tulequ

AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError")
ServicesLogger = Java.type("org.keycloak.services.ServicesLogger")
AbstractIdpAuthenticator = Java.type("org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator")
IdpCreateUserIfUniqueAuthenticator = Java.type("org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator")


var IdpUserMustExists = Java.extend(IdpCreateUserIfUniqueAuthenticator)


function authenticate(context) {

pjeby

Keycloak One-click Registration for Github and Twitter

Unlike Google and Facebook, Twitter and Github require extra steps to obtain a user's email address: extra steps that Keycloak doesn't do! Instead, Twitter and Github users must manually enter an email that then has to be verified.

This script fixes that problem. It's a Javascript Authenticator for Keycloak that can be placed as a required step at the beginning of a copy of the "first broker login" authentication flow -- which can then be set as the first broker flow for the Github and Twitter identity providers.

Then, when a user registers with Keycloak using one of these providers, this script invokes the right APIs to get the user's email. Twitter only has one email, so it returns that. For Github, it returns the account's primary email address, if it is verified and not a users.noreply.github.com address. If there is no primary, the first public verified address is returned. If there are no public verified addresses, the first verified a

thomasdarimont

package de.tdlabs.idm.keycloak.ext.authentication;

import static java.time.LocalDateTime.now;
import static java.util.Arrays.asList;

import java.util.List;

import org.jboss.logging.Logger;
import org.keycloak.Config.Scope;
import org.keycloak.authentication.RequiredActionContext;