Package org.keycloak.broker.oidc

Class OIDCIdentityProviderConfig

java.lang.Object

org.keycloak.models.IdentityProviderModel

org.keycloak.broker.oidc.OAuth2IdentityProviderConfig

org.keycloak.broker.oidc.OIDCIdentityProviderConfig

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

FacebookIdentityProviderConfig, GoogleIdentityProviderConfig, KubernetesIdentityProviderConfig, MicrosoftIdentityProviderConfig

public class OIDCIdentityProviderConfig
extends OAuth2IdentityProviderConfig

Author:

Pedro Igor

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final String	IS_ACCESS_TOKEN_JWT
static final String	JWKS_URL
static final String	SUPPORTS_CLIENT_ASSERTION_REUSE
static final String	SUPPORTS_CLIENT_ASSERTIONS
static final String	USE_JWKS_URL
static final String	VALIDATE_SIGNATURE

Fields inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig

JWT_X509_HEADERS_ENABLED, PKCE_ENABLED, PKCE_METHOD, REQUIRES_SHORT_STATE_PARAMETER, TOKEN_ENDPOINT_URL, TOKEN_INTROSPECTION_URL

Fields inherited from class org.keycloak.models.IdentityProviderModel

addReadTokenRoleOnCreate, ALIAS, ALIAS_NOT_IN, ALLOWED_CLOCK_SKEW, AUTHENTICATE_BY_DEFAULT, CASE_SENSITIVE_ORIGINAL_USERNAME, CLAIM_FILTER_NAME, CLAIM_FILTER_VALUE, DEFAULT_MIN_VALIDITY_TOKEN, DISPLAY_NAME, DO_NOT_STORE_USERS, ENABLED, FILTERED_BY_CLAIMS, FIRST_BROKER_LOGIN_FLOW_ID, HIDE_ON_LOGIN, ISSUER, LEGACY_HIDE_ON_LOGIN_ATTR, LINK_ONLY, linkOnly, LOGIN_HINT, METADATA_DESCRIPTOR_URL, MIN_VALIDITY_TOKEN, ORGANIZATION_ID, ORGANIZATION_ID_NOT_NULL, PASS_MAX_AGE, POST_BROKER_LOGIN_FLOW_ID, SEARCH, SHOW_IN_ACCOUNT_CONSOLE, SYNC_MODE

Constructor Summary

Constructors

Constructor	Description
OIDCIdentityProviderConfig()
OIDCIdentityProviderConfig(IdentityProviderModel identityProviderModel)

Method Summary

Modifier and Type	Method	Description
int	getAllowedClockSkew()
String	getIssuer()
String	getJwksUrl()
String	getLogoutUrl()
String	getPrompt()
String	getPublicKeySignatureVerifier()
String	getPublicKeySignatureVerifierKeyId()
boolean	isAccessTokenJwt()
boolean	isBackchannelSupported()
boolean	isDisableNonce()
boolean	isDisableTypeClaimCheck()
boolean	isDisableUserInfoService()
boolean	isSendClientIdOnLogout()
boolean	isSendIdTokenOnLogout()
boolean	isSupportsClientAssertionReuse()
boolean	isSupportsClientAssertions()
boolean	isUseJwksUrl()
boolean	isValidateSignature()
void	setAccessTokenJwt(boolean accessTokenJwt)
void	setBackchannelSupported(boolean backchannel)
void	setDisableNonce(boolean disableNonce)
void	setDisableTypeClaimCheck(boolean disableTypeClaimCheck)
void	setDisableUserInfoService(boolean disable)
void	setIssuer(String issuer)
void	setJwksUrl(String jwksUrl)
void	setLogoutUrl(String url)
void	setPrompt(String prompt)
void	setPublicKeySignatureVerifier(String signingCertificate)
void	setPublicKeySignatureVerifierKeyId(String publicKeySignatureVerifierKeyId)
void	setSendClientOnLogout(boolean value)
void	setSendIdTokenOnLogout(boolean value)
void	setUseJwksUrl(boolean useJwksUrl)
void	setValidateSignature(boolean validateSignature)
void	validate(RealmModel realm)	Validates this configuration.

Methods inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig

getAuthorizationUrl, getClientAssertionAudience, getClientAssertionSigningAlg, getClientAuthMethod, getClientId, getClientSecret, getDefaultScope, getEmailClaim, getFamilyNameClaim, getForwardParameters, getFullNameClaim, getGivenNameClaim, getPkceMethod, getTokenIntrospectionUrl, getTokenUrl, getUserIDClaim, getUserInfoUrl, getUserNameClaim, isBasicAuthentication, isBasicAuthenticationUnencoded, isJWTAuthentication, isJwtX509HeadersEnabled, isPkceEnabled, isRequiresShortStateParameter, isUiLocales, setAuthorizationUrl, setClientAssertionAudience, setClientAssertionSigningAlg, setClientAuthMethod, setClientId, setClientSecret, setDefaultScope, setForwardParameters, setJwtX509HeadersEnabled, setPkceEnabled, setPkceMethod, setRequiresShortStateParameter, setTokenIntrospectionUrl, setTokenUrl, setUiLocales, setUserInfoUrl

Methods inherited from class org.keycloak.models.IdentityProviderModel

equals, getAlias, getClaimFilterName, getClaimFilterValue, getConfig, getDisplayIconClasses, getDisplayName, getFirstBrokerLoginFlowId, getInternalId, getMetadataDescriptorUrl, getMinValidityToken, getOrganizationId, getPostBrokerLoginFlowId, getProviderId, getShowInAccountConsole, getSyncMode, hashCode, isAddReadTokenRoleOnCreate, isAuthenticateByDefault, isCaseSensitiveOriginalUsername, isEnabled, isFilteredByClaims, isHideOnLogin, isLinkOnly, isLoginHint, isPassMaxAge, isStoreToken, isTransientUsers, isTrustEmail, setAddReadTokenRoleOnCreate, setAlias, setAuthenticateByDefault, setCaseSensitiveOriginalUsername, setClaimFilterName, setClaimFilterValue, setConfig, setDisplayName, setEnabled, setFilteredByClaims, setFirstBrokerLoginFlowId, setHideOnLogin, setInternalId, setLinkOnly, setLoginHint, setMetadataDescriptorUrl, setMinValidityToken, setOrganizationId, setPassMaxAge, setPostBrokerLoginFlowId, setProviderId, setStoreToken, setSyncMode, setTransientUsers, setTrustEmail

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Details

JWKS_URL

public static final String JWKS_URL

See Also:

• Constant Field Values

USE_JWKS_URL

public static final String USE_JWKS_URL

See Also:

• Constant Field Values

VALIDATE_SIGNATURE

public static final String VALIDATE_SIGNATURE

See Also:

• Constant Field Values

IS_ACCESS_TOKEN_JWT

public static final String IS_ACCESS_TOKEN_JWT

See Also:

• Constant Field Values

SUPPORTS_CLIENT_ASSERTIONS

public static final String SUPPORTS_CLIENT_ASSERTIONS

See Also:

• Constant Field Values

SUPPORTS_CLIENT_ASSERTION_REUSE

public static final String SUPPORTS_CLIENT_ASSERTION_REUSE

See Also:

• Constant Field Values

Constructor Details

OIDCIdentityProviderConfig

public OIDCIdentityProviderConfig(IdentityProviderModel identityProviderModel)

OIDCIdentityProviderConfig

public OIDCIdentityProviderConfig()

Method Details

getPrompt

public String getPrompt()

Overrides:

getPrompt in class OAuth2IdentityProviderConfig

setPrompt

public void setPrompt(String prompt)

getIssuer

public String getIssuer()

setIssuer

public void setIssuer(String issuer)

getLogoutUrl

public String getLogoutUrl()

setLogoutUrl

public void setLogoutUrl(String url)

isSendClientIdOnLogout

public boolean isSendClientIdOnLogout()

setSendClientOnLogout

public void setSendClientOnLogout(boolean value)

isSendIdTokenOnLogout

public boolean isSendIdTokenOnLogout()

setSendIdTokenOnLogout

public void setSendIdTokenOnLogout(boolean value)

getPublicKeySignatureVerifier

public String getPublicKeySignatureVerifier()

setPublicKeySignatureVerifier

public void setPublicKeySignatureVerifier(String signingCertificate)

getPublicKeySignatureVerifierKeyId

public String getPublicKeySignatureVerifierKeyId()

setPublicKeySignatureVerifierKeyId

public void setPublicKeySignatureVerifierKeyId(String publicKeySignatureVerifierKeyId)

isValidateSignature

public boolean isValidateSignature()

setValidateSignature

public void setValidateSignature(boolean validateSignature)

setAccessTokenJwt

public void setAccessTokenJwt(boolean accessTokenJwt)

isAccessTokenJwt

public boolean isAccessTokenJwt()

isUseJwksUrl

public boolean isUseJwksUrl()

setUseJwksUrl

public void setUseJwksUrl(boolean useJwksUrl)

getJwksUrl

public String getJwksUrl()

setJwksUrl

public void setJwksUrl(String jwksUrl)

isBackchannelSupported

public boolean isBackchannelSupported()

setBackchannelSupported

public void setBackchannelSupported(boolean backchannel)

isDisableUserInfoService

public boolean isDisableUserInfoService()

setDisableUserInfoService

public void setDisableUserInfoService(boolean disable)

isDisableNonce

public boolean isDisableNonce()

setDisableNonce

public void setDisableNonce(boolean disableNonce)

getAllowedClockSkew

public int getAllowedClockSkew()

isDisableTypeClaimCheck

public boolean isDisableTypeClaimCheck()

setDisableTypeClaimCheck

public void setDisableTypeClaimCheck(boolean disableTypeClaimCheck)

isSupportsClientAssertions

public boolean isSupportsClientAssertions()

isSupportsClientAssertionReuse

public boolean isSupportsClientAssertionReuse()

validate

public void validate(RealmModel realm)

Description copied from class: IdentityProviderModel

Validates this configuration.

Sub-classes can override this method in order to enforce provider specific validations.

Overrides:

validate in class OAuth2IdentityProviderConfig

Parameters:

realm - the realm