keycloak-group-by-domain/src/main/java/com/gruchalski/idp/spi/actions/UserMustBeApprovedAction.java

package com.gruchalski.idp.spi.actions;

import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionProvider;

public class UserMustBeApprovedAction implements RequiredActionProvider {

    public static String PROVIDER_ID = "USER_MUST_BE_APPROVED";

    @Override
    public void evaluateTriggers(RequiredActionContext requiredActionContext) {}

    @Override
    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        if (requiredActionContext
                .getUser()
                .getAttributes()
                .containsKey("x-approved")) {
            requiredActionContext.success();
        } else {
            requiredActionContext
                .getAuthenticationSession()
                .setRedirectUri("/errors/approval-required/");
            requiredActionContext.failure();
        }
    }

    @Override
    public void processAction(RequiredActionContext requiredActionContext) {}

    @Override
    public void close() {}
}