Package org.keycloak.authentication.requiredactions

Class RecoveryAuthnCodesAction

java.lang.Object

org.keycloak.authentication.requiredactions.RecoveryAuthnCodesAction

All Implemented Interfaces:

CredentialAction, CredentialRegistrator, RequiredActionFactory, RequiredActionProvider, EnvironmentDependentProviderFactory, Provider, ProviderFactory<RequiredActionProvider>

public class RecoveryAuthnCodesAction
extends Object
implements RequiredActionProvider, RequiredActionFactory, EnvironmentDependentProviderFactory, CredentialRegistrator

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROVIDER_ID
static final int	RECOVERY_CODES_WARNING_THRESHOLD_DEFAULT
static final String	WARNING_THRESHOLD

Fields inherited from interface org.keycloak.authentication.RequiredActionFactory

MAX_AUTH_AGE_CONFIG_PROPERTIES

Constructor Summary

Constructors

Constructor	Description
RecoveryAuthnCodesAction()

Method Summary

Modifier and Type	Method	Description
void	close()	This is called when the server shuts down.
RequiredActionProvider	create(KeycloakSession session)
protected RecoveryAuthnCodesCredentialModel	createFromValues(List<String> generatedCodes, Long generatedAtTime, String generatedUserLabel)
void	evaluateTriggers(RequiredActionContext context)	Called every time a user authenticates.
List<ProviderConfigProperty>	getConfigMetadata()	Returns the metadata for each configuration property supported by this factory.
String	getCredentialType(KeycloakSession session, AuthenticationSessionModel authenticationSession)
String	getDisplayText()	Display text used in admin console to reference this required action
String	getId()
void	init(Config.Scope config)	Only called once when the factory is first created.
InitiatedActionSupport	initiatedActionSupport()	Determines what type of support is provided for application-initiated actions.
boolean	isOneTimeAction()	Flag indicating whether the execution of the required action by the same circumstances (e.g.
boolean	isSupported(Config.Scope config)	Check if the provider is supported and should be available based on the provider configuration.
void	postInit(KeycloakSessionFactory factory)	Called after all provider factories have been initialized
void	processAction(RequiredActionContext reqActionContext)	Called when a required action has form input you want to process.
void	requiredActionChallenge(RequiredActionContext context)	If the user has a required action set, this method will be the initial call to obtain what to display to the user's browser.
void	validateConfig(KeycloakSession session, RealmModel realm, RequiredActionConfigModel model)	Allows users to validate the provided configuration for this required action.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, order

Methods inherited from interface org.keycloak.authentication.RequiredActionFactory

isConfigurable

Methods inherited from interface org.keycloak.authentication.RequiredActionProvider

getMaxAuthAge, getMaxAuthAge, initiatedActionCanceled

Field Details

PROVIDER_ID

public static final String PROVIDER_ID

WARNING_THRESHOLD

public static final String WARNING_THRESHOLD

See Also:

• Constant Field Values

RECOVERY_CODES_WARNING_THRESHOLD_DEFAULT

public static final int RECOVERY_CODES_WARNING_THRESHOLD_DEFAULT

See Also:

• Constant Field Values

Constructor Details

RecoveryAuthnCodesAction

public RecoveryAuthnCodesAction()

Method Details

getId

public String getId()

Specified by:

getId in interface ProviderFactory<RequiredActionProvider>

getCredentialType

public String getCredentialType(KeycloakSession session,
 AuthenticationSessionModel authenticationSession)

Specified by:

getCredentialType in interface CredentialAction

Returns:

credential type, which this action is able to register. This should refer to the same value as returned by CredentialProvider.getType() of the corresponding credential provider and ConfigurableAuthenticatorFactory.getReferenceCategory() of the corresponding authenticator

getDisplayText

public String getDisplayText()

Description copied from interface: RequiredActionFactory

Display text used in admin console to reference this required action

Specified by:

getDisplayText in interface RequiredActionFactory

Returns:

create

public RequiredActionProvider create(KeycloakSession session)

Specified by:

create in interface ProviderFactory<RequiredActionProvider>

init

public void init(Config.Scope config)

Description copied from interface: ProviderFactory

Only called once when the factory is first created. This config is pulled from keycloak_server.json

Specified by:

init in interface ProviderFactory<RequiredActionProvider>

postInit

public void postInit(KeycloakSessionFactory factory)

Description copied from interface: ProviderFactory

Called after all provider factories have been initialized

Specified by:

postInit in interface ProviderFactory<RequiredActionProvider>

isOneTimeAction

public boolean isOneTimeAction()

Description copied from interface: RequiredActionFactory

Flag indicating whether the execution of the required action by the same circumstances (e.g. by one and the same action token) should only be permitted once.

Specified by:

isOneTimeAction in interface RequiredActionFactory

Returns:

initiatedActionSupport

public InitiatedActionSupport initiatedActionSupport()

Description copied from interface: RequiredActionProvider

Determines what type of support is provided for application-initiated actions.

Specified by:

initiatedActionSupport in interface RequiredActionProvider

Returns:

InititatedActionsSupport

evaluateTriggers

public void evaluateTriggers(RequiredActionContext context)

Description copied from interface: RequiredActionProvider

Called every time a user authenticates. This checks to see if this required action should be triggered. The implementation of this method is responsible for setting the required action on the UserModel. For example, the UpdatePassword required actions checks the password policies to see if the password has expired.

Specified by:

evaluateTriggers in interface RequiredActionProvider

requiredActionChallenge

public void requiredActionChallenge(RequiredActionContext context)

Description copied from interface: RequiredActionProvider

If the user has a required action set, this method will be the initial call to obtain what to display to the user's browser. Return null if no action should be done.

Specified by:

requiredActionChallenge in interface RequiredActionProvider

processAction

public void processAction(RequiredActionContext reqActionContext)

Description copied from interface: RequiredActionProvider

Called when a required action has form input you want to process.

Specified by:

processAction in interface RequiredActionProvider

createFromValues

protected RecoveryAuthnCodesCredentialModel createFromValues(List<String> generatedCodes,
 Long generatedAtTime,
 String generatedUserLabel)

close

public void close()

Description copied from interface: ProviderFactory

This is called when the server shuts down.

Specified by:

close in interface Provider

Specified by:

close in interface ProviderFactory<RequiredActionProvider>

isSupported

public boolean isSupported(Config.Scope config)

Description copied from interface: EnvironmentDependentProviderFactory

Check if the provider is supported and should be available based on the provider configuration.

Specified by:

isSupported in interface EnvironmentDependentProviderFactory

Parameters:

config - the provider configuration

Returns:

true if the provider is supported. Otherwise, false.

getConfigMetadata

public List<ProviderConfigProperty> getConfigMetadata()

Description copied from interface: ProviderFactory

Returns the metadata for each configuration property supported by this factory.

Specified by:

getConfigMetadata in interface ProviderFactory<RequiredActionProvider>

Specified by:

getConfigMetadata in interface RequiredActionFactory

Returns:

a list with the metadata for each configuration property supported by this factory

validateConfig

public void validateConfig(KeycloakSession session,
 RealmModel realm,
 RequiredActionConfigModel model)

Description copied from interface: RequiredActionFactory

Allows users to validate the provided configuration for this required action. Users can throw a ModelValidationException to indicate that the configuration is invalid. Defaults validating max_auth_age value.

Specified by:

validateConfig in interface RequiredActionFactory