Class JWTClientCredentialsProvider

All Implemented Interfaces:

public class JWTClientCredentialsProvider extends Object implements ClientCredentialsProvider
Client authentication based on JWT signed by client private key . See specs for more details.
Marek Posolda
  • Field Details

  • Constructor Details

    • JWTClientCredentialsProvider

      public JWTClientCredentialsProvider()
  • Method Details

    • getId

      public String getId()
      Description copied from interface: ClientCredentialsProvider
      Return the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }
      Specified by:
      getId in interface ClientCredentialsProvider
    • setupKeyPair

      public void setupKeyPair(KeyPair keyPair)
    • setupKeyPair

      public void setupKeyPair(KeyPair keyPair, String algorithm)
    • setTokenTimeout

      public void setTokenTimeout(int tokenTimeout)
    • getTokenTimeout

      protected int getTokenTimeout()
    • getPublicKey

      public PublicKey getPublicKey()
    • init

      public void init(AdapterConfig deployment, Object config)
      Description copied from interface: ClientCredentialsProvider
      Called by adapter during deployment of your application. You can for example read configuration and init your authenticator here
      Specified by:
      init in interface ClientCredentialsProvider
      deployment - the adapter configuration
      config - the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
    • setClientCredentials

      public void setClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)
      Description copied from interface: ClientCredentialsProvider
      Called every time adapter needs to perform backchannel request
      Specified by:
      setClientCredentials in interface ClientCredentialsProvider
      deployment - Fully resolved deployment
      requestHeaders - You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak server
      formParams - You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
    • createSignedRequestToken

      public String createSignedRequestToken(String clientId, String realmInfoUrl)
    • createRequestToken

      protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl)