Class JWTClientSecretCredentialsProvider
- java.lang.Object
-
- org.keycloak.protocol.oidc.client.authentication.JWTClientSecretCredentialsProvider
-
- All Implemented Interfaces:
ClientCredentialsProvider
public class JWTClientSecretCredentialsProvider extends Object implements ClientCredentialsProvider
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.
-
-
Field Summary
Fields Modifier and Type Field Description static StringPROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientSecretCredentialsProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected JsonWebTokencreateRequestToken(String clientId, String realmInfoUrl)StringcreateSignedRequestToken(String clientId, String realmInfoUrl)StringcreateSignedRequestToken(String clientId, String realmInfoUrl, String algorithm)StringgetId()Return the ID of the provider.voidinit(AdapterConfig deployment, Object config)Called by adapter during deployment of your application.voidsetClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)Called every time adapter needs to perform backchannel requestvoidsetClientSecret(String clientSecretString)voidsetClientSecret(String clientSecretString, String algorithm)
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getId
public String getId()
Description copied from interface:ClientCredentialsProviderReturn the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }- Specified by:
getIdin interfaceClientCredentialsProvider- Returns:
-
init
public void init(AdapterConfig deployment, Object config)
Description copied from interface:ClientCredentialsProviderCalled by adapter during deployment of your application. You can for example read configuration and init your authenticator here- Specified by:
initin interfaceClientCredentialsProvider- Parameters:
deployment- the adapter configurationconfig- the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
-
setClientCredentials
public void setClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)
Description copied from interface:ClientCredentialsProviderCalled every time adapter needs to perform backchannel request- Specified by:
setClientCredentialsin interfaceClientCredentialsProvider- Parameters:
deployment- Fully resolved deploymentrequestHeaders- You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak serverformParams- You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
-
setClientSecret
public void setClientSecret(String clientSecretString)
-
createSignedRequestToken
public String createSignedRequestToken(String clientId, String realmInfoUrl)
-
createSignedRequestToken
public String createSignedRequestToken(String clientId, String realmInfoUrl, String algorithm)
-
createRequestToken
protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl)
-
-