Class AbstractTokenExchangeProvider
java.lang.Object
org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
- All Implemented Interfaces:
TokenExchangeProvider,Provider
- Direct Known Subclasses:
StandardTokenExchangeProvider,V1TokenExchangeProvider
Base token exchange implementation. For now for both V1 and V2 token exchange (may change in the follow-up commits)
- Author:
- Dmitry Telegin
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static final record -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected ClientModelprotected ClientConnectionprotected TokenExchangeContextprotected Corsprotected EventBuilderprotected jakarta.ws.rs.core.HttpHeadersprotected TokenExchangeContext.Paramsprotected RealmModelprotected KeycloakSessionprotected TokenManager -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()protected AuthenticationSessionModelcreateSessionModel(UserSessionModel targetUserSession, RootAuthenticationSessionModel rootAuthSession, UserModel targetUser, ClientModel client, String scope) jakarta.ws.rs.core.Responseexchange(TokenExchangeContext context) Exchange thetoken.protected jakarta.ws.rs.core.ResponseexchangeClientToClient(UserModel targetUser, UserSessionModel targetUserSession, AccessToken token, boolean disallowOnHolderOfTokenMismatch) protected abstract jakarta.ws.rs.core.ResponseexchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken) protected abstract jakarta.ws.rs.core.ResponseexchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients) protected jakarta.ws.rs.core.ResponseexchangeExternalToken(String subjectIssuer, String subjectToken) protected jakarta.ws.rs.core.ResponseexchangeToIdentityProvider(UserModel targetUser, UserSessionModel targetUserSession, String requestedIssuer) protected voidforbiddenIfClientIsNotTokenHolder(boolean disallowOnHolderOfTokenMismatch, ClientModel tokenHolder) protected voidprotected abstract StringgetRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients) protected abstract Stringprotected StringgetSubjectIssuer(TokenExchangeContext context, String subjectToken, String subjectTokenType) protected List<ClientModel>protected UserModelprotected booleanIs it the request for external-internal token exchange?protected voidsetClientToContext(List<ClientModel> targetAudienceClients) protected abstract jakarta.ws.rs.core.Responseprotected voidupdateUserSessionFromClientAuth(UserSessionModel userSession) protected abstract voidvalidateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.protocol.oidc.TokenExchangeProvider
getVersion, supports
-
Field Details
-
params
-
formParams
-
session
-
cors
-
realm
-
client
-
event
-
clientConnection
-
headers
protected jakarta.ws.rs.core.HttpHeaders headers -
tokenManager
-
clientAuthAttributes
-
context
-
-
Constructor Details
-
AbstractTokenExchangeProvider
public AbstractTokenExchangeProvider()
-
-
Method Details
-
exchange
Description copied from interface:TokenExchangeProviderExchange thetoken.- Specified by:
exchangein interfaceTokenExchangeProvider- Returns:
- response with a new token
-
close
public void close() -
tokenExchange
protected abstract jakarta.ws.rs.core.Response tokenExchange() -
isExternalInternalTokenExchangeRequest
Is it the request for external-internal token exchange? -
getSubjectIssuer
protected String getSubjectIssuer(TokenExchangeContext context, String subjectToken, String subjectTokenType) -
exchangeToIdentityProvider
protected jakarta.ws.rs.core.Response exchangeToIdentityProvider(UserModel targetUser, UserSessionModel targetUserSession, String requestedIssuer) -
getRequestedTokenType
-
getTargetAudienceClients
-
validateAudience
protected abstract void validateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients) -
exchangeClientToClient
protected jakarta.ws.rs.core.Response exchangeClientToClient(UserModel targetUser, UserSessionModel targetUserSession, AccessToken token, boolean disallowOnHolderOfTokenMismatch) -
forbiddenIfClientIsNotWithinTokenAudience
-
forbiddenIfClientIsNotTokenHolder
protected void forbiddenIfClientIsNotTokenHolder(boolean disallowOnHolderOfTokenMismatch, ClientModel tokenHolder) -
getSupportedOAuthResponseTokenTypes
-
createSessionModel
protected AuthenticationSessionModel createSessionModel(UserSessionModel targetUserSession, RootAuthenticationSessionModel rootAuthSession, UserModel targetUser, ClientModel client, String scope) -
getRequestedScope
protected abstract String getRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients) -
setClientToContext
-
exchangeClientToOIDCClient
protected abstract jakarta.ws.rs.core.Response exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken) -
exchangeClientToSAML2Client
protected abstract jakarta.ws.rs.core.Response exchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients) -
exchangeExternalToken
-
importUserFromExternalIdentity
-
updateUserSessionFromClientAuth
-
locateExchangeExternalTokenByAlias
protected AbstractTokenExchangeProvider.ExternalExchangeContext locateExchangeExternalTokenByAlias(String alias)
-