Class AbstractJWTClientValidator
java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractJWTClientValidator
- Direct Known Subclasses:
FederatedJWTClientValidator,JWTClientValidator
Common validation for JWT client authentication with private_key_jwt or with client_secret
- Author:
- Marek Posolda
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected ClientModelprotected final ClientAssertionStateprotected final Stringprotected final ClientAuthenticationFlowContextprotected final intprotected Stringprotected final RealmModelprotected final AbstractJWTClientValidator.SignatureValidator -
Constructor Summary
ConstructorsConstructorDescriptionAbstractJWTClientValidator(ClientAuthenticationFlowContext context, AbstractJWTClientValidator.SignatureValidator signatureValidator, String clientAuthenticatorProviderId) -
Method Summary
-
Field Details
-
context
-
realm
-
currentTime
protected final int currentTime -
signatureValidator
-
clientAuthenticatorProviderId
-
expectedClientAssertionType
-
clientAssertionState
-
client
-
-
Constructor Details
-
AbstractJWTClientValidator
public AbstractJWTClientValidator(ClientAuthenticationFlowContext context, AbstractJWTClientValidator.SignatureValidator signatureValidator, String clientAuthenticatorProviderId) throws Exception - Throws:
Exception
-
-
Method Details
-
getContext
-
getState
-
getClientAssertion
-
getJws
-
getClient
-
validate
public boolean validate() -
validateTokenActive
public boolean validateTokenActive() -
failure
-
failure
-
failure
-
getExpectedTokenIssuer
-
getExpectedAudiences
-
isMultipleAudienceAllowed
protected abstract boolean isMultipleAudienceAllowed() -
getAllowedClockSkew
protected abstract int getAllowedClockSkew() -
getMaximumExpirationTime
protected abstract int getMaximumExpirationTime() -
isReusePermitted
protected abstract boolean isReusePermitted() -
getExpectedSignatureAlgorithm
-