Package org.keycloak.authentication.authenticators.client

Class JWTClientSecretAuthenticator

java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator
All Implemented Interfaces:
ClientAuthenticator, ClientAuthenticatorFactory, ConfigurableAuthenticatorFactory, ConfiguredPerClientProvider, ConfiguredProvider, Provider, ProviderFactory<ClientAuthenticator>
public class JWTClientSecretAuthenticator extends AbstractClientAuthenticator
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.

This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientSecretCredentialsProvider

  • Field Details

  • Constructor Details

    • JWTClientSecretAuthenticator

      public JWTClientSecretAuthenticator()

  • Method Details

    • authenticateClient

      public void authenticateClient(ClientAuthenticationFlowContext context)
      Description copied from interface: ClientAuthenticator
      Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the ClientAuthenticator's requirements. If it doesn't, it should send back a challenge response by calling the ClientAuthenticationFlowContext.challenge(Response).

    • verifySignature

      public boolean verifySignature(AbstractJWTClientValidator validator)

    • isConfigurable

      public boolean isConfigurable()
      Description copied from interface: ClientAuthenticatorFactory
      Is this authenticator configurable globally?
      Returns:

    • getConfigPropertiesPerClient

      public List<ProviderConfigProperty> getConfigPropertiesPerClient()
      Description copied from interface: ConfiguredPerClientProvider
      List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client.
      Returns:

    • getAdapterConfiguration

      public Map<String,Object> getAdapterConfiguration(ClientModel client)
      Description copied from interface: ClientAuthenticatorFactory
      Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
      Returns:

    • getProtocolAuthenticatorMethods

      public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)
      Description copied from interface: ClientAuthenticatorFactory
      Get authentication methods for the specified protocol
      Parameters:
      loginProtocol - corresponds to ProviderFactory.getId()
      Returns:
      name of supported client authenticator methods in the protocol specific "language"

    • supportsSecret

      public boolean supportsSecret()
      Description copied from interface: ClientAuthenticatorFactory
      Is this authenticator supports client secret?
      Returns:
      if it supports secret

    • getId

      public String getId()

    • getDisplayType

      public String getDisplayType()
      Description copied from interface: ConfigurableAuthenticatorFactory
      Friendly name for the authenticator
      Returns:

    • getRequirementChoices

      public AuthenticationExecutionModel.Requirement[] getRequirementChoices()
      Description copied from interface: ConfigurableAuthenticatorFactory
      What requirement settings are allowed.
      Returns:

    • getHelpText

      public String getHelpText()

    • getConfigProperties

      public List<ProviderConfigProperty> getConfigProperties()