Package org.keycloak.organization.protocol.mappers.oidc

Enum Class OrganizationScope

java.lang.Object
java.lang.Enum<OrganizationScope>
org.keycloak.organization.protocol.mappers.oidc.OrganizationScope
All Implemented Interfaces:
Serializable, Comparable<OrganizationScope>, Constable
public enum OrganizationScope extends Enum<OrganizationScope>

An enum with utility methods to process the OIDCLoginProtocolFactory.ORGANIZATION scope.

The OrganizationScope behaves like a dynamic scopes so that access to organizations is granted depending on how the client requests the OIDCLoginProtocolFactory.ORGANIZATION scope.

  • Enum Constant Details

    • ALL

      public static final OrganizationScope ALL
      Maps to any organization a user is a member. When this scope is requested by clients, all the organizations the user is a member are granted.

    • SINGLE

      public static final OrganizationScope SINGLE
      Maps to a specific organization the user is a member. When this scope is requested by clients, only the organization specified in the scope is granted.

    • ANY

      public static final OrganizationScope ANY
      Maps to a single organization if the user is a member of a single organization. When this scope is requested by clients, the user will be asked to select and organization if a member of multiple organizations or, in case the user is a member of a single organization, grant access to that organization.

  • Method Details

    • values

      public static OrganizationScope[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static OrganizationScope valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • resolveOrganizations

      public Stream<OrganizationModel> resolveOrganizations(UserModel user, String scope, KeycloakSession session)
      Returns the organizations mapped from the scope based on the given user.
      Parameters:
      user - the user. Can be null depending on how the scope resolves its value.
      scope - the string referencing the scope
      session - the session
      Returns:
      the organizations mapped from the scope parameter. Or an empty stream if no organizations were mapped from the parameter.

    • resolveOrganizations

      public Stream<OrganizationModel> resolveOrganizations(UserModel user, KeycloakSession session)
      Returns a stream of OrganizationScope instances based on the scopes from the AuthenticationSessionModel associated with the given session and where the given user is a member.
      Parameters:
      user - the user. Can be null depending on how the scope resolves its value.
      session - the session
      Returns:
      the organizations mapped from the scope parameter. Or an empty stream if no organizations were mapped from the parameter.

    • resolveOrganizations

      public Stream<OrganizationModel> resolveOrganizations(KeycloakSession session)
      Returns a stream of OrganizationScope instances based on the scopes from the AuthenticationSessionModel associated with the given session.
      Parameters:
      session - the session
      Returns:
      the organizations mapped from the scope parameter. Or an empty stream if no organizations were mapped from the parameter.

    • toClientScope

      public ClientScopeModel toClientScope(String name, UserModel user, KeycloakSession session)
      Returns a ClientScopeModel with the given name for this scope.
      Parameters:
      name - the name of the scope
      user - the user
      session - the session
      Returns:
      the ClientScopeModel

    • resolveName

      public String resolveName(KeycloakSession session, Set<String> scopes, String previous)

      Resolves the name of this scope based on the given set of scopes and the previous name.

      The scope name can be mapped to another scope depending on its semantics. Otherwise, it will map to the same name. This method is mainly useful to recognize if a scope previously granted is still valid and can be mapped to the new scope being requested. For instance, when refreshing tokens.

      Parameters:
      scopes - the scopes to resolve the name from
      previous - the previous name of this scope
      Returns:
      the name of the scope

    • valueOfScope

      public static OrganizationScope valueOfScope(KeycloakSession session, String rawScope)
      Returns a OrganizationScope instance based on the given rawScope.
      Parameters:
      rawScope - the string referencing the scope
      Returns:
      the organization scope that maps the given rawScope

    • valueOfScope

      public static OrganizationScope valueOfScope(KeycloakSession session)
      Returns a OrganizationScope instance based on the scopes from the AuthenticationSessionModel associated with the given session.
      Parameters:
      session - the session
      Returns:
      the organization scope that maps the given rawScope