Package org.keycloak.protocol.oidc.grants.device

Class DeviceGrantType

java.lang.Object

org.keycloak.protocol.oidc.grants.OAuth2GrantTypeBase

org.keycloak.protocol.oidc.grants.device.DeviceGrantType

All Implemented Interfaces:

OAuth2GrantType, Provider

public class DeviceGrantType
extends OAuth2GrantTypeBase

OAuth 2.0 Device Authorization Grant https://datatracker.ietf.org/doc/html/rfc8628#section-3.4

Author:

Hiroyuki Wada, Michito Okai

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.protocol.oidc.grants.OAuth2GrantType

OAuth2GrantType.Context

Field Summary

Fields

Modifier and Type	Field	Description
static final String	OAUTH2_DEVICE_USER_CODE
static final String	OAUTH2_DEVICE_VERIFIED_USER_CODE
static final String	OAUTH2_USER_CODE_VERIFY

Fields inherited from class org.keycloak.protocol.oidc.grants.OAuth2GrantTypeBase

client, clientAuthAttributes, clientConfig, clientConnection, context, cors, dPoP, event, formParams, headers, realm, request, response, session, tokenManager

Constructor Summary

Constructors

Constructor	Description
DeviceGrantType()

Method Summary

Modifier and Type	Method	Description
static jakarta.ws.rs.core.Response	approveOAuth2DeviceAuthorization(AuthenticationSessionModel authSession, AuthenticatedClientSessionModel clientSession, KeycloakSession session)
static boolean	approveUserCode(KeycloakSession session, RealmModel realm, String userCode, String userSessionId, Map<String,String> additionalParams)
static jakarta.ws.rs.core.Response	denyOAuth2DeviceAuthorization(AuthenticationSessionModel authSession, LoginProtocol.Error error, KeycloakSession session)
static boolean	denyUserCode(KeycloakSession session, RealmModel realm, String userCode)
static OAuth2DeviceCodeModel	getDeviceByDeviceCode(KeycloakSession session, RealmModel realm, ClientModel client, EventBuilder event, String deviceCode)
EventType	getEventType()	Returns the event type associated with this OAuth 2.0 grant type.
static boolean	isOAuth2DeviceVerificationFlow(AuthenticationSessionModel authSession)
static boolean	isPollingAllowed(KeycloakSession session, OAuth2DeviceCodeModel deviceCodeModel)
static jakarta.ws.rs.core.UriBuilder	oauth2DeviceAuthUrl(jakarta.ws.rs.core.UriBuilder baseUriBuilder)
static jakarta.ws.rs.core.UriBuilder	oauth2DeviceVerificationCompletedUrl(jakarta.ws.rs.core.UriInfo baseUri)
static jakarta.ws.rs.core.UriBuilder	oauth2DeviceVerificationUrl(jakarta.ws.rs.core.UriInfo uriInfo)
jakarta.ws.rs.core.Response	process(OAuth2GrantType.Context context)	Processes grant request.
static URI	realmOAuth2DeviceVerificationAction(URI baseUri, String realmName)
static void	removeDeviceByDeviceCode(KeycloakSession session, String deviceCode)
static void	removeDeviceByUserCode(KeycloakSession session, RealmModel realm, String userCode)

Methods inherited from class org.keycloak.protocol.oidc.grants.OAuth2GrantTypeBase

checkAndBindDPoPToken, checkAndBindMtlsHoKToken, checkAndRetrieveDPoPProof, checkClient, close, createTokenResponse, getRequestedScopes, setContext, updateClientSession, updateUserSessionFromClientAuth

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

OAUTH2_DEVICE_VERIFIED_USER_CODE

public static final String OAUTH2_DEVICE_VERIFIED_USER_CODE

See Also:

• Constant Field Values

OAUTH2_DEVICE_USER_CODE

public static final String OAUTH2_DEVICE_USER_CODE

See Also:

• Constant Field Values

OAUTH2_USER_CODE_VERIFY

public static final String OAUTH2_USER_CODE_VERIFY

See Also:

• Constant Field Values

Constructor Details

DeviceGrantType

public DeviceGrantType()

Method Details

oauth2DeviceVerificationUrl

public static jakarta.ws.rs.core.UriBuilder oauth2DeviceVerificationUrl(jakarta.ws.rs.core.UriInfo uriInfo)

realmOAuth2DeviceVerificationAction

public static URI realmOAuth2DeviceVerificationAction(URI baseUri,
 String realmName)

oauth2DeviceAuthUrl

public static jakarta.ws.rs.core.UriBuilder oauth2DeviceAuthUrl(jakarta.ws.rs.core.UriBuilder baseUriBuilder)

oauth2DeviceVerificationCompletedUrl

public static jakarta.ws.rs.core.UriBuilder oauth2DeviceVerificationCompletedUrl(jakarta.ws.rs.core.UriInfo baseUri)

denyOAuth2DeviceAuthorization

public static jakarta.ws.rs.core.Response denyOAuth2DeviceAuthorization(AuthenticationSessionModel authSession,
 LoginProtocol.Error error,
 KeycloakSession session)

approveOAuth2DeviceAuthorization

public static jakarta.ws.rs.core.Response approveOAuth2DeviceAuthorization(AuthenticationSessionModel authSession,
 AuthenticatedClientSessionModel clientSession,
 KeycloakSession session)

isOAuth2DeviceVerificationFlow

public static boolean isOAuth2DeviceVerificationFlow(AuthenticationSessionModel authSession)

getDeviceByDeviceCode

public static OAuth2DeviceCodeModel getDeviceByDeviceCode(KeycloakSession session,
 RealmModel realm,
 ClientModel client,
 EventBuilder event,
 String deviceCode)

removeDeviceByDeviceCode

public static void removeDeviceByDeviceCode(KeycloakSession session,
 String deviceCode)

removeDeviceByUserCode

public static void removeDeviceByUserCode(KeycloakSession session,
 RealmModel realm,
 String userCode)

isPollingAllowed

public static boolean isPollingAllowed(KeycloakSession session,
 OAuth2DeviceCodeModel deviceCodeModel)

approveUserCode

public static boolean approveUserCode(KeycloakSession session,
 RealmModel realm,
 String userCode,
 String userSessionId,
 Map<String,String> additionalParams)

denyUserCode

public static boolean denyUserCode(KeycloakSession session,
 RealmModel realm,
 String userCode)

process

public jakarta.ws.rs.core.Response process(OAuth2GrantType.Context context)

Description copied from interface: OAuth2GrantType

Processes grant request.

Parameters:

context - grant request context

Returns:

token response

getEventType

public EventType getEventType()

Description copied from interface: OAuth2GrantType

Returns the event type associated with this OAuth 2.0 grant type.

Returns:

event type