Package com.vaadin.sso.core

Class KeycloakUserMapper

java.lang.Object
com.vaadin.sso.core.KeycloakUserMapper
All Implemented Interfaces:
org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.client.oidc.userinfo.OidcUserSource,org.springframework.security.oauth2.core.oidc.user.OidcUser>
public class KeycloakUserMapper extends Object implements org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.client.oidc.userinfo.OidcUserSource,org.springframework.security.oauth2.core.oidc.user.OidcUser>
A converter that maps Keycloak-specific JWT claims to Spring Security GrantedAuthority instances.

This converter extracts:

  • OAuth2 scopes from the access token as SCOPE_ authorities
  • Keycloak realm roles from the realm_access claim as ROLE_ authorities
  • Keycloak client roles from the resource_access claim as ROLE_ authorities
Since:
4.0
Author:
Vaadin Ltd

  • Constructor Summary

    Constructors
    Constructor
    Description
    KeycloakUserMapper()
    Creates a new instance that uses the default NimbusJwtDecoder-based JWT decoder.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.oauth2.core.oidc.user.OidcUser
    convert(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserSource userSource)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.springframework.core.convert.converter.Converter

    andThen

  • Constructor Details

    • KeycloakUserMapper

      public KeycloakUserMapper()
      Creates a new instance that uses the default NimbusJwtDecoder-based JWT decoder.

  • Method Details

    • convert

      public org.springframework.security.oauth2.core.oidc.user.OidcUser convert(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserSource userSource)
      Specified by:
      convert in interface org.springframework.core.convert.converter.Converter<org.springframework.security.oauth2.client.oidc.userinfo.OidcUserSource,org.springframework.security.oauth2.core.oidc.user.OidcUser>