.java:59
AccountProvider account
Definition: AccountFormService.java:127
KeycloakSession session
Definition: AbstractSecuredLocalService.java:67
RealmModel realm
Definition: AbstractSecuredLocalService.java:59
final ClientModel client
Definition: AbstractSecuredLocalService.java:58
void setReferrerOnPage()
Definition: AccountFormService.java:226
UserSessionModel getSession()
Definition: Auth.java:71
void require(String role)
Definition: Auth.java:83