Class AbstractJWTClientValidator
java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator
org.keycloak.authentication.authenticators.client.AbstractJWTClientValidator
- Direct Known Subclasses:
FederatedJWTClientValidator,JWTClientValidator
Common validation for JWT client authentication with private_key_jwt or with client_secret
- Author:
- Marek Posolda
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final Stringprotected final ClientAuthenticationFlowContextprotected Stringprotected final RealmModelprotected final AbstractJWTClientValidator.SignatureValidatorFields inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator
clientAssertionState, currentTime, session -
Constructor Summary
ConstructorsConstructorDescriptionAbstractJWTClientValidator(ClientAuthenticationFlowContext context, AbstractJWTClientValidator.SignatureValidator signatureValidator, String clientAuthenticatorProviderId) -
Method Summary
Modifier and TypeMethodDescriptionbooleanbooleanbooleanprotected booleanfailure(AuthenticationFlowError error) protected booleanfailure(AuthenticationFlowError error, jakarta.ws.rs.core.Response response) protected voidfailureCallback(String errorDescription) protected abstract intprotected abstract Stringprotected abstract Stringprotected abstract intprotected abstract booleanprotected abstract booleanbooleanvalidate()protected booleanprotected booleanprotected booleanMethods inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator
getClientAssertion, getJtiCacheKeyPrefix, getJws, getState, validateSignatureAlgorithm, validateTokenActive, validateTokenAudience, validateTokenReuse
-
Field Details
-
context
-
realm
-
signatureValidator
-
clientAuthenticatorProviderId
-
expectedClientAssertionType
-
-
Constructor Details
-
AbstractJWTClientValidator
public AbstractJWTClientValidator(ClientAuthenticationFlowContext context, AbstractJWTClientValidator.SignatureValidator signatureValidator, String clientAuthenticatorProviderId) throws Exception - Throws:
Exception
-
-
Method Details
-
getContext
-
getClient
-
validate
public boolean validate() -
validateClientAssertionParameters
protected boolean validateClientAssertionParameters() -
validateClient
protected boolean validateClient() -
validateSignature
protected boolean validateSignature() -
failure
-
failure
-
failure
-
failure
-
failure
-
failureCallback
- Specified by:
failureCallbackin classAbstractBaseJWTValidator
-
getExpectedTokenIssuer
-
getExpectedAudiences
-
isMultipleAudienceAllowed
protected abstract boolean isMultipleAudienceAllowed() -
getAllowedClockSkew
protected abstract int getAllowedClockSkew() -
getMaximumExpirationTime
protected abstract int getMaximumExpirationTime() -
isReusePermitted
protected abstract boolean isReusePermitted() -
getExpectedSignatureAlgorithm
-