Skip to content
This repository has been archived by the owner on Dec 31, 2021. It is now read-only.

Commit

Permalink
Consider the authentication with email-like username
Browse files Browse the repository at this point in the history
  • Loading branch information
josedev-union authored and flytreeleft committed Nov 9, 2020
1 parent 21d8f5b commit f775859
Showing 1 changed file with 11 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,18 +66,26 @@ public boolean authenticate(UsernamePasswordToken token) {
public boolean authenticate(KeycloakHttpHeaderAuthToken token) {
String principal = token.getPrincipal();
String credentials = token.getCredentials().toString();
boolean authenticated = false;

UserInfo userInfo = this.keycloakAdminClient.obtainUserInfo(credentials);
if (userInfo == null) {
return false;
}

authenticated = userInfo.getPreferredUsername().equals(principal);
this.logger.info("principal is {} while pun is {}, so auth result is {}",
principal,
userInfo.getPreferredUsername(),
authenticated);

if (authenticated) {
return authenticated;
}
boolean isEmail = this.keycloakAdminClient.isEmail(principal);
if (isEmail) {
return userInfo.getEmailVerified() && principal.equals(userInfo.getEmail());
}

return userInfo.getPreferredUsername().equals(principal);
return authenticated;
}

public Set<String> findRoleIdsByUserId(String userId) {
Expand Down

0 comments on commit f775859

Please sign in to comment.