Package org.keycloak.services.resources

Class IdentityBrokerService

java.lang.Object
org.keycloak.services.resources.IdentityBrokerService
All Implemented Interfaces:
IdentityProvider.AuthenticationCallback
public class IdentityBrokerService extends Object implements IdentityProvider.AuthenticationCallback

Author:
Pedro Igor

  • Field Details

  • Constructor Details

    • IdentityBrokerService

      public IdentityBrokerService(KeycloakSession session)

  • Method Details

    • init

      public void init()

    • clientIntiatedAccountLinkingPreflight

      @OPTIONS @Path("/{provider_alias}/link") public jakarta.ws.rs.core.Response clientIntiatedAccountLinkingPreflight(@PathParam("provider_alias") String providerAlias)
      Closes off CORS preflight requests for account linking
      Parameters:
      providerAlias -
      Returns:

    • clientInitiatedAccountLinking

      @GET @Path("/{provider_alias}/link") @Deprecated public jakarta.ws.rs.core.Response clientInitiatedAccountLinking(@PathParam("provider_alias") String providerAlias, @QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("nonce") String nonce, @QueryParam("hash") String hash)
      Deprecated.

    • performClientInitiatedAccountLogin

      public jakarta.ws.rs.core.Response performClientInitiatedAccountLogin(String providerAlias, ClientSessionCode<AuthenticationSessionModel> clientSessionCode)

    • performPostLogin

      @POST @Path("/{provider_alias}/login") public jakarta.ws.rs.core.Response performPostLogin(@PathParam("provider_alias") String providerAlias, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("client_data") String clientData, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint)

    • performLogin

      @GET @Path("/{provider_alias}/login") public jakarta.ws.rs.core.Response performLogin(@PathParam("provider_alias") String providerAlias, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("client_data") String clientData, @QueryParam("login_hint") String loginHint)

    • retryLogin

      public jakarta.ws.rs.core.Response retryLogin(IdentityProvider<?> identityProvider, AuthenticationSessionModel authSession)
      Description copied from interface: IdentityProvider.AuthenticationCallback
      Indicates that login with the particular IDP should be retried
      Specified by:
      retryLogin in interface IdentityProvider.AuthenticationCallback
      Parameters:
      identityProvider - provider to retry login
      authSession - authentication session
      Returns:
      see description

    • getEndpoint

      @Path("{provider_alias}/endpoint") public Object getEndpoint(@PathParam("provider_alias") String providerAlias)

    • retrieveTokenPreflight

      @Path("{provider_alias}/token") @OPTIONS public jakarta.ws.rs.core.Response retrieveTokenPreflight()

    • retrieveToken

      @GET @Path("{provider_alias}/token") public jakarta.ws.rs.core.Response retrieveToken(@PathParam("provider_alias") String providerAlias)

    • authenticated

      public jakarta.ws.rs.core.Response authenticated(BrokeredIdentityContext context)
      Description copied from interface: IdentityProvider.AuthenticationCallback
      This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP. There is an assumption that authenticationSession is set in the context when this method is called
      Specified by:
      authenticated in interface IdentityProvider.AuthenticationCallback
      Returns:
      see description

    • validateUser

      public jakarta.ws.rs.core.Response validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)

    • afterFirstBrokerLogin

      @GET @Path("/after-first-broker-login") public jakarta.ws.rs.core.Response afterFirstBrokerLogin(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("client_data") String clientData, @QueryParam("tab_id") String tabId)

    • afterPostBrokerLoginFlow

      @GET @Path("/after-post-broker-login") public jakarta.ws.rs.core.Response afterPostBrokerLoginFlow(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("client_data") String clientData, @QueryParam("tab_id") String tabId)

    • cancelled

      public jakarta.ws.rs.core.Response cancelled(IdentityProviderModel idpConfig)
      Description copied from interface: IdentityProvider.AuthenticationCallback
      Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side. Assumption is that authenticationSession is set in the KeycloakContext when this method is called
      Specified by:
      cancelled in interface IdentityProvider.AuthenticationCallback
      Parameters:
      idpConfig - identity provider config
      Returns:
      see description

    • error

      public jakarta.ws.rs.core.Response error(IdentityProviderModel idpConfig, String message)
      Description copied from interface: IdentityProvider.AuthenticationCallback
      Called when error happened on the IDP side. Assumption is that authenticationSession is set in the KeycloakContext when this method is called
      Specified by:
      error in interface IdentityProvider.AuthenticationCallback
      Returns:
      see description

    • getAndVerifyAuthenticationSession

      public AuthenticationSessionModel getAndVerifyAuthenticationSession(String encodedCode)
      Description copied from interface: IdentityProvider.AuthenticationCallback
      Common method to return current authenticationSession and verify if it is not expired
      Specified by:
      getAndVerifyAuthenticationSession in interface IdentityProvider.AuthenticationCallback
      Returns:
      see description

    • browserAuthentication

      protected jakarta.ws.rs.core.Response browserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters)

    • getIdentityProvider

      public static IdentityProvider<?> getIdentityProvider(KeycloakSession session, String alias)

    • getIdentityProvider

      public static IdentityProvider<?> getIdentityProvider(KeycloakSession session, IdentityProviderModel identityProviderModel)