Package org.keycloak.protocol.oauth2.cimd.clientpolicy.executor

Class ClientIdMetadataDocumentExecutorFactory

java.lang.Object

org.keycloak.protocol.oauth2.cimd.clientpolicy.executor.AbstractClientIdMetadataDocumentExecutorFactory

org.keycloak.protocol.oauth2.cimd.clientpolicy.executor.ClientIdMetadataDocumentExecutorFactory

All Implemented Interfaces:

ConfiguredProvider, EnvironmentDependentProviderFactory, ProviderFactory<ClientPolicyExecutorProvider>, ClientPolicyExecutorProviderFactory

public class ClientIdMetadataDocumentExecutorFactory
extends AbstractClientIdMetadataDocumentExecutorFactory

The class is a factory class of ClientIdMetadataDocumentExecutor.

It provides the following configurations:

• Client Metadata Validation
• Only Allow Confidential Client: only accept a confidential client
• All URIs Restrict same domain: a client metadata includes properties whose values are URIs and an authorization server might access them. To prevent Server-side request forgery (SSRF), only allows these properties whose values are under the same domain of the permitted domains.

Author:

Takashi Norimatsu

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ONLY_ALLOW_CONFIDENTIAL_CLIENT
static final String	PROVIDER_ID

Fields inherited from class org.keycloak.protocol.oauth2.cimd.clientpolicy.executor.AbstractClientIdMetadataDocumentExecutorFactory

ALLOW_HTTP_SCHEME, CONFIG_CIMD_PROVIDER_NAME, CONFIG_MAX_CACHE_TIME, CONFIG_MIN_CACHE_TIME, CONFIG_UPPER_LIMIT_METADATA_BYTES, providerConfig, REQUIRED_PROPERTIES, RESTRICT_SAME_DOMAIN, TRUSTED_DOMAINS

Constructor Summary

Constructors

Constructor	Description
ClientIdMetadataDocumentExecutorFactory()

Method Summary

Modifier and Type	Method	Description
ClientPolicyExecutorProvider<ClientIdMetadataDocumentExecutor.Configuration>	create(KeycloakSession session)
List<ProviderConfigProperty>	getConfigProperties()
String	getId()

Methods inherited from class org.keycloak.protocol.oauth2.cimd.clientpolicy.executor.AbstractClientIdMetadataDocumentExecutorFactory

addCommonConfigProperties, close, getConfigMetadata, getHelpText, init, isSupported, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, order

Field Details

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

• Constant Field Values

ONLY_ALLOW_CONFIDENTIAL_CLIENT

public static final String ONLY_ALLOW_CONFIDENTIAL_CLIENT

See Also:

• Constant Field Values

Constructor Details

ClientIdMetadataDocumentExecutorFactory

public ClientIdMetadataDocumentExecutorFactory()

Method Details

create

public ClientPolicyExecutorProvider<ClientIdMetadataDocumentExecutor.Configuration> create(KeycloakSession session)

getId

public String getId()

getConfigProperties

public List<ProviderConfigProperty> getConfigProperties()