org.keycloak.services.resources

Class IdentityBrokerService

java.lang.Object

org.keycloak.services.resources.IdentityBrokerService

All Implemented Interfaces:

IdentityProvider.AuthenticationCallback

public class IdentityBrokerService
extends Object
implements IdentityProvider.AuthenticationCallback

Author:

Pedro Igor

Constructor Summary

Constructors

Constructor and Description
IdentityBrokerService(RealmModel realmModel)

Method Summary

Modifier and Type	Method and Description
javax.ws.rs.core.Response	afterFirstBrokerLogin(String code, String clientId, String tabId)
javax.ws.rs.core.Response	afterPostBrokerLoginFlow(String code, String clientId, String tabId)
javax.ws.rs.core.Response	authenticated(BrokeredIdentityContext context) This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP.
protected javax.ws.rs.core.Response	browserAuthentication(AuthenticationSessionModel authSession, String errorMessage)
javax.ws.rs.core.Response	cancelled() Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side.
javax.ws.rs.core.Response	clientInitiatedAccountLinking(String providerId, String redirectUri, String clientId, String nonce, String hash)
javax.ws.rs.core.Response	clientIntiatedAccountLinkingPreflight(String providerId) Closes off CORS preflight requests for account linking
javax.ws.rs.core.Response	error(String message) Called when error happened on the IDP side.
AuthenticationSessionModel	getAndVerifyAuthenticationSession(String encodedCode) Common method to return current authenticationSession and verify if it is not expired
Object	getEndpoint(String providerId)
static IdentityProvider	getIdentityProvider(KeycloakSession session, RealmModel realm, String alias)
static IdentityProviderFactory	getIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)
void	init()
javax.ws.rs.core.Response	performLogin(String providerId, String code, String clientId, String tabId, String loginHint)
javax.ws.rs.core.Response	performPostLogin(String providerId, String code, String clientId, String tabId, String loginHint)
javax.ws.rs.core.Response	retrieveToken(String providerId)
javax.ws.rs.core.Response	retrieveTokenPreflight()
javax.ws.rs.core.Response	validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IdentityBrokerService

public IdentityBrokerService(RealmModel realmModel)

Method Detail

init

public void init()

clientIntiatedAccountLinkingPreflight

@OPTIONS
 @Path(value="/{provider_id}/link")
public javax.ws.rs.core.Response clientIntiatedAccountLinkingPreflight(@PathParam(value="provider_id")
                                                                                                                    String providerId)

Closes off CORS preflight requests for account linking

Parameters:

providerId -

Returns:

clientInitiatedAccountLinking

@GET
 @Path(value="/{provider_id}/link")
public javax.ws.rs.core.Response clientInitiatedAccountLinking(@PathParam(value="provider_id")
                                                                                                        String providerId,
                                                                                                        @QueryParam(value="redirect_uri")
                                                                                                        String redirectUri,
                                                                                                        @QueryParam(value="client_id")
                                                                                                        String clientId,
                                                                                                        @QueryParam(value="nonce")
                                                                                                        String nonce,
                                                                                                        @QueryParam(value="hash")
                                                                                                        String hash)

performPostLogin

@POST
 @Path(value="/{provider_id}/login")
public javax.ws.rs.core.Response performPostLogin(@PathParam(value="provider_id")
                                                                                             String providerId,
                                                                                             @QueryParam(value="session_code")
                                                                                             String code,
                                                                                             @QueryParam(value="client_id")
                                                                                             String clientId,
                                                                                             @QueryParam(value="tab_id")
                                                                                             String tabId,
                                                                                             @QueryParam(value="login_hint")
                                                                                             String loginHint)

performLogin

@GET
 @Path(value="/{provider_id}/login")
public javax.ws.rs.core.Response performLogin(@PathParam(value="provider_id")
                                                                                        String providerId,
                                                                                        @QueryParam(value="session_code")
                                                                                        String code,
                                                                                        @QueryParam(value="client_id")
                                                                                        String clientId,
                                                                                        @QueryParam(value="tab_id")
                                                                                        String tabId,
                                                                                        @QueryParam(value="login_hint")
                                                                                        String loginHint)

getEndpoint

@Path(value="{provider_id}/endpoint")
public Object getEndpoint(@PathParam(value="provider_id")
                                                                String providerId)

retrieveTokenPreflight

@Path(value="{provider_id}/token")
 @OPTIONS
public javax.ws.rs.core.Response retrieveTokenPreflight()

retrieveToken

@GET
 @Path(value="{provider_id}/token")
public javax.ws.rs.core.Response retrieveToken(@PathParam(value="provider_id")
                                                                                        String providerId)

authenticated

public javax.ws.rs.core.Response authenticated(BrokeredIdentityContext context)

Description copied from interface: IdentityProvider.AuthenticationCallback

This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP. There is an assumption that authenticationSession is set in the context when this method is called

Specified by:

authenticated in interface IdentityProvider.AuthenticationCallback

Returns:

see description

validateUser

public javax.ws.rs.core.Response validateUser(AuthenticationSessionModel authSession,
                                              UserModel user,
                                              RealmModel realm)

afterFirstBrokerLogin

@GET
 @Path(value="/after-first-broker-login")
public javax.ws.rs.core.Response afterFirstBrokerLogin(@QueryParam(value="session_code")
                                                                                                      String code,
                                                                                                      @QueryParam(value="client_id")
                                                                                                      String clientId,
                                                                                                      @QueryParam(value="tab_id")
                                                                                                      String tabId)

afterPostBrokerLoginFlow

@GET
 @Path(value="/after-post-broker-login")
public javax.ws.rs.core.Response afterPostBrokerLoginFlow(@QueryParam(value="session_code")
                                                                                                        String code,
                                                                                                        @QueryParam(value="client_id")
                                                                                                        String clientId,
                                                                                                        @QueryParam(value="tab_id")
                                                                                                        String tabId)

cancelled

public javax.ws.rs.core.Response cancelled()

Description copied from interface: IdentityProvider.AuthenticationCallback

Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side. Assumption is that authenticationSession is set in the KeycloakContext when this method is called

Specified by:

cancelled in interface IdentityProvider.AuthenticationCallback

Returns:

see description

error

public javax.ws.rs.core.Response error(String message)

Description copied from interface: IdentityProvider.AuthenticationCallback

Called when error happened on the IDP side. Assumption is that authenticationSession is set in the KeycloakContext when this method is called

Specified by:

error in interface IdentityProvider.AuthenticationCallback

Returns:

see description

getAndVerifyAuthenticationSession

public AuthenticationSessionModel getAndVerifyAuthenticationSession(String encodedCode)

Description copied from interface: IdentityProvider.AuthenticationCallback

Common method to return current authenticationSession and verify if it is not expired

Specified by:

getAndVerifyAuthenticationSession in interface IdentityProvider.AuthenticationCallback

Returns:

see description

browserAuthentication

protected javax.ws.rs.core.Response browserAuthentication(AuthenticationSessionModel authSession,
                                                          String errorMessage)

getIdentityProvider

public static IdentityProvider getIdentityProvider(KeycloakSession session,
                                                   RealmModel realm,
                                                   String alias)

getIdentityProviderFactory

public static IdentityProviderFactory getIdentityProviderFactory(KeycloakSession session,
                                                                 IdentityProviderModel model)