Package org.keycloak.broker.provider

Interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

All Superinterfaces:

IdentityProvider<C>, Provider

All Known Subinterfaces:

SocialIdentityProvider<C>

All Known Implementing Classes:

AbstractIdentityProvider, AbstractOAuth2IdentityProvider, BitbucketIdentityProvider, FacebookIdentityProvider, GitHubIdentityProvider, GitLabIdentityProvider, GoogleIdentityProvider, InstagramIdentityProvider, KeycloakOIDCIdentityProvider, KubernetesIdentityProvider, LinkedInOIDCIdentityProvider, MicrosoftIdentityProvider, OAuth2IdentityProvider, OIDCIdentityProvider, OpenshiftV4IdentityProvider, PayPalIdentityProvider, SAMLIdentityProvider, StackoverflowIdentityProvider, TwitterIdentityProvider

public interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>
extends IdentityProvider<C>

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	UserAuthenticationIdentityProvider.AuthenticationCallback

Field Summary

Fields

Modifier and Type	Field	Description
static final String	EXTERNAL_IDENTITY_PROVIDER
static final String	FEDERATED_ACCESS_TOKEN

Method Summary

Modifier and Type	Method	Description
void	authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
Object	callback(RealmModel realm, UserAuthenticationIdentityProvider.AuthenticationCallback callback, EventBuilder event)	JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
IdentityProviderDataMarshaller	getMarshaller()	Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession
void	importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)	Called when a Keycloak application initiates a logout through the browser.
jakarta.ws.rs.core.Response	performLogin(AuthenticationRequest request)	Initiates the authentication process by sending an authentication request to an identity provider.
void	preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	retrieveToken(KeycloakSession session, FederatedIdentityModel identity)	Returns a Response containing the token previously stored during the authentication process for a specific user.
default boolean	supportsLongStateParameter()
void	updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

export, getConfig, isMapperSupported, reloadKeys

Methods inherited from interface org.keycloak.provider.Provider

close

Field Details

EXTERNAL_IDENTITY_PROVIDER

static final String EXTERNAL_IDENTITY_PROVIDER

See Also:

• Constant Field Values

FEDERATED_ACCESS_TOKEN

static final String FEDERATED_ACCESS_TOKEN

See Also:

• Constant Field Values

Method Details

preprocessFederatedIdentity

void preprocessFederatedIdentity(KeycloakSession session,
 RealmModel realm,
 BrokeredIdentityContext context)

authenticationFinished

void authenticationFinished(AuthenticationSessionModel authSession,
 BrokeredIdentityContext context)

importNewUser

void importNewUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

updateBrokeredUser

void updateBrokeredUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

callback

Object callback(RealmModel realm,
 UserAuthenticationIdentityProvider.AuthenticationCallback callback,
 EventBuilder event)

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

Returns:

performLogin

jakarta.ws.rs.core.Response performLogin(AuthenticationRequest request)

Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

Parameters:

request - The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.

Returns:

retrieveToken

jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session,
 FederatedIdentityModel identity)

Returns a Response containing the token previously stored during the authentication process for a specific user.

Parameters:

identity -

Returns:

backchannelLogout

void backchannelLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

keycloakInitiatedBrowserLogout

jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP

Parameters:

userSession -

uriInfo -

realm -

Returns:

null if this is not supported by this provider

getMarshaller

IdentityProviderDataMarshaller getMarshaller()

Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession

Returns:

supportsLongStateParameter

default boolean supportsLongStateParameter()

Returns:

true if identity provider supports long value of "state" parameter (or "RelayState" parameter), which can hold relatively big amount of context data