Class JWTClientSecretCredentialsProvider

java.lang.Object
org.keycloak.protocol.oidc.client.authentication.JWTClientSecretCredentialsProvider
All Implemented Interfaces:
ClientCredentialsProvider

public class JWTClientSecretCredentialsProvider extends Object implements ClientCredentialsProvider
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.
  • Field Details

  • Constructor Details

    • JWTClientSecretCredentialsProvider

      public JWTClientSecretCredentialsProvider()
  • Method Details

    • getId

      public String getId()
      Description copied from interface: ClientCredentialsProvider
      Return the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }
      Specified by:
      getId in interface ClientCredentialsProvider
      Returns:
    • init

      public void init(AdapterConfig deployment, Object config)
      Description copied from interface: ClientCredentialsProvider
      Called by adapter during deployment of your application. You can for example read configuration and init your authenticator here
      Specified by:
      init in interface ClientCredentialsProvider
      Parameters:
      deployment - the adapter configuration
      config - the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
    • setClientCredentials

      public void setClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)
      Description copied from interface: ClientCredentialsProvider
      Called every time adapter needs to perform backchannel request
      Specified by:
      setClientCredentials in interface ClientCredentialsProvider
      Parameters:
      deployment - Fully resolved deployment
      requestHeaders - You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak server
      formParams - You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
    • setClientSecret

      public void setClientSecret(String clientSecretString)
    • setClientSecret

      public void setClientSecret(String clientSecretString, String algorithm)
    • createSignedRequestToken

      public String createSignedRequestToken(String clientId, String realmInfoUrl)
    • createSignedRequestToken

      public String createSignedRequestToken(String clientId, String realmInfoUrl, String algorithm)
    • createRequestToken

      protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl)