Add confirm cookie authenticator example

thomasdarimont · thomasdarimont · commit d5c36763dc2c · 2025-04-09T10:57:19.000+02:00
diff --git a/keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/auth/confirmcookie/ConfirmCookieAuthenticator.java b/keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/auth/confirmcookie/ConfirmCookieAuthenticator.java
@@ -0,0 +1,143 @@
+package com.github.thomasdarimont.keycloak.custom.auth.confirmcookie;
+
+import com.google.auto.service.AutoService;
+import jakarta.ws.rs.core.Response;
+import lombok.extern.jbosslog.JBossLog;
+import org.keycloak.Config;
+import org.keycloak.authentication.AuthenticationFlowContext;
+import org.keycloak.authentication.Authenticator;
+import org.keycloak.authentication.AuthenticatorFactory;
+import org.keycloak.authentication.authenticators.browser.CookieAuthenticator;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderConfigurationBuilder;
+import org.keycloak.provider.ServerInfoAwareProviderFactory;
+import org.keycloak.services.managers.AuthenticationManager;
+
+import java.util.List;
+import java.util.Map;
+
+@JBossLog
+public class ConfirmCookieAuthenticator extends CookieAuthenticator {
+
+    static final ConfirmCookieAuthenticator INSTANCE = new ConfirmCookieAuthenticator();
+
+    @Override
+    public void authenticate(AuthenticationFlowContext context) {
+        AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(),
+                context.getRealm(), true);
+        if (authResult == null) {
+            context.attempted();
+            return;
+        }
+
+        Response response = context.form() //
+                .createForm("login-confirm-cookie-form.ftl");
+        context.challenge(response);
+    }
+
+    @Override
+    public void action(AuthenticationFlowContext context) {
+        super.authenticate(context);
+    }
+
+    @Override
+    public boolean requiresUser() {
+        return false;
+    }
+
+    @Override
+    public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
+        return false;
+    }
+
+    @Override
+    public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
+
+    }
+
+    @Override
+    public void close() {
+
+    }
+
+    @AutoService(AuthenticatorFactory.class)
+    public static class Factory implements AuthenticatorFactory, ServerInfoAwareProviderFactory {
+
+        @Override
+        public String getId() {
+            return "acme-auth-confirm-cookie";
+        }
+
+        @Override
+        public Authenticator create(KeycloakSession session) {
+            return INSTANCE;
+        }
+
+        @Override
+        public String getDisplayType() {
+            return "Acme: Confirm Cookie Authenticator";
+        }
+
+        @Override
+        public String getHelpText() {
+            return "Shows a form asking to confirm cookie";
+        }
+
+        @Override
+        public String getReferenceCategory() {
+            return "hello";
+        }
+
+        @Override
+        public boolean isConfigurable() {
+            return true;
+        }
+
+        @Override
+        public List<ProviderConfigProperty> getConfigProperties() {
+
+            List<ProviderConfigProperty> properties = ProviderConfigurationBuilder.create() //
+                    .property().name("message").label("Message")
+                    .helpText("Message text").type(ProviderConfigProperty.STRING_TYPE)
+                    .defaultValue("hello").add()
+
+                    .build();
+            return properties;
+        }
+
+        @Override
+        public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
+            return REQUIREMENT_CHOICES;
+        }
+
+        @Override
+        public boolean isUserSetupAllowed() {
+            return false;
+        }
+
+        @Override
+        public void postInit(KeycloakSessionFactory factory) {
+            // called after factory is found
+        }
+
+        @Override
+        public void init(Config.Scope config) {
+        }
+
+
+        @Override
+        public void close() {
+
+        }
+
+        @Override
+        public Map<String, String> getOperationalInfo() {
+            return Map.of("info", "infoValue");
+        }
+    }
+}
diff --git a/keycloak/themes/internal/login/login-confirm-cookie-form.ftl b/keycloak/themes/internal/login/login-confirm-cookie-form.ftl
@@ -0,0 +1,42 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=true displayMessage=!messagesPerField.existsError('code') showAnotherWayIfPresent=false; section>
+    <#if section = "header">
+        Confirm Cookie: ${realm.displayName}
+    <#elseif section = "form">
+
+        <h1>Confirm Cookie</h1>
+
+        <form id="kc-confirm-cookie-login-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+
+            <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
+<#--                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">-->
+<#--                    <div class="${properties.kcFormOptionsWrapperClass!}">-->
+<#--                        <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>-->
+<#--                    </div>-->
+<#--                </div>-->
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <div class="${properties.kcFormButtonsWrapperClass!}">
+                        <input name="proceed"
+                                class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+                               type="submit" value="Continue"/>
+
+<#--                        <input name="switchUser"-->
+<#--                           class="${properties.kcButtonClass!} ${properties.kcButtonSecondaryClass!} ${properties.kcButtonBlockClass!}  ${properties.kcButtonLargeClass!}"-->
+<#--                           type="submit" value="Switch User"-->
+<#--                           formnovalidate="formnovalidate"/>-->
+
+                        <a id="reset-login" href="${url.loginRestartFlowUrl}" aria-label="${msg("restartLoginTooltip")}" class="${properties.kcButtonClass!} ${properties.kcButtonSecondaryClass!} ${properties.kcButtonBlockClass!}  ${properties.kcButtonLargeClass!}">
+                            Switch User
+                            <div class="kc-login-tooltip">
+                                <span class="kc-tooltip-text">Switch User</span>
+                            </div>
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </form>
+    <#elseif section = "info" >
+        Confirm Cookie Instruction
+    </#if>
+</@layout.registrationLayout>
