215 show a list of redirect uri

README.md

@@ -96,6 +96,7 @@ Follow these steps to deploy CAWS:
        - `manage-users`
        - `view-users`
        - `query-users`
+       - `view-clients`
      - Note: this client is used by Spring to communicate with keycloak for managing accounts; if your application relies on a client that authorizes via the Keycloak service, you will need to create it depending on your application's requirements
    - Under `Users` add a new Admin user and assign the `system-admin` role to it. This user will be used to invite the first researcher. Can be deactivated afterward.
    - Under `Realm settings` -> `Email` configure the email settings. This is used to send out invitations to researchers/participants. The same email server can be used as the one specified in the [configuration file](src/main/resources/config/application-local.yml).

src/main/kotlin/dk/cachet/carp/webservices/account/controller/AccountController.kt

@@ -26,6 +26,7 @@ class AccountController(private val accountService: AccountService) {
         const val INVITE = "/invite"
         const val ROLE = "/role"
         const val ACCOUNT = "/{${PathVariableName.ACCOUNT_ID}}"
+        const val REDIRECT_URIS = "/redirect-uris"
     }
 
     @PostMapping(INVITE)
@@ -62,4 +63,12 @@ class AccountController(private val accountService: AccountService) {
         LOGGER.info("Start GET: $ACCOUNT_BASE$ACCOUNT")
         return accountService.findByUUID(accountId)
     }
+
+    @GetMapping(REDIRECT_URIS)
+    @ResponseStatus(HttpStatus.OK)
+    @PreAuthorize("hasRole('RESEARCHER')")
+    suspend fun redirectUris(): List<String> {
+        LOGGER.info("Start GET: $ACCOUNT_BASE$REDIRECT_URIS")
+        return accountService.getRedirectUris()
+    }
 }

src/main/kotlin/dk/cachet/carp/webservices/account/service/AccountService.kt

@@ -45,4 +45,6 @@ interface AccountService {
         expirationSeconds: Long?,
         redirectUri: String?,
     ): Pair<UsernameAccountIdentity, String>
+
+    suspend fun getRedirectUris(): List<String>
 }

src/main/kotlin/dk/cachet/carp/webservices/account/service/impl/AccountServiceImpl.kt

@@ -160,4 +160,8 @@ class AccountServiceImpl(
             ),
         )
     }
+
+    override suspend fun getRedirectUris(): List<String> {
+        return issuerFacade.getRedirectUrisForClient()
+    }
 }

src/main/kotlin/dk/cachet/carp/webservices/security/authentication/oauth2/IssuerFacade.kt

@@ -7,6 +7,7 @@ import dk.cachet.carp.webservices.security.authentication.oauth2.issuers.keycloa
 import dk.cachet.carp.webservices.security.authorization.Claim
 import dk.cachet.carp.webservices.security.authorization.Role
 
+@Suppress("TooManyFunctions")
 interface IssuerFacade {
     suspend fun createAccount(account: Account): Account
 
@@ -38,4 +39,6 @@ interface IssuerFacade {
         redirectUri: String?,
         expirationSeconds: Long?,
     ): String
+
+    suspend fun getRedirectUrisForClient(): List<String>
 }

src/main/kotlin/dk/cachet/carp/webservices/security/authentication/oauth2/issuers/keycloak/KeycloakFacade.kt

@@ -258,6 +258,24 @@ class KeycloakFacade(
         return magicLinkResponse.link
     }
 
+    override suspend fun getRedirectUrisForClient(): List<String> {
+        val token = authenticate().accessToken
+
+        LOGGER.debug("Getting redirect URIs for client.")
+
+        val clientRepresentations =
+            adminClient.get().uri("/clients")
+                .headers {
+                    it.setBearerAuth(token!!)
+                }
+                .retrieve()
+                .awaitBody<List<Map<String, Any>>>()
+
+        val wsClientRepresentation = clientRepresentations.first { it["clientId"] == clientId }
+
+        return wsClientRepresentation["redirectUris"] as? List<String> ?: emptyList()
+    }
+
     private suspend fun queryAll(query: String): List<Account> {
         val token = authenticate().accessToken