Package org.keycloak.protocol.oidc.client.authentication

Class JWTClientCredentialsProvider

java.lang.Object

org.keycloak.protocol.oidc.client.authentication.JWTClientCredentialsProvider

All Implemented Interfaces:

ClientCredentialsProvider

public class JWTClientCredentialsProvider
extends Object
implements ClientCredentialsProvider

Client authentication based on JWT signed by client private key . See specs for more details.

Author:

Marek Posolda

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROVIDER_ID

Constructor Summary

Constructors

Constructor	Description
JWTClientCredentialsProvider()

Method Summary

Modifier and Type	Method	Description
protected JsonWebToken	createRequestToken(String clientId, String realmInfoUrl)
String	createSignedRequestToken(String clientId, String realmInfoUrl)
String	getId()	Return the ID of the provider.
PublicKey	getPublicKey()
protected int	getTokenTimeout()
void	init(AdapterConfig deployment, Object config)	Called by adapter during deployment of your application.
void	setClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)	Called every time adapter needs to perform backchannel request
void	setTokenTimeout(int tokenTimeout)
void	setupKeyPair(KeyPair keyPair)
void	setupKeyPair(KeyPair keyPair, String algorithm)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

• Constant Field Values

Constructor Details

JWTClientCredentialsProvider

public JWTClientCredentialsProvider()

Method Details

getId

public String getId()

Description copied from interface: ClientCredentialsProvider

Return the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }

Specified by:

getId in interface ClientCredentialsProvider

Returns:

setupKeyPair

public void setupKeyPair(KeyPair keyPair)

setupKeyPair

public void setupKeyPair(KeyPair keyPair,
 String algorithm)

setTokenTimeout

public void setTokenTimeout(int tokenTimeout)

getTokenTimeout

protected int getTokenTimeout()

getPublicKey

public PublicKey getPublicKey()

init

public void init(AdapterConfig deployment,
 Object config)

Description copied from interface: ClientCredentialsProvider

Called by adapter during deployment of your application. You can for example read configuration and init your authenticator here

Specified by:

init in interface ClientCredentialsProvider

Parameters:

deployment - the adapter configuration

config - the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"

setClientCredentials

public void setClientCredentials(AdapterConfig deployment,
 Map<String,String> requestHeaders,
 Map<String,String> formParams)

Description copied from interface: ClientCredentialsProvider

Called every time adapter needs to perform backchannel request

Specified by:

setClientCredentials in interface ClientCredentialsProvider

Parameters:

deployment - Fully resolved deployment

requestHeaders - You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak server

formParams - You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server

createSignedRequestToken

public String createSignedRequestToken(String clientId,
 String realmInfoUrl)

createRequestToken

protected JsonWebToken createRequestToken(String clientId,
 String realmInfoUrl)