org.keycloak.protocol.oidc

Class OIDCLoginProtocol

java.lang.Object

org.keycloak.protocol.oidc.OIDCLoginProtocol

All Implemented Interfaces:

LoginProtocol, Provider

public class OIDCLoginProtocol
extends Object
implements LoginProtocol

Author:

Bill Burke, Stian Thorgersen

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol

LoginProtocol.Error

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACR_PARAM
static String	CLAIMS_PARAM
static String	CLIENT_ID_PARAM
static String	CLIENT_SECRET_BASIC
static String	CLIENT_SECRET_JWT
static String	CLIENT_SECRET_POST
static String	CODE_CHALLENGE_METHOD_PARAM
static String	CODE_CHALLENGE_PARAM
static String	CODE_PARAM
protected EventBuilder	event
static String	GRANT_TYPE_PARAM
protected javax.ws.rs.core.HttpHeaders	headers
static String	ID_TOKEN_HINT
static String	ISSUER
static String	LOGIN_HINT_PARAM
static String	LOGIN_PROTOCOL
static String	LOGOUT_REDIRECT_URI
static String	LOGOUT_STATE_PARAM
static String	MAX_AGE_PARAM
static String	NONCE_PARAM
static int	PKCE_CODE_CHALLENGE_MAX_LENGTH
static int	PKCE_CODE_CHALLENGE_MIN_LENGTH
static int	PKCE_CODE_VERIFIER_MAX_LENGTH
static int	PKCE_CODE_VERIFIER_MIN_LENGTH
static String	PKCE_METHOD_PLAIN
static String	PKCE_METHOD_S256
static String	PRIVATE_KEY_JWT
static String	PROMPT_PARAM
static String	PROMPT_VALUE_CONSENT
static String	PROMPT_VALUE_LOGIN
static String	PROMPT_VALUE_NONE
static String	PROMPT_VALUE_SELECT_ACCOUNT
protected RealmModel	realm
static String	REDIRECT_URI_PARAM
static String	REQUEST_PARAM
static String	REQUEST_URI_PARAM
static String	RESPONSE_MODE_PARAM
static String	RESPONSE_TYPE_PARAM
protected OIDCResponseMode	responseMode
protected OIDCResponseType	responseType
static String	SCOPE_PARAM
protected KeycloakSession	session
static String	STATE_PARAM
static String	TLS_CLIENT_AUTH
static String	UI_LOCALES_PARAM
protected javax.ws.rs.core.UriInfo	uriInfo

Constructor Summary

Constructors

Constructor and Description
OIDCLoginProtocol()
OIDCLoginProtocol(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers, EventBuilder event)

Method Summary

Modifier and Type	Method and Description
javax.ws.rs.core.Response	authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
javax.ws.rs.core.Response	backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
void	close()
javax.ws.rs.core.Response	finishLogout(UserSessionModel userSession)
javax.ws.rs.core.Response	frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
protected boolean	isAuthTimeExpired(UserSessionModel userSession, AuthenticationSessionModel authSession)
protected boolean	isPromptLogin(AuthenticationSessionModel authSession)
protected boolean	isReAuthRequiredForKcAction(UserSessionModel userSession, AuthenticationSessionModel authSession)
boolean	requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession)
javax.ws.rs.core.Response	sendError(AuthenticationSessionModel authSession, LoginProtocol.Error error)
boolean	sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl) Send not-before revocation policy to the given client.
OIDCLoginProtocol	setEventBuilder(EventBuilder event)
OIDCLoginProtocol	setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)
OIDCLoginProtocol	setRealm(RealmModel realm)
OIDCLoginProtocol	setSession(KeycloakSession session)
OIDCLoginProtocol	setUriInfo(javax.ws.rs.core.UriInfo uriInfo)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGIN_PROTOCOL

public static final String LOGIN_PROTOCOL

See Also:

Constant Field Values

STATE_PARAM

public static final String STATE_PARAM

See Also:

Constant Field Values

LOGOUT_STATE_PARAM

public static final String LOGOUT_STATE_PARAM

See Also:

Constant Field Values

SCOPE_PARAM

public static final String SCOPE_PARAM

See Also:

Constant Field Values

CODE_PARAM

public static final String CODE_PARAM

See Also:

Constant Field Values

RESPONSE_TYPE_PARAM

public static final String RESPONSE_TYPE_PARAM

See Also:

Constant Field Values

GRANT_TYPE_PARAM

public static final String GRANT_TYPE_PARAM

See Also:

Constant Field Values

REDIRECT_URI_PARAM

public static final String REDIRECT_URI_PARAM

See Also:

Constant Field Values

CLIENT_ID_PARAM

public static final String CLIENT_ID_PARAM

See Also:

Constant Field Values

NONCE_PARAM

public static final String NONCE_PARAM

See Also:

Constant Field Values

MAX_AGE_PARAM

public static final String MAX_AGE_PARAM

See Also:

Constant Field Values

PROMPT_PARAM

public static final String PROMPT_PARAM

See Also:

Constant Field Values

LOGIN_HINT_PARAM

public static final String LOGIN_HINT_PARAM

See Also:

Constant Field Values

REQUEST_PARAM

public static final String REQUEST_PARAM

See Also:

Constant Field Values

REQUEST_URI_PARAM

public static final String REQUEST_URI_PARAM

See Also:

Constant Field Values

UI_LOCALES_PARAM

public static final String UI_LOCALES_PARAM

See Also:

Constant Field Values

CLAIMS_PARAM

public static final String CLAIMS_PARAM

See Also:

Constant Field Values

ACR_PARAM

public static final String ACR_PARAM

See Also:

Constant Field Values

ID_TOKEN_HINT

public static final String ID_TOKEN_HINT

See Also:

Constant Field Values

LOGOUT_REDIRECT_URI

public static final String LOGOUT_REDIRECT_URI

See Also:

Constant Field Values

ISSUER

public static final String ISSUER

See Also:

Constant Field Values

RESPONSE_MODE_PARAM

public static final String RESPONSE_MODE_PARAM

See Also:

Constant Field Values

PROMPT_VALUE_NONE

public static final String PROMPT_VALUE_NONE

See Also:

Constant Field Values

PROMPT_VALUE_LOGIN

public static final String PROMPT_VALUE_LOGIN

See Also:

Constant Field Values

PROMPT_VALUE_CONSENT

public static final String PROMPT_VALUE_CONSENT

See Also:

Constant Field Values

PROMPT_VALUE_SELECT_ACCOUNT

public static final String PROMPT_VALUE_SELECT_ACCOUNT

See Also:

Constant Field Values

CLIENT_SECRET_BASIC

public static final String CLIENT_SECRET_BASIC

See Also:

Constant Field Values

CLIENT_SECRET_POST

public static final String CLIENT_SECRET_POST

See Also:

Constant Field Values

CLIENT_SECRET_JWT

public static final String CLIENT_SECRET_JWT

See Also:

Constant Field Values

PRIVATE_KEY_JWT

public static final String PRIVATE_KEY_JWT

See Also:

Constant Field Values

TLS_CLIENT_AUTH

public static final String TLS_CLIENT_AUTH

See Also:

Constant Field Values

CODE_CHALLENGE_PARAM

public static final String CODE_CHALLENGE_PARAM

See Also:

Constant Field Values

CODE_CHALLENGE_METHOD_PARAM

public static final String CODE_CHALLENGE_METHOD_PARAM

See Also:

Constant Field Values

PKCE_CODE_CHALLENGE_MIN_LENGTH

public static final int PKCE_CODE_CHALLENGE_MIN_LENGTH

See Also:

Constant Field Values

PKCE_CODE_CHALLENGE_MAX_LENGTH

public static final int PKCE_CODE_CHALLENGE_MAX_LENGTH

See Also:

Constant Field Values

PKCE_CODE_VERIFIER_MIN_LENGTH

public static final int PKCE_CODE_VERIFIER_MIN_LENGTH

See Also:

Constant Field Values

PKCE_CODE_VERIFIER_MAX_LENGTH

public static final int PKCE_CODE_VERIFIER_MAX_LENGTH

See Also:

Constant Field Values

PKCE_METHOD_PLAIN

public static final String PKCE_METHOD_PLAIN

See Also:

Constant Field Values

PKCE_METHOD_S256

public static final String PKCE_METHOD_S256

See Also:

Constant Field Values

session

protected KeycloakSession session

realm

protected RealmModel realm

uriInfo

protected javax.ws.rs.core.UriInfo uriInfo

headers

protected javax.ws.rs.core.HttpHeaders headers

event

protected EventBuilder event

responseType

protected OIDCResponseType responseType

responseMode

protected OIDCResponseMode responseMode

Constructor Detail

OIDCLoginProtocol

public OIDCLoginProtocol(KeycloakSession session,
                         RealmModel realm,
                         javax.ws.rs.core.UriInfo uriInfo,
                         javax.ws.rs.core.HttpHeaders headers,
                         EventBuilder event)

OIDCLoginProtocol

public OIDCLoginProtocol()

Method Detail

setSession

public OIDCLoginProtocol setSession(KeycloakSession session)

Specified by:

setSession in interface LoginProtocol

setRealm

public OIDCLoginProtocol setRealm(RealmModel realm)

Specified by:

setRealm in interface LoginProtocol

setUriInfo

public OIDCLoginProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)

Specified by:

setUriInfo in interface LoginProtocol

setHttpHeaders

public OIDCLoginProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)

Specified by:

setHttpHeaders in interface LoginProtocol

setEventBuilder

public OIDCLoginProtocol setEventBuilder(EventBuilder event)

Specified by:

setEventBuilder in interface LoginProtocol

authenticated

public javax.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession,
                                               UserSessionModel userSession,
                                               ClientSessionContext clientSessionCtx)

Specified by:

authenticated in interface LoginProtocol

sendError

public javax.ws.rs.core.Response sendError(AuthenticationSessionModel authSession,
                                           LoginProtocol.Error error)

Specified by:

sendError in interface LoginProtocol

backchannelLogout

public javax.ws.rs.core.Response backchannelLogout(UserSessionModel userSession,
                                                   AuthenticatedClientSessionModel clientSession)

Specified by:

backchannelLogout in interface LoginProtocol

frontchannelLogout

public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession,
                                                    AuthenticatedClientSessionModel clientSession)

Specified by:

frontchannelLogout in interface LoginProtocol

finishLogout

public javax.ws.rs.core.Response finishLogout(UserSessionModel userSession)

Specified by:

finishLogout in interface LoginProtocol

requireReauthentication

public boolean requireReauthentication(UserSessionModel userSession,
                                       AuthenticationSessionModel authSession)

Specified by:

requireReauthentication in interface LoginProtocol

Returns:

true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate

isPromptLogin

protected boolean isPromptLogin(AuthenticationSessionModel authSession)

isAuthTimeExpired

protected boolean isAuthTimeExpired(UserSessionModel userSession,
                                    AuthenticationSessionModel authSession)

isReAuthRequiredForKcAction

protected boolean isReAuthRequiredForKcAction(UserSessionModel userSession,
                                              AuthenticationSessionModel authSession)

sendPushRevocationPolicyRequest

public boolean sendPushRevocationPolicyRequest(RealmModel realm,
                                               ClientModel resource,
                                               int notBefore,
                                               String managementUrl)

Description copied from interface: LoginProtocol

Send not-before revocation policy to the given client.

Specified by:

sendPushRevocationPolicyRequest in interface LoginProtocol

Returns:

true if revocation policy was successfully updated at the client, false otherwise.

close

public void close()

Specified by:

close in interface Provider