diff --git a/src/keycloak/Keycloak.Library/Authentication/KeycloakAccessTokenExtensions.cs b/src/keycloak/Keycloak.Library/Authentication/KeycloakAccessTokenExtensions.cs index 575b7544c2..9f42e9d4cc 100644 --- a/src/keycloak/Keycloak.Library/Authentication/KeycloakAccessTokenExtensions.cs +++ b/src/keycloak/Keycloak.Library/Authentication/KeycloakAccessTokenExtensions.cs @@ -32,7 +32,7 @@ public static async Task GetAccessToken(this KeycloakAccess if (token is null) { - return await GetToken(url, realm, userName, password, clientSecret, clientId, now, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None); + return await GetToken().ConfigureAwait(ConfigureAwaitOptions.None); } if (token.ExpiryTime > now) @@ -41,56 +41,51 @@ public static async Task GetAccessToken(this KeycloakAccess } return token.RefreshExpiryTime > now ? - await GetToken(url, realm, [ + await RetrieveToken([ new("grant_type", "refresh_token"), new("refresh_token", token.RefreshToken), new("client_id", clientId) - ], now, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None) : - await GetToken(url, realm, userName, password, clientSecret, clientId, now, cancellationToken) + ]).ConfigureAwait(ConfigureAwaitOptions.None) : + await GetToken() .ConfigureAwait(ConfigureAwaitOptions.None); - } - - private static async Task GetToken(Url url, string realm, string? userName, string? password, string? clientSecret, string clientId, DateTimeOffset requestTime, CancellationToken cancellationToken) - { - if (clientSecret != null) - { - return await GetToken(url, realm, [ - new("grant_type", "client_credentials"), - new("client_secret", clientSecret), - new("client_id", clientId) - ], requestTime, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None); - } - if (userName != null) + Task GetToken() { - return await GetToken(url, realm, [ - new("grant_type", "password"), - new("username", userName), - new("password", password ?? ""), - new("client_id", "admin-cli") - ], requestTime, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None); - } + if (clientSecret != null) + { + return RetrieveToken([ + new("grant_type", "client_credentials"), + new("client_secret", clientSecret), + new("client_id", clientId) + ]); + } - throw new ArgumentException($"{nameof(userName)} and {nameof(clientSecret)} must not all be null"); - } + if (userName != null) + { + return RetrieveToken([ + new("grant_type", "password"), + new("username", userName), + new("password", password ?? ""), + new("client_id", "admin-cli") + ]); + } - private static async Task GetToken(Url url, string realm, IEnumerable> keyValues, DateTimeOffset requestTime, CancellationToken cancellationToken) - { - var result = await url - .AppendPathSegments("realms", Url.Encode(realm), "protocol/openid-connect/token") - .WithHeader("Content-Type", "application/x-www-form-urlencoded") - .PostUrlEncodedAsync(keyValues, cancellationToken: cancellationToken) - .ReceiveJson().ConfigureAwait(ConfigureAwaitOptions.None); + throw new ArgumentException($"{nameof(userName)} and {nameof(clientSecret)} must not all be null"); + } - if (result is null) + async Task RetrieveToken(IEnumerable> keyValues) { - throw new ConflictException("result should never be null"); - } + var result = await url + .AppendPathSegments("realms", Url.Encode(realm), "protocol/openid-connect/token") + .WithHeader("Content-Type", "application/x-www-form-urlencoded") + .PostUrlEncodedAsync(keyValues, cancellationToken: cancellationToken) + .ReceiveJson().ConfigureAwait(ConfigureAwaitOptions.None) ?? throw new ConflictException("result should never be null"); - return new KeycloakAccessToken(result.AccessToken, requestTime.AddSeconds(result.ExpiresIn), result.RefreshToken, requestTime.AddSeconds(result.RefreshExpiresIn)); + return new KeycloakAccessToken(result.AccessToken, now.AddSeconds(result.ExpiresIn), result.RefreshToken, now.AddSeconds(result.RefreshExpiresIn)); + } } - private record AccessTokenResponse( + private sealed record AccessTokenResponse( [property: JsonPropertyName("access_token")] string AccessToken, [property: JsonPropertyName("expires_in")] int ExpiresIn, [property: JsonPropertyName("refresh_token")] string RefreshToken,