Package org.keycloak.models.oid4vci
Class CredentialScopeModel
java.lang.Object
org.keycloak.models.oid4vci.CredentialScopeModel
- All Implemented Interfaces:
ClientScopeModel,OrderedModel,ProtocolMapperContainerModel,ScopeContainerModel
This class acts as delegate for a
ClientScopeModel implementation and adds additional functionality for
OpenId4VC credentials- Author:
- Pascal Knüppel
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.models.ClientScopeModel
ClientScopeModel.ClientScopeCreatedEvent, ClientScopeModel.ClientScopeRemovedEventNested classes/interfaces inherited from interface org.keycloak.models.OrderedModel
OrderedModel.OrderedModelComparator<OM extends OrderedModel> -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringthe value that is entered into the "@contexts"-attribute of a verifiable credentialstatic final Stringstatic final Stringif the credential is only meant for specific cryptographic binding algorithms the global default list can be overridden here.static final Stringstatic final Stringstatic final intstatic final Stringstatic final Stringstatic final Stringan optional configuration that can be used to select a specific hash algorithmstatic final Stringstatic final Stringthis configuration property can be used to enforce specific claims to be included in the metadata, if they would normally not and vice versastatic final Stringthe credential configuration id as provided in the metadata endpointstatic final intstatic final Stringthis attribute holds a customizable value for the number of decoys to use in a SD-JWT credentialstatic final Stringan optional attribute that tells us which attributes should be added into the SD-JWT body.static final Stringstatic final Stringif the credential is only meant for specific signing algorithms the global default list can be overridden here.static final Stringan optional configuration that can be used to select a specific key for signing the credentialstatic final Stringthis attribute holds the 'typ' value that will be added into the JWS header of the credential.static final Stringstatic final Stringthe value that is added into the "types"-attribute of a verifiable credentialstatic final Stringan optional attribute for the metadata endpointstatic final StringFields inherited from interface org.keycloak.models.ClientScopeModel
CONSENT_SCREEN_TEXT, DISPLAY_ON_CONSENT_SCREEN, DYNAMIC_SCOPE_REGEXP, GUI_ORDER, INCLUDE_IN_TOKEN_SCOPE, IS_DYNAMIC_SCOPE, VALUE_SEPARATOR -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddScopeMapping(RoleModel role) voiddeleteScopeMapping(RoleModel role) getAttribute(String name) getId()getName()getProtocolMapperByName(String protocol, String name) Returns protocol mappers as a stream.getRealm()From the scope mappings returned byScopeContainerModel.getScopeMappingsStream()returns only those that belong to the realm that owns this scope container.getScope()Returns scope mappings for this scope container as a stream.intgetVct()booleanhasDirectScope(RoleModel role) Returnstrue, if this object has the given role directly in its scope.booleanReturnstrue, if this object has the given role directly or indirectly in its scope,falseotherwise.booleanbooleanbooleanvoidremoveAttribute(String name) voidremoveProtocolMapper(ProtocolMapperModel mapping) voidsetAttribute(String name, String value) voidsetConsentScreenText(String consentScreenText) voidsetCredentialConfigurationId(String credentialConfigurationId) voidsetCredentialIdentifier(String credentialIdentifier) voidsetCryptographicBindingMethods(String cryptographicBindingMethods) voidsetCryptographicBindingMethods(List<String> cryptographicBindingMethods) voidsetDescription(String description) voidsetDisplayOnConsentScreen(boolean displayOnConsentScreen) voidsetExpiryInSeconds(Integer expiryInSeconds) voidvoidsetGuiOrder(String guiOrder) voidsetHashAlgorithm(String hashAlgorithm) voidsetIncludeInTokenScope(boolean includeInTokenScope) voidsetIsDynamicScope(boolean isDynamicScope) voidsetIssuerDid(String issuerDid) voidvoidsetProtocol(String protocol) voidsetSdJwtNumberOfDecoys(Integer sdJwtNumberOfDecoys) voidsetSdJwtVisibleClaims(String sdJwtVisibleClaims) voidsetSdJwtVisibleClaims(List<String> sdJwtVisibleClaims) voidsetSigningAlgsSupported(String signingAlgsSupported) voidsetSigningAlgsSupported(List<String> signingAlgsSupported) voidsetSigningKeyId(String signingKeyId) voidsetSupportedCredentialTypes(String supportedCredentialTypes) voidsetSupportedCredentialTypes(List<String> supportedCredentialTypes) voidsetTokenJwsType(String tokenJwsType) voidsetVcContexts(String vcContexts) voidsetVcContexts(List<String> vcContexts) voidsetVcDisplay(String vcDisplay) voidvoidupdateProtocolMapper(ProtocolMapperModel mapping)
-
Field Details
-
SD_JWT_VISIBLE_CLAIMS_DEFAULT
- See Also:
-
SD_JWT_DECOYS_DEFAULT
public static final int SD_JWT_DECOYS_DEFAULT- See Also:
-
FORMAT_DEFAULT
- See Also:
-
HASH_ALGORITHM_DEFAULT
- See Also:
-
TOKEN_TYPE_DEFAULT
- See Also:
-
EXPIRY_IN_SECONDS_DEFAULT
public static final int EXPIRY_IN_SECONDS_DEFAULT- See Also:
-
CRYPTOGRAPHIC_BINDING_METHODS_DEFAULT
- See Also:
-
ISSUER_DID
the credential configuration id as provided in the metadata endpoint- See Also:
-
CONFIGURATION_ID
- See Also:
-
CREDENTIAL_IDENTIFIER
- See Also:
-
FORMAT
- See Also:
-
EXPIRY_IN_SECONDS
- See Also:
-
VCT
- See Also:
-
TYPES
the value that is added into the "types"-attribute of a verifiable credential- See Also:
-
CONTEXTS
the value that is entered into the "@contexts"-attribute of a verifiable credential- See Also:
-
SIGNING_ALG_VALUES_SUPPORTED
if the credential is only meant for specific signing algorithms the global default list can be overridden here. The global default list is retrieved from the available keys in the realm.- See Also:
-
CRYPTOGRAPHIC_BINDING_METHODS
if the credential is only meant for specific cryptographic binding algorithms the global default list can be overridden here. The global default list is retrieved from the available keys in the realm.- See Also:
-
SIGNING_KEY_ID
an optional configuration that can be used to select a specific key for signing the credential- See Also:
-
VC_DISPLAY
an optional attribute for the metadata endpoint- See Also:
-
SD_JWT_NUMBER_OF_DECOYS
this attribute holds a customizable value for the number of decoys to use in a SD-JWT credential- See Also:
-
SD_JWT_VISIBLE_CLAIMS
an optional attribute that tells us which attributes should be added into the SD-JWT body.- See Also:
-
HASH_ALGORITHM
an optional configuration that can be used to select a specific hash algorithm- See Also:
-
TOKEN_JWS_TYPE
this attribute holds the 'typ' value that will be added into the JWS header of the credential.- See Also:
-
INCLUDE_IN_METADATA
this configuration property can be used to enforce specific claims to be included in the metadata, if they would normally not and vice versa- See Also:
-
-
Constructor Details
-
CredentialScopeModel
-
-
Method Details
-
getIssuerDid
-
setIssuerDid
-
getScope
-
getCredentialConfigurationId
-
setCredentialConfigurationId
-
getCredentialIdentifier
-
setCredentialIdentifier
-
getFormat
-
setFormat
-
getExpiryInSeconds
-
setExpiryInSeconds
-
getSdJwtNumberOfDecoys
public int getSdJwtNumberOfDecoys() -
setSdJwtNumberOfDecoys
-
getVct
-
setVct
-
getTokenJwsType
-
setTokenJwsType
-
getSigningKeyId
-
setSigningKeyId
-
getHashAlgorithm
-
setHashAlgorithm
-
getSupportedCredentialTypes
-
setSupportedCredentialTypes
-
setSupportedCredentialTypes
-
getVcContexts
-
setVcContexts
-
setVcContexts
-
getSigningAlgsSupported
-
setSigningAlgsSupported
-
setSigningAlgsSupported
-
getCryptographicBindingMethods
-
setCryptographicBindingMethods
-
setCryptographicBindingMethods
-
getSdJwtVisibleClaims
-
setSdJwtVisibleClaims
-
setSdJwtVisibleClaims
-
getVcDisplay
-
setVcDisplay
-
getId
- Specified by:
getIdin interfaceClientScopeModel
-
getName
- Specified by:
getNamein interfaceClientScopeModel
-
setName
- Specified by:
setNamein interfaceClientScopeModel
-
getRealm
- Specified by:
getRealmin interfaceClientScopeModel
-
getDescription
- Specified by:
getDescriptionin interfaceClientScopeModel
-
setDescription
- Specified by:
setDescriptionin interfaceClientScopeModel
-
getProtocol
- Specified by:
getProtocolin interfaceClientScopeModel
-
setProtocol
- Specified by:
setProtocolin interfaceClientScopeModel
-
setAttribute
- Specified by:
setAttributein interfaceClientScopeModel
-
removeAttribute
- Specified by:
removeAttributein interfaceClientScopeModel
-
getAttribute
- Specified by:
getAttributein interfaceClientScopeModel
-
getAttributes
- Specified by:
getAttributesin interfaceClientScopeModel
-
isDisplayOnConsentScreen
public boolean isDisplayOnConsentScreen()- Specified by:
isDisplayOnConsentScreenin interfaceClientScopeModel
-
setDisplayOnConsentScreen
public void setDisplayOnConsentScreen(boolean displayOnConsentScreen) - Specified by:
setDisplayOnConsentScreenin interfaceClientScopeModel
-
getConsentScreenText
- Specified by:
getConsentScreenTextin interfaceClientScopeModel
-
setConsentScreenText
- Specified by:
setConsentScreenTextin interfaceClientScopeModel
-
getGuiOrder
- Specified by:
getGuiOrderin interfaceClientScopeModel- Specified by:
getGuiOrderin interfaceOrderedModel
-
setGuiOrder
- Specified by:
setGuiOrderin interfaceClientScopeModel
-
isIncludeInTokenScope
public boolean isIncludeInTokenScope()- Specified by:
isIncludeInTokenScopein interfaceClientScopeModel
-
setIncludeInTokenScope
public void setIncludeInTokenScope(boolean includeInTokenScope) - Specified by:
setIncludeInTokenScopein interfaceClientScopeModel
-
isDynamicScope
public boolean isDynamicScope()- Specified by:
isDynamicScopein interfaceClientScopeModel
-
setIsDynamicScope
public void setIsDynamicScope(boolean isDynamicScope) - Specified by:
setIsDynamicScopein interfaceClientScopeModel
-
getDynamicScopeRegexp
- Specified by:
getDynamicScopeRegexpin interfaceClientScopeModel
-
getOid4vcProtocolMappersStream
-
getProtocolMappersStream
Description copied from interface:ProtocolMapperContainerModelReturns protocol mappers as a stream.- Specified by:
getProtocolMappersStreamin interfaceProtocolMapperContainerModel- Returns:
- Stream of protocol mapper. Never returns
null.
-
addProtocolMapper
- Specified by:
addProtocolMapperin interfaceProtocolMapperContainerModel
-
removeProtocolMapper
- Specified by:
removeProtocolMapperin interfaceProtocolMapperContainerModel
-
updateProtocolMapper
- Specified by:
updateProtocolMapperin interfaceProtocolMapperContainerModel
-
getProtocolMapperById
- Specified by:
getProtocolMapperByIdin interfaceProtocolMapperContainerModel
-
getProtocolMapperByName
- Specified by:
getProtocolMapperByNamein interfaceProtocolMapperContainerModel
-
getScopeMappingsStream
Description copied from interface:ScopeContainerModelReturns scope mappings for this scope container as a stream.- Specified by:
getScopeMappingsStreamin interfaceScopeContainerModel- Returns:
- Stream of
RoleModel. Never returnsnull.
-
getRealmScopeMappingsStream
Description copied from interface:ScopeContainerModelFrom the scope mappings returned byScopeContainerModel.getScopeMappingsStream()returns only those that belong to the realm that owns this scope container.- Specified by:
getRealmScopeMappingsStreamin interfaceScopeContainerModel- Returns:
- stream of
RoleModel. Never returnsnull.
-
addScopeMapping
- Specified by:
addScopeMappingin interfaceScopeContainerModel
-
deleteScopeMapping
- Specified by:
deleteScopeMappingin interfaceScopeContainerModel
-
hasDirectScope
Description copied from interface:ScopeContainerModelReturnstrue, if this object has the given role directly in its scope.- Specified by:
hasDirectScopein interfaceScopeContainerModel- Parameters:
role- the role- Returns:
- see description
- See Also:
-
hasScope
Description copied from interface:ScopeContainerModelReturnstrue, if this object has the given role directly or indirectly in its scope,falseotherwise.- Specified by:
hasScopein interfaceScopeContainerModel- Parameters:
role- the role- Returns:
- see description
- See Also:
-