-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve functionality of identity provider token retrieval #8873
Conversation
* | ||
* @author Max Shaposhnik (mshaposh@redhat.com) | ||
*/ | ||
public class KeycloakServiceClient { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it be Singleton?
|
||
private KeycloakSettings keycloakSettings; | ||
|
||
private final Pattern assotiateUserPattern = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't it be static?
* | ||
* @param oauthProvider provider name | ||
* @return KeycloakTokenResponse token response | ||
* @throws ForbiddenException |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like poor javadoc 😸
int delimiterIndex = p.indexOf("="); | ||
queryPairs.put(p.substring(0, delimiterIndex), p.substring(delimiterIndex + 1)); | ||
}); | ||
return new Gson().toJson(queryPairs); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It think it'd better to have singleton GSON instance in static field
@DTO | ||
public interface KeycloakTokenResponse { | ||
|
||
String getAccess_token(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's better to rewrite it in the following way:
@JsonFieldName("access_token")
String getAccessToken();
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ups, forgot this trick, tnx
// If user has no link with identity provider yet, | ||
// we should threat this as unauthorized and send to oAuth login page. | ||
throw new UnauthorizedException(e.getMessage()); | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can remove else
here
&& contentType != null | ||
&& !(contentType.startsWith(MediaType.APPLICATION_JSON) | ||
|| contentType.startsWith("application/vnd.api+json"))) { | ||
throw new IOException(conn.getResponseMessage()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe it is better to throw BadRequestException
with message like 'unsupported format' or add meaningful message, wdyt?
Fixed; |
What does this PR do?
This PR intoduces a dedicated HTTP client for Keycloak operations, which is more accurately covers some cases like:
What issues does this PR fix or reference?
#8288
Release Notes
Fix constant OAuth error when current user haven't identity provider link
Docs PR
N/A