René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Keycloak: Adding a custom field for the `token` endpoint POST to get Single-Sign-Off to work","articleBody":"Hi,\r\n\r\nKeycloak has some non-standard behavior that we need to support: The [KEYCLOAK-15234](https://issues.redhat.com/browse/KEYCLOAK-15234) bug report is about Single-Sign-Off not working with non-Keycloak adapters (like scribejava). Keycloak allows clients to register an \"Admin URL\" that gets called when users log off. Unfortunately, it only works when a custom `client_session_state=${sessionId}` POST parameter is added when calling the `token` endpoint to exchange a code for a token.\r\n\r\nThe `OAuth20Service` service currently does not provide any means to add custom parameters to any of the `getAccessToken()` methods.\r\n\r\nThe question is whether we should  provide a PR for this project or work around it in application code. We prefer preparing a PR and I would like to hear the project's opinion on how to proceed. We're happy to provide a PR, but would like the approach to be approved beforehand, so we don't waste effort and end up with a fork that never gets merged. There are at least a couple of ways this could be made possible:\r\n\r\n### Change protected -\u003e public for 4 methods in `OAuth2AccessToken`\r\n\r\nIf the three `sendAccessTokenRequest*` methods and `createAccessTokenRequest` were changed from protected to public, then instead of:\r\n\r\n    OAuth2AccessToken accessToken = service.getAccessToken(code)\r\n\r\nour application code could now:\r\n\r\n    OAuthRequest request = service.createAccessTokenRequest(AccessTokenRequestParams.create(code));\r\n    request.addParameter(\"client_session_state\", sessionId)\r\n    OAuth2AccessToken accessToken = service.sendAccessTokenRequestSync(request)\r\n\r\nIn my opinion this the cleanest, most flexible and most elegant solution, but there is also:\r\n\r\n### A new `KeycloakService` implements `public OAuth2AccessToken getAccessToken*(..., String clientSessionState)` methods\r\n\r\nModify `KeycloakApi` to override method `public OAuth20Service createService` so it creates a `KeycloakService` (like e.g. `FacecbookApi` creates a `FacebookService`). `KeycloakService` then provides a (number of) `public OAuth2AccessToken getAccessToken(String code, String clientSessionState)` method(s) that add the extra parameter.\r\n\r\nThere are already 6 methods with various parameter and sync/async combinations. Should there now be 12? The existing 6 plus versions with the extra parameter? This is a maintainability nightmare... It also makes `getAccessToken` different from e.g. the `revokeToken` family in that respect that \"only\" has 6 variations.\r\n\r\nAlso, `ServiceBuilderOAuth20`'s `build()` method returns a `OAuth20Service` so the application would have to cast the result of `build()` to `KeycloakService` to access these 6 new methods. :-(\r\n\r\n### `OAuth2AccessToken` gets new `getAccessToken(..., Map\u003cString, String\u003e extraParameters)` methods\r\n\r\nHere instead of creating a custom `KeycloakService` we add more generic methods to the base class. Again, we'll end up with 12 methods instead of the current 6.\r\n\r\nI don't like this for the same maintainability reasons.\r\n\r\n### Application Level Workaround - no scribejava changes\r\n\r\nEssentially we derive from KeycloakApi to just provide strictly what we need:\r\n\r\nWe Implement our own `OurKeycloakApi` that returns an `OurKeycloakService` that implements the one extra method we need. That is for sure the easiest for us to do, but it doesn't help out the next Keycloak user that runs into this problem.\r\n\r\nWe'll do this unless there is consensus here on what a PR should look like. We just think it is a shame others have to do similar customizations to get logging out to work properly.","author":{"url":"https://github.com/pmorch","@type":"Person","name":"pmorch"},"datePublished":"2020-08-21T11:08:44.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":6},"url":"https://github.com/980/scribejava/issues/980"}