Class StandardTokenExchangeProvider
java.lang.Object
org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
org.keycloak.protocol.oidc.tokenexchange.StandardTokenExchangeProvider
- All Implemented Interfaces:
TokenExchangeProvider,Provider
Provider for internal-internal token exchange, which is compliant with the token exchange specification https://datatracker.ietf.org/doc/html/rfc8693
- Author:
- Marek Posolda
-
Field Summary
Fields inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
client, clientAuthAttributes, clientConnection, context, cors, event, formParams, headers, params, realm, session, tokenManager -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidcheckRequestedAudiences(TokenManager.AccessTokenResponseBuilder responseBuilder) protected jakarta.ws.rs.core.ResponseexchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken) protected jakarta.ws.rs.core.ResponseexchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients) protected StringgetRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients) protected Stringprotected voidsetClientToContext(List<ClientModel> targetAudienceClients) booleansupports(TokenExchangeContext context) Check if exchange request is supported by this providerprotected jakarta.ws.rs.core.Responseprotected voidvalidateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients) protected voidvalidateConsents(UserModel targetUser, ClientSessionContext clientSessionCtx) Methods inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
close, createSessionModel, exchange, exchangeClientToClient, exchangeExternalToken, exchangeToIdentityProvider, forbiddenIfClientIsNotTokenHolder, forbiddenIfClientIsNotWithinTokenAudience, getSubjectIssuer, getTargetAudienceClients, getTargetClient, importUserFromExternalIdentity, isExternalInternalTokenExchangeRequest, updateUserSessionFromClientAuth
-
Constructor Details
-
StandardTokenExchangeProvider
public StandardTokenExchangeProvider()
-
-
Method Details
-
supports
Description copied from interface:TokenExchangeProviderCheck if exchange request is supported by this provider- Parameters:
context- token exchange context- Returns:
- true if the request is supported
-
tokenExchange
protected jakarta.ws.rs.core.Response tokenExchange()- Specified by:
tokenExchangein classAbstractTokenExchangeProvider
-
validateAudience
protected void validateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients) - Overrides:
validateAudiencein classAbstractTokenExchangeProvider
-
validateConsents
-
getRequestedScope
- Overrides:
getRequestedScopein classAbstractTokenExchangeProvider
-
setClientToContext
- Overrides:
setClientToContextin classAbstractTokenExchangeProvider
-
exchangeClientToOIDCClient
protected jakarta.ws.rs.core.Response exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken) - Overrides:
exchangeClientToOIDCClientin classAbstractTokenExchangeProvider
-
exchangeClientToSAML2Client
protected jakarta.ws.rs.core.Response exchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients) - Overrides:
exchangeClientToSAML2Clientin classAbstractTokenExchangeProvider
-
checkRequestedAudiences
-
getSupportedOAuthResponseTokenTypes
- Overrides:
getSupportedOAuthResponseTokenTypesin classAbstractTokenExchangeProvider
-
getRequestedTokenType
- Overrides:
getRequestedTokenTypein classAbstractTokenExchangeProvider
-