Package org.keycloak.models

Interface UserProvider

All Superinterfaces:
Provider, UserBulkUpdateProvider, UserCountMethodsProvider, UserLookupProvider, UserQueryMethodsProvider, UserQueryProvider, UserRegistrationProvider
All Known Subinterfaces:
UserCache
All Known Implementing Classes:
JpaUserProvider, UserCacheSession, UserStorageManager
public interface UserProvider extends Provider, UserLookupProvider, UserQueryProvider, UserRegistrationProvider, UserBulkUpdateProvider
Version:
$Revision: 1 $
Author:
Bill Burke

  • Method Details

    • setNotBeforeForUser

      void setNotBeforeForUser(RealmModel realm, UserModel user, int notBefore)
      Sets the notBefore value for the given user
      Parameters:
      realm - a reference to the realm
      user - the user model
      notBefore - new value for notBefore
      Throws:
      ModelException - when user doesn't exist in the storage

    • getNotBeforeOfUser

      int getNotBeforeOfUser(RealmModel realm, UserModel user)
      Gets the notBefore value for the given user
      Parameters:
      realm - a reference to the realm
      user - the user model
      Returns:
      the value of notBefore
      Throws:
      ModelException - when user doesn't exist in the storage

    • getServiceAccount

      UserModel getServiceAccount(ClientModel client)
      Return a UserModel representing service account of the client
      Parameters:
      client - the client model
      Returns:
      userModel representing service account of the client
      Throws:
      IllegalArgumentException - when there are more service accounts associated with the given clientId

    • addUser

      UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions)
      Adds a new user into the storage.

      only used for local storage

      Parameters:
      realm - the realm that user will be created in
      id - id of the new user. Should be generated to a random value if null.
      username - username
      addDefaultRoles - if true, the user should join all realm default roles
      addDefaultRequiredActions - if true, all default required actions are added to the created user
      Returns:
      model of created user
      Throws:
      NullPointerException - when username or realm is null
      ModelDuplicateException - when a user with given id or username already exists

    • removeImportedUsers

      void removeImportedUsers(RealmModel realm, String storageProviderId)
      Removes any imported users from a specific User Storage Provider.
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the user storage provider

    • unlinkUsers

      void unlinkUsers(RealmModel realm, String storageProviderId)
      Set federation link to null to imported users of a specific User Storage Provider
      Parameters:
      realm - a reference to the realm
      storageProviderId - id of the storage provider

    • addConsent

      void addConsent(RealmModel realm, String userId, UserConsentModel consent)
      Add user consent for the user.
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - all details corresponding to the granted consent
      Throws:
      ModelException - If there is no user with userId

    • getConsentByClient

      UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId)
      Returns UserConsentModel given by a user with the userId for the client with clientInternalId
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientInternalId - id of the client
      Returns:
      consent given by the user to the client or null if no consent or user exists
      Throws:
      ModelException - when there are more consents fulfilling specified parameters

    • getConsentsStream

      Stream<UserConsentModel> getConsentsStream(RealmModel realm, String userId)
      Obtains the consents associated with the user identified by the specified userId.
      Parameters:
      realm - a reference to the realm.
      userId - the user identifier.
      Returns:
      a non-null Stream of consents associated with the user.

    • updateConsent

      void updateConsent(RealmModel realm, String userId, UserConsentModel consent)
      Update client scopes in the stored user consent
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      consent - new details of the user consent
      Throws:
      ModelException - when consent doesn't exist for the userId

    • revokeConsentForClient

      boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId)
      Remove a user consent given by the user id and client id
      Parameters:
      realm - a reference to the realm
      userId - id of the user
      clientInternalId - id of the client
      Returns:
      true if the consent was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores

    • addVerifiableCredential

      UserVerifiableCredentialModel addVerifiableCredential(String userId, UserVerifiableCredentialModel credentialModel)
      Create verifiable credential of specified credential scope for this user
      Parameters:
      userId - id of the user
      credentialModel - credential model with "clientScopeId" set. The other fields will be generated if not set
      Returns:
      credentialModel with all the fields set

    • removeVerifiableCredential

      boolean removeVerifiableCredential(String userId, String clientScopeId)
      Remove verifiable credential of specified client scope from this user
      Parameters:
      userId - id if the user
      clientScopeId - client scope ID to delete
      Returns:
      true if credential was successfully removed. False otherwise

    • getVerifiableCredentialsByUser

      Stream<UserVerifiableCredentialModel> getVerifiableCredentialsByUser(String userId)
      Return all verifiable credentials of specified user
      Parameters:
      userId - id if the user
      Returns:
      a non-null Stream of all verifiable credentials of specified user

    • getVerifiableCredentialById

      UserVerifiableCredentialModel getVerifiableCredentialById(String id)
      Get a verifiable credential by its ID
      Parameters:
      id - the verifiable credential ID
      Returns:
      the credential model, or null if not found

    • getVerifiableCredentialByClientScope

      UserVerifiableCredentialModel getVerifiableCredentialByClientScope(String userId, String clientScopeId)
      Get a verifiable credential for a user by client scope ID
      Parameters:
      userId - id of the user
      clientScopeId - client scope ID
      Returns:
      the credential model, or null if not found

    • updateVerifiableCredential

      UserVerifiableCredentialModel updateVerifiableCredential(String userId, String clientScopeId)
      Update verifiable credential by refreshing user attributes snapshot and incrementing revision
      Parameters:
      userId - id of the user
      clientScopeId - client scope ID to update
      Returns:
      updated credential model
      Throws:
      ModelException - if credential doesn't exist

    • addFederatedIdentity

      void addFederatedIdentity(RealmModel realm, UserModel user, FederatedIdentityModel socialLink)
      Adds a federated identity link for the user within the realm
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialLink - the federated identity model containing all details of the association between the user and the identity provider

    • removeFederatedIdentity

      boolean removeFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Removes federation link between the user and the identity provider given by its id
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - alias of the identity provider, see IdentityProviderModel.getAlias()
      Returns:
      true if the association was removed, false otherwise TODO: Make this method return Boolean so that store can return "I don't know" answer, this can be used for example in async stores

    • updateFederatedIdentity

      void updateFederatedIdentity(RealmModel realm, UserModel federatedUser, FederatedIdentityModel federatedIdentityModel)
      Update details of association between the federatedUser and the idp given by the federatedIdentityModel
      Parameters:
      realm - a reference to the realm
      federatedUser - the user model
      federatedIdentityModel - the federated identity model containing all details of the association between the user and the identity provider

    • getFederatedIdentitiesStream

      Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realm, UserModel user)
      Obtains the federated identities of the specified user.
      Parameters:
      realm - a reference to the realm.
      user - the reference to the user.
      Returns:
      a non-null Stream of federated identities associated with the user.

    • getFederatedIdentity

      FederatedIdentityModel getFederatedIdentity(RealmModel realm, UserModel user, String socialProvider)
      Returns details of the association between the user and the socialProvider.
      Parameters:
      realm - a reference to the realm
      user - the user model
      socialProvider - the id of the identity provider
      Returns:
      federatedIdentityModel or null if no association exists

    • getUserByFederatedIdentity

      UserModel getUserByFederatedIdentity(RealmModel realm, FederatedIdentityModel socialLink)
      Returns a userModel that corresponds to the given socialLink.
      Parameters:
      realm - a reference to the realm
      socialLink - the socialLink
      Returns:
      the user corresponding to socialLink and null if no such user exists
      Throws:
      IllegalStateException - when there are more users for the given socialLink

    • preRemove

      void preRemove(RealmModel realm)
      Called when a realm is removed. Should remove all users that belong to the realm.
      Parameters:
      realm - a reference to the realm

    • preRemove

      void preRemove(RealmModel realm, IdentityProviderModel provider)
      Called when an identity provider is removed. Should remove all federated identities assigned to users from the provider.
      Parameters:
      realm - a reference to the realm
      provider - provider model

    • preRemove

      void preRemove(RealmModel realm, RoleModel role)
      Called when a role is removed. Should remove the role membership for each user.
      Parameters:
      realm - a reference to the realm
      role - the role model

    • preRemove

      void preRemove(RealmModel realm, GroupModel group)
      Called when a group is removed. Should remove the group membership for each user.
      Parameters:
      realm - a reference to the realm
      group - the group model

    • preRemove

      void preRemove(RealmModel realm, ClientModel client)
      Called when a client is removed. Should remove all user consents associated with the client
      Parameters:
      realm - a reference to the realm
      client - the client model

    • preRemove

      void preRemove(ProtocolMapperModel protocolMapper)
      Called when a protocolMapper is removed
      Parameters:
      protocolMapper - the protocolMapper model

    • preRemove

      void preRemove(ClientScopeModel clientScope)
      Called when a client scope is removed. Should remove the clientScope from each user consent
      Parameters:
      clientScope - the clientScope model

    • preRemove

      void preRemove(RealmModel realm, ComponentModel component)
      Called when a component is removed. Should remove all data in UserStorage associated with removed component. For example,
      • if component corresponds to UserStorageProvider all imported users from the provider should be removed,
      • if component corresponds to ClientStorageProvider all consents granted for clients imported from the provider should be removed
      Parameters:
      realm - a reference to the realm
      component - the component model

    • getUserCredentialManager

      UserCredentialManager getUserCredentialManager(UserModel user)
      Default implementation of SubjectCredentialManager suitable for most of user providers
      Returns:
      user credential manager

    • addIssuedVerifiableCredential

      IssuedVerifiableCredentialModel addIssuedVerifiableCredential(IssuedVerifiableCredentialModel issuedVc)
      Record that a verifiable credential was issued to a user.
      Parameters:
      issuedVc - model with userId, clientId, verifiableCredentialId set
      Returns:
      issuedVerifiableCredentialModel with all the fields set (including ID)

    • getIssuedVerifiableCredentialsStreamByUser

      Stream<IssuedVerifiableCredentialModel> getIssuedVerifiableCredentialsStreamByUser(String userId)
      Get all issued verifiable credentials for a specific user.
      Parameters:
      userId - user ID
      Returns:
      stream of issued verifiable credentials, sorted by issuedAt descending

    • removeIssuedVerifiableCredential

      boolean removeIssuedVerifiableCredential(String credentialId)
      Remove an issued verifiable credential by its ID.
      Parameters:
      credentialId - the ID of the issued credential to remove
      Returns:
      true if the credential was removed, false if it was not found

    • removeExpiredIssuedVerifiableCredentials

      void removeExpiredIssuedVerifiableCredentials()
      Remove all expired issued verifiable credentials across all realms. This is called periodically by the scheduled cleanup task.