public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig> implements ExchangeExternalToken
Modifier and Type | Class and Description |
---|---|
protected class |
OIDCIdentityProvider.OIDCEndpoint |
AbstractOAuth2IdentityProvider.Endpoint
IdentityProvider.AuthenticationCallback
Modifier and Type | Field and Description |
---|---|
static String |
ACCESS_TOKEN_EXPIRATION |
static String |
EXCHANGE_PROVIDER |
static String |
FEDERATED_ACCESS_TOKEN_RESPONSE |
static String |
FEDERATED_ID_TOKEN |
protected static org.jboss.logging.Logger |
logger |
static String |
SCOPE_OPENID |
static String |
USER_INFO |
static String |
VALIDATED_ID_TOKEN |
ACCESS_DENIED, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE
ACCOUNT_LINK_URL, session
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
Constructor and Description |
---|
OIDCIdentityProvider(KeycloakSession session,
OIDCIdentityProviderConfig config) |
Modifier and Type | Method and Description |
---|---|
void |
authenticationFinished(AuthenticationSessionModel authSession,
BrokeredIdentityContext context) |
void |
backchannelLogout(KeycloakSession session,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
RealmModel realm) |
protected void |
backchannelLogout(UserSessionModel userSession,
String idToken) |
Object |
callback(RealmModel realm,
IdentityProvider.AuthenticationCallback callback,
EventBuilder event)
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
|
protected javax.ws.rs.core.UriBuilder |
createAuthorizationUrl(AuthenticationRequest request) |
protected BrokeredIdentityContext |
exchangeExternalImpl(EventBuilder event,
javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected javax.ws.rs.core.Response |
exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject) |
protected javax.ws.rs.core.Response |
exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject) |
protected BrokeredIdentityContext |
extractIdentity(AccessTokenResponse tokenResponse,
String accessToken,
JsonWebToken idToken) |
protected BrokeredIdentityContext |
extractIdentityFromProfile(EventBuilder event,
com.fasterxml.jackson.databind.JsonNode userInfo) |
protected String |
getDefaultScopes() |
BrokeredIdentityContext |
getFederatedIdentity(String response) |
protected String |
getProfileEndpointForValidation(EventBuilder event) |
protected SimpleHttp |
getRefreshTokenRequest(KeycloakSession session,
String refreshToken,
String clientId,
String clientSecret) |
protected String |
getUserInfoUrl() |
protected String |
getusernameClaimNameForIdToken() |
protected String |
getUsernameFromUserInfo(com.fasterxml.jackson.databind.JsonNode userInfo) |
boolean |
isIssuer(String issuer,
javax.ws.rs.core.MultivaluedMap<String,String> params) |
javax.ws.rs.core.Response |
keycloakInitiatedBrowserLogout(KeycloakSession session,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
RealmModel realm)
Called when a Keycloak application initiates a logout through the browser.
|
void |
preprocessFederatedIdentity(KeycloakSession session,
RealmModel realm,
BrokeredIdentityContext context) |
protected void |
processAccessTokenResponse(BrokeredIdentityContext context,
AccessTokenResponse response) |
String |
refreshTokenForLogout(KeycloakSession session,
UserSessionModel userSession)
Returns access token response as a string from a refresh token invocation on the remote OIDC broker
|
protected boolean |
supportsExternalExchange() |
protected BrokeredIdentityContext |
validateJwt(EventBuilder event,
String subjectToken,
String subjectTokenType) |
protected JsonWebToken |
validateToken(String encodedToken) |
protected JsonWebToken |
validateToken(String encodedToken,
boolean ignoreAudience) |
protected boolean |
verify(JWSInput jws) |
asJsonNode, authenticateTokenRequest, buildUserInfoRequest, doGetFederatedIdentity, exchangeExternal, exchangeExternalComplete, exchangeExternalUserInfoValidationOnly, exchangeFromToken, extractTokenFromResponse, generateToken, getAccessTokenResponseParameter, getConfig, getJsonProperty, getSignatureContext, hasExternalExchangeToken, performLogin, retrieveToken, validateExternalTokenThroughUserInfo
close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, updateBrokeredUser
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
exchangeExternal, exchangeExternalComplete
protected static final org.jboss.logging.Logger logger
public static final String SCOPE_OPENID
public static final String FEDERATED_ID_TOKEN
public static final String USER_INFO
public static final String FEDERATED_ACCESS_TOKEN_RESPONSE
public static final String VALIDATED_ID_TOKEN
public static final String ACCESS_TOKEN_EXPIRATION
public static final String EXCHANGE_PROVIDER
public OIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
IdentityProvider
callback
in interface IdentityProvider<OIDCIdentityProviderConfig>
callback
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
public String refreshTokenForLogout(KeycloakSession session, UserSessionModel userSession)
session
- userSession
- public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
backchannelLogout
in interface IdentityProvider<OIDCIdentityProviderConfig>
backchannelLogout
in class AbstractIdentityProvider<OIDCIdentityProviderConfig>
protected void backchannelLogout(UserSessionModel userSession, String idToken)
public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
IdentityProvider
keycloakInitiatedBrowserLogout
in interface IdentityProvider<OIDCIdentityProviderConfig>
keycloakInitiatedBrowserLogout
in class AbstractIdentityProvider<OIDCIdentityProviderConfig>
protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
exchangeStoredToken
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response)
protected SimpleHttp getRefreshTokenRequest(KeycloakSession session, String refreshToken, String clientId, String clientSecret)
protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
exchangeSessionToken
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
public BrokeredIdentityContext getFederatedIdentity(String response)
getFederatedIdentity
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken) throws IOException
IOException
protected String getusernameClaimNameForIdToken()
protected String getUserInfoUrl()
protected boolean verify(JWSInput jws)
protected JsonWebToken validateToken(String encodedToken)
protected JsonWebToken validateToken(String encodedToken, boolean ignoreAudience)
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
authenticationFinished
in interface IdentityProvider<OIDCIdentityProviderConfig>
authenticationFinished
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected String getDefaultScopes()
getDefaultScopes
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
public boolean isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
isIssuer
in interface ExchangeExternalToken
isIssuer
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected boolean supportsExternalExchange()
supportsExternalExchange
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected String getProfileEndpointForValidation(EventBuilder event)
getProfileEndpointForValidation
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode userInfo)
extractIdentityFromProfile
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected String getUsernameFromUserInfo(com.fasterxml.jackson.databind.JsonNode userInfo)
protected final BrokeredIdentityContext validateJwt(EventBuilder event, String subjectToken, String subjectTokenType)
protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
exchangeExternalImpl
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)
createAuthorizationUrl
in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
preprocessFederatedIdentity
in interface IdentityProvider<OIDCIdentityProviderConfig>
preprocessFederatedIdentity
in class AbstractIdentityProvider<OIDCIdentityProviderConfig>
Copyright © 2020 JBoss by Red Hat. All rights reserved.