Package org.keycloak.models

Interface TokenManager

All Known Implementing Classes:
DefaultTokenManager
public interface TokenManager

  • Field Details

  • Method Details

    • encode

      String encode(Token token)
      Encodes the supplied token
      Parameters:
      token - the token to encode
      Returns:
      The encoded token

    • decode

      <T extends Token> T decode(String token, Class<T> clazz)
      Decodes and verifies the token, or null if the token was invalid
      Type Parameters:
      T -
      Parameters:
      token - the token to decode
      clazz - the token type to return
      Returns:
      The decoded token, or null if the token was not valid

    • signatureAlgorithm

      String signatureAlgorithm(TokenCategory category)

    • decodeClientJWT

      default <T> T decodeClientJWT(String token, ClientModel client, Class<T> clazz)
      Parameters:
      token - JWT token, which might be signed or encrypted by the keys of specified client. It cannot use "alg: none" in the header
      client - client, whose keys/secret might be used to decrypt the token or verify it's signatures
      clazz - class, which the provided token would be cast to
      Returns:
      decoded java object from the provided token. If it returns null, then signature validation failed or provided token was not valid

    • decodeClientJWT

      <T> T decodeClientJWT(String token, ClientModel client, BiConsumer<JOSE,ClientModel> jwtValidator, Class<T> clazz, boolean allowAlgorithmNone)
      Parameters:
      token - JWT token, which might be signed or encrypted by the keys of specified client. It can use "alg: none" in the header just if parameter "allowAlgorithmNone" is true
      client - client, whose keys/secret might be used to decrypt the token or verify it's signatures
      jwtValidator - Additional validator
      clazz - class, which the provided token would be cast to
      allowAlgorithmNone - Whether the token using "alg: none" is allowed or not. If this parameter is false and "alg: none" is used, the IllegalArgumentException will be thrown
      Returns:
      decoded java object from the provided token. If it returns null, then signature validation failed or provided token was not valid

    • encodeAndEncrypt

      String encodeAndEncrypt(Token token)

    • cekManagementAlgorithm

      String cekManagementAlgorithm(TokenCategory category)

    • encryptAlgorithm

      String encryptAlgorithm(TokenCategory category)

    • initLogoutToken

      LogoutToken initLogoutToken(ClientModel client, UserModel user, AuthenticatedClientSessionModel clientSessionModel)