Class ClientIdAndSecretAuthenticator
java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator
- All Implemented Interfaces:
ClientAuthenticator,ClientAuthenticatorFactory,ConfigurableAuthenticatorFactory,ConfiguredPerClientProvider,ConfiguredProvider,Provider,ProviderFactory<ClientAuthenticator>
Validates client based on "client_id" and "client_secret" sent either in request parameters or in "Authorization: Basic" header .
See org.keycloak.adapters.authentication.ClientIdAndSecretAuthenticator for the adapter
- Author:
- Marek Posolda
-
Field Summary
FieldsFields inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory
REQUIREMENT_CHOICES -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidInitial call for the authenticator.getAdapterConfiguration(KeycloakSession session, ClientModel client) Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client.List of config properties for this client implementation.Friendly name for the authenticatorgetId()Get protocol authentication method, which is set on the specified client.getProtocolAuthenticatorMethods(String loginProtocol) Get authentication methods for the specified protocolWhat requirement settings are allowed.booleanIs this authenticator configurable globally?voidsetClientAuthenticationMethod(ClientRepresentation client, String protocolAuthMethod) Set specified client authentication method to the specified clientbooleanIs this authenticator supports client secret?Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
close, create, create, getReferenceCategory, init, isUserSetupAllowed, postInitMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory
getOptionalReferenceCategoriesMethods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfigMethods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, order
-
Field Details
-
PROVIDER_ID
- See Also:
-
-
Constructor Details
-
ClientIdAndSecretAuthenticator
public ClientIdAndSecretAuthenticator()
-
-
Method Details
-
authenticateClient
Description copied from interface:ClientAuthenticatorInitial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the ClientAuthenticator's requirements. If it doesn't, it should send back a challenge response by calling the ClientAuthenticationFlowContext.challenge(Response). -
getDisplayType
Description copied from interface:ConfigurableAuthenticatorFactoryFriendly name for the authenticator- Returns:
-
isConfigurable
public boolean isConfigurable()Description copied from interface:ClientAuthenticatorFactoryIs this authenticator configurable globally?- Returns:
-
getRequirementChoices
Description copied from interface:ConfigurableAuthenticatorFactoryWhat requirement settings are allowed.- Returns:
-
getHelpText
-
getConfigProperties
-
getConfigPropertiesPerClient
Description copied from interface:ConfiguredPerClientProviderList of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client.- Returns:
-
getAdapterConfiguration
Description copied from interface:ClientAuthenticatorFactoryGet configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)- Returns:
-
getId
-
getProtocolAuthenticatorMethods
Description copied from interface:ClientAuthenticatorFactoryGet authentication methods for the specified protocol- Parameters:
loginProtocol- corresponds toProviderFactory.getId()- Returns:
- name of supported client authenticator methods in the protocol specific "language"
-
getProtocolAuthenticatorMethod
Description copied from interface:ClientAuthenticatorFactoryGet protocol authentication method, which is set on the specified client.- Parameters:
client- client whose authentication method will be returned- Returns:
- Client authentication method as specified in the related protocol specification. For example "client_secret_basic", "client_secret_post" or "private_key_jwt" might be used as returned values.
-
setClientAuthenticationMethod
Description copied from interface:ClientAuthenticatorFactorySet specified client authentication method to the specified client- Parameters:
client- client to updateprotocolAuthMethod- Client authentication method as specified in the related protocol specification. For example "client_secret_basic", "client_secret_post" or "private_key_jwt" might be used as values of this parameter.
-
supportsSecret
public boolean supportsSecret()Description copied from interface:ClientAuthenticatorFactoryIs this authenticator supports client secret?- Returns:
- if it supports secret
-