KeycloakOAuth2.java

/*
 * Copyright 2017 JBoss Inc
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.apiman.gateway.engine.vertx.polling.fetchers.auth;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.MultiMap;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;

import java.util.Map;
import java.util.Objects;

/**
 * Authenticator for Keycloak OAuth2.
 *
 * <ul>
 *   <li>flowType: OAuth2 flow type</li>
 *   <li>username: if password flow</li>
 *   <li>password: if password flow</li>
 * </ul>
 *
 * Paste JSON config from your Keycloak realm.
 *
 * @see OAuth2FlowType
 * @author Marc Savy {@literal <marc@rhymewithgravy.com>}
 */
@SuppressWarnings("nls")
public class KeycloakOAuth2 extends AbstractOAuth2Base implements Authenticator {

    private Logger log = LoggerFactory.getLogger(KeycloakOAuth2.class);

    public KeycloakOAuth2() {
    }

    @Override
    public Authenticator validateConfig(Map<String, String> config) {
        Objects.requireNonNull(config.get("flowType"), "must provide OAuth2 flow type 'flowType'.");
        return this;
    }

    @Override
    public Authenticator authenticate(Vertx vertx, Map<String, String> config, MultiMap headerMap, Handler<AsyncResult<Void>> resultHandler) {

        OAuth2FlowType flowType = getFlowType(config.get("flowType"));
        JsonObject params = new JsonObject();
        if (config.get("username") != null) {
            params.put("username", config.get("username"));
        }
        if (config.get("password") != null) {
            params.put("password", config.get("password"));
        }

        OAuth2Auth oauth2 = KeycloakAuth.create(vertx,  flowType, mapToJson(config));

        oauth2.getToken(params, tokenResult -> {
            if (tokenResult.succeeded()) {
                log.debug("OAuth2 Keycloak exchange succeeded.");
                AccessToken token = tokenResult.result();
                headerMap.set("Authorization", "Bearer " + token.principal().getString("access_token"));
                resultHandler.handle(Future.succeededFuture());
            } else {
                log.error("Access Token Error: {0}.", tokenResult.cause().getMessage());
                resultHandler.handle(Future.failedFuture(tokenResult.cause()));
            }
          });
        return this;
    }

}