Package org.keycloak.authentication.authenticators.browser

Class PasskeysConditionalUIAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticator

org.keycloak.authentication.authenticators.browser.WebAuthnPasswordlessAuthenticator

org.keycloak.authentication.authenticators.browser.PasskeysConditionalUIAuthenticator

All Implemented Interfaces:

Authenticator, CredentialValidator<WebAuthnCredentialProvider>, Provider

public class PasskeysConditionalUIAuthenticator
extends WebAuthnPasswordlessAuthenticator

Constructor Summary

Constructors

Constructor	Description
PasskeysConditionalUIAuthenticator(KeycloakSession session)

Method Summary

Modifier and Type	Method	Description
void	authenticate(AuthenticationFlowContext context)	Initial call for the authenticator.

Methods inherited from class org.keycloak.authentication.authenticators.browser.WebAuthnPasswordlessAuthenticator

action, getCredentialProvider, getCredentialType, getRequiredActions, getWebAuthnPolicy, requiresUser, setRequiredActions, shouldDisplayAuthenticators, validateUsername

Methods inherited from class org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticator

close, configuredFor, getRpID

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

areRequiredActionsEnabled

Methods inherited from interface org.keycloak.authentication.CredentialValidator

getCredentials, getType

Constructor Details

PasskeysConditionalUIAuthenticator

public PasskeysConditionalUIAuthenticator(KeycloakSession session)

Method Details

authenticate

public void authenticate(AuthenticationFlowContext context)

Description copied from interface: Authenticator

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.

Specified by:

authenticate in interface Authenticator

Overrides:

authenticate in class WebAuthnAuthenticator