feat: login user by attribute and password https://www.zhihu.com/cons…

…ult/conversation/1580948836804931584/question

src/main/java/com/example/keycloakspringboot/DemoApplication.java

@@ -56,6 +56,12 @@ public KeycloakAccessTokenPayload loginByUserNamePassword(String username, Strin
         return new KeycloakHelper(new OkHttpClient().newBuilder().build()).getUserTokenByPassword(username, password);
     }
 
+    @GetMapping(value="/login-by-attribute")
+    @ResponseBody
+    public KeycloakAccessTokenPayload loginByAttribute(String attr, String password) throws IOException {
+        return new KeycloakHelper(new OkHttpClient().newBuilder().build()).getUserTokenByAttributeAndPassword(attr, password);
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(DemoApplication.class, args);
     }

src/main/java/com/example/keycloakspringboot/JsonHelper.java

@@ -1,10 +1,12 @@
 package com.example.keycloakspringboot;
 
 import com.example.keycloakspringboot.models.KeycloakAccessTokenPayload;
+import com.example.keycloakspringboot.models.KeycloakUserModel;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
 import java.lang.reflect.Type;
+import java.util.List;
 
 public class JsonHelper {
     private static final Gson gson =
@@ -25,4 +27,8 @@ public static Object parse(String s) {
     public static KeycloakAccessTokenPayload parseFrom(String s) {
         return gson.fromJson(s, KeycloakAccessTokenPayload.class);
     }
+
+    public static KeycloakUserModel[] parseUsersFrom(String s) {
+        return gson.fromJson(s, KeycloakUserModel[].class);
+    }
 }

src/main/java/com/example/keycloakspringboot/KeycloakHelper.java

@@ -3,7 +3,6 @@
 import com.example.keycloakspringboot.models.KeycloakAccessTokenPayload;
 import com.example.keycloakspringboot.models.UserPayload;
 import okhttp3.*;
-import org.bouncycastle.cert.ocsp.Req;
 
 import java.io.IOException;
 import java.util.Objects;
@@ -51,11 +50,7 @@ public KeycloakAccessTokenPayload getAdminAccessToken() throws IOException {
 
         var mediaType = MediaType.parse("application/x-www-form-urlencoded");
         var body = RequestBody.create(mediaType, java.lang.String.format("username=%s&password=%s&grant_type=password&client_id=admin-cli", username, password));
-        var request = new Request.Builder()
-                .url("https://keycloak.jiwai.win/auth/realms/master/protocol/openid-connect/token")
-                .method("POST", body)
-                .addHeader("Content-Type", "application/x-www-form-urlencoded")
-                .build();
+        var request = new Request.Builder().url("https://keycloak.jiwai.win/auth/realms/master/protocol/openid-connect/token").method("POST", body).addHeader("Content-Type", "application/x-www-form-urlencoded").build();
         var response = client.newCall(request).execute();
 
         var s = Objects.requireNonNull(response.body()).string();
@@ -69,8 +64,7 @@ public java.lang.String assignRealmRole(String userId) throws IOException {
         System.out.println(java.lang.String.format("assigning realm role for user = %s", userId));
         var clientId = "98ea8f07-a7f2-4607-ab56-b5208a90eaa1";
         var url = java.lang.String.format("https://keycloak.jiwai.win/auth/admin/realms/UniHeart/users/%s/role-mappings/realm", userId);
-        var payload = java.lang.String.format("[{\"id\": \"5e47a34a-5c22-457f-af3f-e5dea7b06839\"," +
-                "\"name\":\"offline_access\",\"description\":\"add roles programatically\",\"composite\":false,\"clientRole\":false,\"containerId\":\"%s\"}]", clientId);
+        var payload = java.lang.String.format("[{\"id\": \"5e47a34a-5c22-457f-af3f-e5dea7b06839\"," + "\"name\":\"offline_access\",\"description\":\"add roles programatically\",\"composite\":false,\"clientRole\":false,\"containerId\":\"%s\"}]", clientId);
 
         System.out.println(java.lang.String.format("url = %s, with payload = %s", url, payload));
 
@@ -80,16 +74,26 @@ public java.lang.String assignRealmRole(String userId) throws IOException {
     public KeycloakAccessTokenPayload getUserTokenByPassword(String username, String password) throws IOException {
         var mediaType = MediaType.parse("application/x-www-form-urlencoded");
         var body = RequestBody.create(mediaType, java.lang.String.format("username=%s&password=%s&grant_type=password&client_id=demoapp&scope=openid", username, password));
-        var request = new Request.Builder()
-                .url("https://keycloak.jiwai.win/auth/realms/UniHeart/protocol/openid-connect/token")
-                .method("POST", body)
-                .addHeader("Content-Type", "application/x-www-form-urlencoded")
-                .build();
+        var request = new Request.Builder().url("https://keycloak.jiwai.win/auth/realms/UniHeart/protocol/openid-connect/token").method("POST", body).addHeader("Content-Type", "application/x-www-form-urlencoded").build();
 
         var response = client.newCall(request).execute();
 
         var s = Objects.requireNonNull(response.body()).string();
 
         return JsonHelper.parseFrom(s);
     }
+
+    public KeycloakAccessTokenPayload getUserTokenByAttributeAndPassword(String attr, String password) throws IOException {
+        var url = "https://keycloak.jiwai.win/auth/admin/realms/UniHeart/users?q=" + attr;
+        var request = new Request.Builder().url(url).method("GET", null).addHeader("Authorization", java.lang.String.format("Bearer %s", getAdminAccessToken().access_token)).build();
+        var response = client.newCall(request).execute();
+        var s = Objects.requireNonNull(response.body()).string();
+        var users = JsonHelper.parseUsersFrom(s);
+
+        if(users.length == 0) {
+            return null;
+        }
+
+        return getUserTokenByPassword(users[0].username, password);
+    }
 }

src/main/java/com/example/keycloakspringboot/models/KeycloakUserModel.java

@@ -0,0 +1,14 @@
+package com.example.keycloakspringboot.models;
+
+public class KeycloakUserModel {
+    public String id;
+    public long createdTimestamp;
+    public String username;
+    public boolean enabled;
+    public boolean totp;
+    public boolean emailVerified;
+    public String firstName;
+    public String lastName;
+    public String email;
+    public int notBefore;
+}