Package org.keycloak.protocol.oidc.grants

Interface OAuth2GrantType

All Superinterfaces:
Provider
All Known Implementing Classes:
AuthorizationCodeGrantType, CibaGrantType, ClientCredentialsGrantType, DeviceGrantType, JWTAuthorizationGrantType, OAuth2GrantTypeBase, PermissionGrantType, PreAuthorizedCodeGrantType, RefreshTokenGrantType, ResourceOwnerPasswordCredentialsGrantType, TokenExchangeGrantType
public interface OAuth2GrantType extends Provider
Provider interface for OAuth 2.0 grant types
Author:
Dmitry Telegin

  • Method Details

    • getEventType

      EventType getEventType()
      Returns the event type associated with this OAuth 2.0 grant type.
      Returns:
      event type

    • getSupportedMultivaluedRequestParameters

      default Set<String> getSupportedMultivaluedRequestParameters()
      Returns:
      request parameters, which can be duplicated for the particular grant type. The grant request is typically rejected if request contains multiple values of some parameter, which is not listed here

    • getTokenParameterNames

      Set<String> getTokenParameterNames()
      Name of the "token" parameters, which this grant type supports. As 'token' parameter is considered a parameter containing possibly long token (for example big JWT or SAML assertion) with unbounded data (For example possibly big amount of roles inside JWT). Example of such parameter is for example 'subject_token' parameter case of token exchange grant.
      Returns:
      set of strings with the "token" parameters supported by this grant type

    • process

      jakarta.ws.rs.core.Response process(OAuth2GrantType.Context context)
      Processes grant request.
      Parameters:
      context - grant request context
      Returns:
      token response

    • isTokenAllowed

      default boolean isTokenAllowed(KeycloakSession session, AccessToken token)
      Check if the token issued from this grant type is allowed for the current request. This allows grant types to restrict token usage to specific endpoints or contexts. The default implementation returns true, meaning tokens are allowed at all endpoints. Grant types that need to restrict token usage (e.g., pre-authorized code tokens that should only be accepted at the credential endpoint) should override this method to implement specific endpoint restrictions.
      Parameters:
      session - the Keycloak session
      token - the access token
      Returns:
      true if the token is allowed for the current request, false otherwise