From 75aae0cad9944722e77d7579f48d44fec6b698c5 Mon Sep 17 00:00:00 2001
From: tomqwpl <42344626+tomqwpl@users.noreply.github.com>
Date: Tue, 5 Nov 2024 09:48:24 +0000
Subject: [PATCH] Add support for "direct naked impersonation" (#465)

* Add support for "direct naked impersonation"

* Lint error on comment
---
 client.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/client.go b/client.go
index b6d47efe..497bd765 100644
--- a/client.go
+++ b/client.go
@@ -583,6 +583,19 @@ func (g *GoCloak) LoginClientTokenExchange(ctx context.Context, clientID, token,
 	return g.GetToken(ctx, realm, tokenOptions)
 }
 
+// DirectNakedImpersonationTokenExchange performs "Direct Naked Impersonation"
+// See: https://www.keycloak.org/docs/latest/securing_apps/index.html#direct-naked-impersonation
+func (g *GoCloak) DirectNakedImpersonationTokenExchange(ctx context.Context, clientID, clientSecret, realm, userID string) (*JWT, error) {
+	tokenOptions := TokenOptions{
+		ClientID:           &clientID,
+		ClientSecret:       &clientSecret,
+		GrantType:          StringP("urn:ietf:params:oauth:grant-type:token-exchange"),
+		RequestedTokenType: StringP("urn:ietf:params:oauth:token-type:refresh_token"),
+		RequestedSubject:   StringP(userID),
+	}
+	return g.GetToken(ctx, realm, tokenOptions)
+}
+
 // LoginClientSignedJWT performs a login with client credentials and signed jwt claims
 func (g *GoCloak) LoginClientSignedJWT(
 	ctx context.Context,