org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider

All Implemented Interfaces:: ClientAssertionIdentityProvider<OIDCIdentityProviderConfig>, ExchangeExternalToken, ExchangeTokenToIdentityProviderToken, IdentityProvider<OIDCIdentityProviderConfig>, JWTAuthorizationGrantProvider<OIDCIdentityProviderConfig>, TrustMaterialIdentityProvider<OIDCIdentityProviderConfig>, UserAuthenticationIdentityProvider<OIDCIdentityProviderConfig>, Provider

public class KeycloakOIDCIdentityProvider extends OIDCIdentityProvider

Version:: $Revision: 1 $
Author:: Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

protected static class

KeycloakOIDCIdentityProvider.KeycloakEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider
OIDCIdentityProvider.OIDCEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
AbstractOAuth2IdentityProvider.Endpoint, AbstractOAuth2IdentityProvider.OAuthResponse

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider
UserAuthenticationIdentityProvider.AuthenticationCallback
Field Summary

Fields inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider
EXCHANGE_PROVIDER, FEDERATED_ACCESS_TOKEN_RESPONSE, FEDERATED_ID_TOKEN, logger, SCOPE_OPENID, USER_INFO, VALIDATED_ACCESS_TOKEN, VALIDATED_ID_TOKEN

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
ACCESS_DENIED, ACCESS_TOKEN_EXPIRATION, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, BROKER_REGISTERED_NEW_USER, session, UPDATE_PROFILE_EMAIL_CHANGED, UPDATE_PROFILE_USERNAME_CHANGED

Fields inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
Constructor Summary

Constructors

Constructor

Description

KeycloakOIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)
Method Summary

Modifier and Type

Method

Description

Object

callback(RealmModel realm, UserAuthenticationIdentityProvider.AuthenticationCallback callback, EventBuilder event)

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

protected BrokeredIdentityContext

exchangeExternalImpl(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String,String> params)

Usage with external-internal token-exchange

Methods inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider
authenticationFinished, backchannelLogout, backchannelLogout, createAuthorizationUrl, exchangeSessionToken, exchangeStoredToken, extractIdentity, extractIdentityFromProfile, getAllowedAudienceForJWTGrant, getAllowedClockSkew, getAssertionSignatureAlg, getDefaultScopes, getFederatedIdentity, getIdentityProviderKeyWrapper, getMaxAllowedExpiration, getProfileEndpointForValidation, getUserInfoUrl, getusernameClaimNameForIdToken, getUsernameFromUserInfo, isAssertionReuseAllowed, isAuthTimeExpired, isIssuer, isLimitAccessTokenExpiration, isTokenTypeSupported, isType, keycloakInitiatedBrowserLogout, parseTokenInput, preprocessFederatedIdentity, processAccessTokenResponse, refreshTokenForLogout, reloadKeys, resolveKeys, setEmailVerified, supportsExternalExchange, validateAuthorizationGrantAssertion, validateExternalTokenThroughUserInfo, validateJwt, validateToken, validateToken, verify, verifyClientAssertion, verifySignature

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
asJsonNode, authenticateTokenRequest, buildUserInfoRequest, doGetFederatedIdentity, exchangeExternal, exchangeExternalComplete, exchangeExternalUserInfoValidationOnly, exchangeFromToken, extractTokenFromResponse, generateToken, getAccessTokenResponseParameter, getConfig, getJsonProperty, getRefreshTokenRequest, getSignatureContext, hasExternalExchangeToken, performLogin, retrieveToken, retrieveToken, sendTokenIntrospectionRequest, supportsLongStateParameter, validateExternalTokenWithIntrospectionEndpoint

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
buildTokenResponse, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getFederatedAccessToken, getLinkingUrl, getMarshaller, importNewUser, updateBrokeredUser, updateEmail

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.provider.ExchangeExternalToken
exchangeExternal, exchangeExternalComplete

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider
export, getConfig, isMapperSupported

Methods inherited from interface org.keycloak.provider.Provider
close

Constructor Details
- KeycloakOIDCIdentityProvider
  
  public KeycloakOIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)
Method Details
- callback
  
  public Object callback(RealmModel realm, UserAuthenticationIdentityProvider.AuthenticationCallback callback, EventBuilder event)
  
  Description copied from interface: UserAuthenticationIdentityProvider
  
  JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
  
  Specified by:
  
  callback in interface UserAuthenticationIdentityProvider<OIDCIdentityProviderConfig>
  
  Overrides:
  
  callback in class OIDCIdentityProvider
  
  Returns:
- exchangeExternalImpl
  
  protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String,String> params)
  
  Description copied from class: AbstractOAuth2IdentityProvider
  
  Usage with external-internal token-exchange
  
  Overrides:
  
  exchangeExternalImpl in class OIDCIdentityProvider
  
  Parameters:
  
  event - event builder
  
  params - parameters of the token-exchange request
  
  Returns:
  
  brokered identity context with the details about user from the IDP

Class KeycloakOIDCIdentityProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider

Field Summary

Fields inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Fields inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.broker.provider.ExchangeExternalToken

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

Methods inherited from interface org.keycloak.provider.Provider

Constructor Details

KeycloakOIDCIdentityProvider

Method Details

callback

exchangeExternalImpl