Package org.keycloak.jose.jws

Class DefaultTokenManager

java.lang.Object

org.keycloak.jose.jws.DefaultTokenManager

All Implemented Interfaces:

TokenManager

public class DefaultTokenManager
extends Object
implements TokenManager

Field Summary

Fields inherited from interface org.keycloak.models.TokenManager

DEFAULT_VALIDATOR

Constructor Summary

Constructors

Constructor	Description
DefaultTokenManager(KeycloakSession session)

Method Summary

Modifier and Type	Method	Description
String	cekManagementAlgorithm(TokenCategory category)
<T extends Token> T	decode(String token, Class<T> clazz)	Decodes and verifies the token, or null if the token was invalid
<T> T	decodeClientJWT(String jwt, ClientModel client, BiConsumer<JOSE,ClientModel> jwtValidator, Class<T> clazz, boolean allowNoneAlgorithm)
String	encode(Token token)	Encodes the supplied token
String	encodeAndEncrypt(Token token)
String	encryptAlgorithm(TokenCategory category)
LogoutToken	initLogoutToken(ClientModel client, UserModel user, AuthenticatedClientSessionModel clientSession)
String	signatureAlgorithm(TokenCategory category)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.models.TokenManager

decodeClientJWT

Constructor Details

DefaultTokenManager

public DefaultTokenManager(KeycloakSession session)

Method Details

encode

public String encode(Token token)

Description copied from interface: TokenManager

Encodes the supplied token

Specified by:

encode in interface TokenManager

Parameters:

token - the token to encode

Returns:

The encoded token

decode

public <T extends Token> T decode(String token,
 Class<T> clazz)

Description copied from interface: TokenManager

Decodes and verifies the token, or null if the token was invalid

Specified by:

decode in interface TokenManager

Parameters:

token - the token to decode

clazz - the token type to return

Returns:

The decoded token, or null if the token was not valid

decodeClientJWT

public <T> T decodeClientJWT(String jwt,
 ClientModel client,
 BiConsumer<JOSE,ClientModel> jwtValidator,
 Class<T> clazz,
 boolean allowNoneAlgorithm)

Specified by:

decodeClientJWT in interface TokenManager

Parameters:

jwt - JWT token, which might be signed or encrypted by the keys of specified client. It can use "alg: none" in the header just if parameter "allowAlgorithmNone" is true

client - client, whose keys/secret might be used to decrypt the token or verify it's signatures

jwtValidator - Additional validator

clazz - class, which the provided token would be cast to

allowNoneAlgorithm - Whether the token using "alg: none" is allowed or not. If this parameter is false and "alg: none" is used, the IllegalArgumentException will be thrown

Returns:

decoded java object from the provided token. If it returns null, then signature validation failed or provided token was not valid

signatureAlgorithm

public String signatureAlgorithm(TokenCategory category)

Specified by:

signatureAlgorithm in interface TokenManager

encodeAndEncrypt

public String encodeAndEncrypt(Token token)

Specified by:

encodeAndEncrypt in interface TokenManager

cekManagementAlgorithm

public String cekManagementAlgorithm(TokenCategory category)

Specified by:

cekManagementAlgorithm in interface TokenManager

encryptAlgorithm

public String encryptAlgorithm(TokenCategory category)

Specified by:

encryptAlgorithm in interface TokenManager

initLogoutToken

public LogoutToken initLogoutToken(ClientModel client,
 UserModel user,
 AuthenticatedClientSessionModel clientSession)

Specified by:

initLogoutToken in interface TokenManager