Package org.keycloak.broker.jwtauthorizationgrant

Class JWTAuthorizationGrantIdentityProvider

java.lang.Object

org.keycloak.broker.jwtauthorizationgrant.JWTAuthorizationGrantIdentityProvider

All Implemented Interfaces:

IdentityProvider<JWTAuthorizationGrantIdentityProviderConfig>, JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>, Provider

public class JWTAuthorizationGrantIdentityProvider
extends Object
implements JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

Constructor Summary

Constructors

Constructor	Description
JWTAuthorizationGrantIdentityProvider(KeycloakSession session, JWTAuthorizationGrantConfig config)

Method Summary

Modifier and Type	Method	Description
void	close()
List<String>	getAllowedAudienceForJWTGrant()
int	getAllowedClockSkew()
String	getAssertionSignatureAlg()
JWTAuthorizationGrantIdentityProviderConfig	getConfig()
int	getMaxAllowedExpiration()
boolean	isAssertionReuseAllowed()
BrokeredIdentityContext	validateAuthorizationGrantAssertion(JWTAuthorizationGrantValidationContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

export, isMapperSupported, reloadKeys

Constructor Details

JWTAuthorizationGrantIdentityProvider

public JWTAuthorizationGrantIdentityProvider(KeycloakSession session,
 JWTAuthorizationGrantConfig config)

Method Details

validateAuthorizationGrantAssertion

public BrokeredIdentityContext validateAuthorizationGrantAssertion(JWTAuthorizationGrantValidationContext context)
                                                            throws IdentityBrokerException

Specified by:

validateAuthorizationGrantAssertion in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

Throws:

IdentityBrokerException

getAllowedClockSkew

public int getAllowedClockSkew()

Specified by:

getAllowedClockSkew in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

isAssertionReuseAllowed

public boolean isAssertionReuseAllowed()

Specified by:

isAssertionReuseAllowed in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

getAllowedAudienceForJWTGrant

public List<String> getAllowedAudienceForJWTGrant()

Specified by:

getAllowedAudienceForJWTGrant in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

Returns:

list of allowed audience values. JWT assertion is considered valid if it's audience is one of the audiences returned from this method

getMaxAllowedExpiration

public int getMaxAllowedExpiration()

Specified by:

getMaxAllowedExpiration in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

getAssertionSignatureAlg

public String getAssertionSignatureAlg()

Specified by:

getAssertionSignatureAlg in interface JWTAuthorizationGrantProvider<JWTAuthorizationGrantIdentityProviderConfig>

getConfig

public JWTAuthorizationGrantIdentityProviderConfig getConfig()

Specified by:

getConfig in interface IdentityProvider<JWTAuthorizationGrantIdentityProviderConfig>

close

public void close()

Specified by:

close in interface Provider