lib/keycloak.rb in keycloak-2.4.1 vs lib/keycloak.rb in keycloak-2.5.0
- old
+ new
@@ -10,11 +10,11 @@
KEYCLOAK_JSON_FILE = 'config/keycloak.json'
class << self
attr_accessor :proxy, :generate_request_exception, :keycloak_controller,
:proc_cookie_token, :proc_external_attributes,
- :realm, :auth_server_url
+ :realm, :auth_server_url, :validate_token_when_call_has_role
end
def self.explode_exception
Keycloak.generate_request_exception = true if Keycloak.generate_request_exception.nil?
Keycloak.generate_request_exception
@@ -251,11 +251,11 @@
client_id = @client_id if client_id.blank?
secret = @secret if secret.blank?
token_introspection_endpoint = @configuration['token_introspection_endpoint'] if token_introspection_endpoint.blank?
- if user_signed_in?(access_token, client_id, secret, token_introspection_endpoint)
+ if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, token_introspection_endpoint)
dt = decoded_access_token(access_token)[0]
dt = dt["resource_access"][client_id]
if dt != nil
dt["roles"].each do |role|
return true if role.to_s == user_role.to_s
@@ -349,10 +349,11 @@
end
def self.setup_module
Keycloak.proxy ||= ''
Keycloak.keycloak_controller ||= KEYCLOACK_CONTROLLER_DEFAULT
+ Keycloak.validate_token_when_call_has_role ||= false
get_installation
end
def self.exec_request(proc_request)
if Keycloak.explode_exception
@@ -834,16 +835,17 @@
end
protected
def self.default_call(proc, client_id = '', secret = '')
- client_id = Keycloak::Client.client_id if client_id.blank?
- secret = Keycloak::Client.secret if secret.blank?
begin
tk = nil
resp = nil
Keycloak::Client.get_installation
+
+ client_id = Keycloak::Client.client_id if client_id.blank?
+ secret = Keycloak::Client.secret if secret.blank?
payload = { 'client_id' => client_id,
'client_secret' => secret,
'grant_type' => 'client_credentials' }
\ No newline at end of file