org.keycloak.broker.oidc.OIDCIdentityProviderConfig

All Implemented Interfaces:: Serializable, JWTAuthorizationGrantConfig

Direct Known Subclasses:: FacebookIdentityProviderConfig, GoogleIdentityProviderConfig, MicrosoftIdentityProviderConfig

public class OIDCIdentityProviderConfig extends OAuth2IdentityProviderConfig implements JWTAuthorizationGrantConfig

Author:

Pedro Igor

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type

Field

Description

static final String

IS_ACCESS_TOKEN_JWT

static final String

JWKS_URL

static final String

SUPPORTS_CLIENT_ASSERTION_REUSE

static final String

SUPPORTS_CLIENT_ASSERTIONS

static final String

USE_JWKS_URL

static final String

VALIDATE_SIGNATURE

Fields inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig
JWT_X509_HEADERS_ENABLED, PKCE_ENABLED, PKCE_METHOD, REQUIRES_SHORT_STATE_PARAMETER, TOKEN_ENDPOINT_URL, TOKEN_INTROSPECTION_URL

Fields inherited from class org.keycloak.models.IdentityProviderModel
addReadTokenRoleOnCreate, ALIAS, ALIAS_NOT_IN, ALLOWED_CLOCK_SKEW, AUTHENTICATE_BY_DEFAULT, CASE_SENSITIVE_ORIGINAL_USERNAME, CLAIM_FILTER_NAME, CLAIM_FILTER_VALUE, DEFAULT_MIN_VALIDITY_TOKEN, DISPLAY_NAME, DO_NOT_STORE_USERS, ENABLED, FILTERED_BY_CLAIMS, FIRST_BROKER_LOGIN_FLOW_ID, HIDE_ON_LOGIN, ISSUER, LEGACY_HIDE_ON_LOGIN_ATTR, LINK_ONLY, linkOnly, LOGIN_HINT, METADATA_DESCRIPTOR_URL, MIN_VALIDITY_TOKEN, ORGANIZATION_ID, ORGANIZATION_ID_NOT_NULL, PASS_MAX_AGE, POST_BROKER_LOGIN_FLOW_ID, SEARCH, SHOW_IN_ACCOUNT_CONSOLE, SYNC_MODE

Fields inherited from interface org.keycloak.broker.jwtauthorizationgrant.JWTAuthorizationGrantConfig
JWT_AUTHORIZATION_GRANT_ALLOWED_CLOCK_SKEW, JWT_AUTHORIZATION_GRANT_ASSERTION_REUSE_ALLOWED, JWT_AUTHORIZATION_GRANT_ASSERTION_SIGNATURE_ALG, JWT_AUTHORIZATION_GRANT_ENABLED, JWT_AUTHORIZATION_GRANT_MAX_ALLOWED_ASSERTION_EXPIRATION, PUBLIC_KEY_SIGNATURE_VERIFIER, PUBLIC_KEY_SIGNATURE_VERIFIER_KEY_ID
Constructor Summary

Constructors

Constructor

Description

OIDCIdentityProviderConfig()

OIDCIdentityProviderConfig(IdentityProviderModel identityProviderModel)
Method Summary

Modifier and Type

Method

Description

int

getAllowedClockSkew()

String

getLogoutUrl()

boolean

isAccessTokenJwt()

boolean

isBackchannelSupported()

boolean

isDisableNonce()

boolean

isDisableTypeClaimCheck()

boolean

isDisableUserInfoService()

boolean

isSendClientIdOnLogout()

boolean

isSendIdTokenOnLogout()

boolean

isSupportsClientAssertionReuse()

boolean

isSupportsClientAssertions()

boolean

isValidateSignature()

void

setAccessTokenJwt(boolean accessTokenJwt)

void

setBackchannelSupported(boolean backchannel)

void

setDisableNonce(boolean disableNonce)

void

setDisableTypeClaimCheck(boolean disableTypeClaimCheck)

void

setDisableUserInfoService(boolean disable)

void

setLogoutUrl(String url)

void

setPrompt(String prompt)

void

setSendClientOnLogout(boolean value)

void

setSendIdTokenOnLogout(boolean value)

void

setSupportsClientAssertions(boolean supportsClientAssertions)

void

setValidateSignature(boolean validateSignature)

void

validate(RealmModel realm)

Validates this configuration.

Methods inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig
getAuthorizationUrl, getClientAssertionAudience, getClientAssertionSigningAlg, getClientAuthMethod, getClientId, getClientSecret, getDefaultScope, getEmailClaim, getFamilyNameClaim, getForwardParameters, getFullNameClaim, getGivenNameClaim, getPkceMethod, getPrompt, getTokenIntrospectionUrl, getTokenUrl, getUserIDClaim, getUserInfoUrl, getUserNameClaim, isBasicAuthentication, isBasicAuthenticationUnencoded, isJWTAuthentication, isJwtX509HeadersEnabled, isPkceEnabled, isRequiresShortStateParameter, isUiLocales, setAuthorizationUrl, setClientAssertionAudience, setClientAssertionSigningAlg, setClientAuthMethod, setClientId, setClientSecret, setDefaultScope, setForwardParameters, setJwtX509HeadersEnabled, setPkceEnabled, setPkceMethod, setRequiresShortStateParameter, setTokenIntrospectionUrl, setTokenUrl, setUiLocales, setUserInfoUrl

Methods inherited from class org.keycloak.models.IdentityProviderModel
equals, getAlias, getClaimFilterName, getClaimFilterValue, getConfig, getDisplayIconClasses, getDisplayName, getFirstBrokerLoginFlowId, getInternalId, getMetadataDescriptorUrl, getMinValidityToken, getOrganizationId, getPostBrokerLoginFlowId, getProviderId, getShowInAccountConsole, getSyncMode, hashCode, isAddReadTokenRoleOnCreate, isAuthenticateByDefault, isCaseSensitiveOriginalUsername, isEnabled, isFilteredByClaims, isHideOnLogin, isLinkOnly, isLoginHint, isPassMaxAge, isStoreToken, isTransientUsers, isTrustEmail, setAddReadTokenRoleOnCreate, setAlias, setAuthenticateByDefault, setCaseSensitiveOriginalUsername, setClaimFilterName, setClaimFilterValue, setConfig, setDisplayName, setEnabled, setFilteredByClaims, setFirstBrokerLoginFlowId, setHideOnLogin, setInternalId, setLinkOnly, setLoginHint, setMetadataDescriptorUrl, setMinValidityToken, setOrganizationId, setPassMaxAge, setPostBrokerLoginFlowId, setProviderId, setStoreToken, setSyncMode, setTransientUsers, setTrustEmail

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.jwtauthorizationgrant.JWTAuthorizationGrantConfig
getAlias, getConfig, getInternalId, getIssuer, getJwksUrl, getJWTAuthorizationGrantAllowedClockSkew, getJWTAuthorizationGrantAssertionSignatureAlg, getJWTAuthorizationGrantMaxAllowedAssertionExpiration, getPublicKeySignatureVerifier, getPublicKeySignatureVerifierKeyId, isJWTAuthorizationGrantAssertionReuseAllowed, isJWTAuthorizationGrantEnabled, isUseJwksUrl, setIssuer, setJwksUrl, setJWTAuthorizationGrantEnabled, setPublicKeySignatureVerifier, setPublicKeySignatureVerifierKeyId, setUseJwksUrl

Field Details
- JWKS_URL
  
  public static final String JWKS_URL
  See Also:
  
  Constant Field Values
- USE_JWKS_URL
  
  public static final String USE_JWKS_URL
  See Also:
  
  Constant Field Values
- VALIDATE_SIGNATURE
  
  public static final String VALIDATE_SIGNATURE
  See Also:
  
  Constant Field Values
- IS_ACCESS_TOKEN_JWT
  
  public static final String IS_ACCESS_TOKEN_JWT
  See Also:
  
  Constant Field Values
- SUPPORTS_CLIENT_ASSERTIONS
  
  public static final String SUPPORTS_CLIENT_ASSERTIONS
  See Also:
  
  Constant Field Values
- SUPPORTS_CLIENT_ASSERTION_REUSE
  
  public static final String SUPPORTS_CLIENT_ASSERTION_REUSE
  See Also:
  
  Constant Field Values
Constructor Details
- OIDCIdentityProviderConfig
  
  public OIDCIdentityProviderConfig(IdentityProviderModel identityProviderModel)
- OIDCIdentityProviderConfig
  
  public OIDCIdentityProviderConfig()
Method Details
- setPrompt
  
  public void setPrompt(String prompt)
- getLogoutUrl
  
  public String getLogoutUrl()
- setLogoutUrl
  
  public void setLogoutUrl(String url)
- isSendClientIdOnLogout
  
  public boolean isSendClientIdOnLogout()
- setSendClientOnLogout
  
  public void setSendClientOnLogout(boolean value)
- isSendIdTokenOnLogout
  
  public boolean isSendIdTokenOnLogout()
- setSendIdTokenOnLogout
  
  public void setSendIdTokenOnLogout(boolean value)
- isValidateSignature
  
  public boolean isValidateSignature()
- setValidateSignature
  
  public void setValidateSignature(boolean validateSignature)
- setAccessTokenJwt
  
  public void setAccessTokenJwt(boolean accessTokenJwt)
- isAccessTokenJwt
  
  public boolean isAccessTokenJwt()
- isBackchannelSupported
  
  public boolean isBackchannelSupported()
- setBackchannelSupported
  
  public void setBackchannelSupported(boolean backchannel)
- isDisableUserInfoService
  
  public boolean isDisableUserInfoService()
- setDisableUserInfoService
  
  public void setDisableUserInfoService(boolean disable)
- isDisableNonce
  
  public boolean isDisableNonce()
- setDisableNonce
  
  public void setDisableNonce(boolean disableNonce)
- getAllowedClockSkew
  
  public int getAllowedClockSkew()
- isDisableTypeClaimCheck
  
  public boolean isDisableTypeClaimCheck()
- setDisableTypeClaimCheck
  
  public void setDisableTypeClaimCheck(boolean disableTypeClaimCheck)
- isSupportsClientAssertions
  
  public boolean isSupportsClientAssertions()
- setSupportsClientAssertions
  
  public void setSupportsClientAssertions(boolean supportsClientAssertions)
- isSupportsClientAssertionReuse
  
  public boolean isSupportsClientAssertionReuse()
- validate
  
  public void validate(RealmModel realm)
  
  Description copied from class: IdentityProviderModel
  
  Validates this configuration.
  Sub-classes can override this method in order to enforce provider specific validations.
  
  Overrides:
  
  validate in class OAuth2IdentityProviderConfig
  
  Parameters:
  
  realm - the realm

Class OIDCIdentityProviderConfig

Field Summary

Fields inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig

Fields inherited from class org.keycloak.models.IdentityProviderModel

Fields inherited from interface org.keycloak.broker.jwtauthorizationgrant.JWTAuthorizationGrantConfig

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.broker.oidc.OAuth2IdentityProviderConfig

Methods inherited from class org.keycloak.models.IdentityProviderModel

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.broker.jwtauthorizationgrant.JWTAuthorizationGrantConfig

Field Details

JWKS_URL

USE_JWKS_URL

VALIDATE_SIGNATURE

IS_ACCESS_TOKEN_JWT

SUPPORTS_CLIENT_ASSERTIONS

SUPPORTS_CLIENT_ASSERTION_REUSE

Constructor Details

OIDCIdentityProviderConfig

OIDCIdentityProviderConfig

Method Details

setPrompt

getLogoutUrl

setLogoutUrl

isSendClientIdOnLogout

setSendClientOnLogout

isSendIdTokenOnLogout

setSendIdTokenOnLogout

isValidateSignature

setValidateSignature

setAccessTokenJwt

isAccessTokenJwt

isBackchannelSupported

setBackchannelSupported

isDisableUserInfoService

setDisableUserInfoService

isDisableNonce

setDisableNonce

getAllowedClockSkew

isDisableTypeClaimCheck

setDisableTypeClaimCheck

isSupportsClientAssertions

setSupportsClientAssertions

isSupportsClientAssertionReuse

validate