Package org.keycloak.models.oid4vci
Class CredentialScopeModel
java.lang.Object
org.keycloak.models.oid4vci.CredentialScopeModel
- All Implemented Interfaces:
ClientScopeModel,OrderedModel,ProtocolMapperContainerModel,ScopeContainerModel
This class acts as delegate for a
ClientScopeModel implementation and adds additional functionality for
OpenId4VC credentials- Author:
- Pascal Knüppel
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.models.ClientScopeModel
ClientScopeModel.ClientScopeCreatedEvent, ClientScopeModel.ClientScopeRemovedEventNested classes/interfaces inherited from interface org.keycloak.models.OrderedModel
OrderedModel.OrderedModelComparator<OM extends OrderedModel> -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringthe value that is entered into the "@contexts"-attribute of a verifiable credentialstatic final Stringstatic final Stringif the credential is only meant for specific cryptographic binding algorithms the global default list can be overridden here.static final Stringstatic final Stringstatic final intstatic final Stringstatic final Stringstatic final Stringan optional configuration that can be used to select a specific hash algorithmstatic final Stringstatic final Stringthis configuration property can be used to enforce specific claims to be included in the metadata, if they would normally not and vice versastatic final Stringthe credential configuration id as provided in the metadata endpointstatic final StringOPTIONAL.static final StringOPTIONAL.static final StringOPTIONAL.static final intstatic final Stringthis attribute holds a customizable value for the number of decoys to use in a SD-JWT credentialstatic final Stringan optional attribute that tells us which attributes should be added into the SD-JWT body.static final Stringstatic final StringThe credential signature algorithm.static final Stringan optional configuration that can be used to select a specific key for signing the credentialstatic final Stringthis attribute holds the 'typ' value that will be added into the JWS header of the credential.static final Stringstatic final Stringthe value that is added into the "types"-attribute of a verifiable credentialstatic final Stringan optional attribute for the metadata endpointstatic final StringFields inherited from interface org.keycloak.models.ClientScopeModel
CONSENT_SCREEN_TEXT, DISPLAY_ON_CONSENT_SCREEN, DYNAMIC_SCOPE_REGEXP, GUI_ORDER, INCLUDE_IN_OPENID_PROVIDER_METADATA, INCLUDE_IN_TOKEN_SCOPE, IS_DYNAMIC_SCOPE, VALUE_SEPARATOR -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddScopeMapping(RoleModel role) voiddeleteScopeMapping(RoleModel role) getAttribute(String name) getId()getName()getProtocolMapperByName(String protocol, String name) Returns protocol mappers as a stream.getRealm()From the scope mappings returned byScopeContainerModel.getScopeMappingsStream()returns only those that belong to the realm that owns this scope container.voidgetRequiredKeyAttestationUserAuthentication(List<String> userAuthentication) getScope()Returns scope mappings for this scope container as a stream.intgetVct()booleanhasDirectScope(RoleModel role) Returnstrue, if this object has the given role directly in its scope.booleanReturnstrue, if this object has the given role directly or indirectly in its scope,falseotherwise.booleanbooleanbooleanbooleanvoidremoveAttribute(String name) voidremoveProtocolMapper(ProtocolMapperModel mapping) voidsetAttribute(String name, String value) voidsetConsentScreenText(String consentScreenText) voidsetCredentialConfigurationId(String credentialConfigurationId) voidsetCredentialIdentifier(String credentialIdentifier) voidsetCryptographicBindingMethods(String cryptographicBindingMethods) voidsetCryptographicBindingMethods(List<String> cryptographicBindingMethods) voidsetDescription(String description) voidsetDisplayOnConsentScreen(boolean displayOnConsentScreen) voidsetExpiryInSeconds(Integer expiryInSeconds) voidvoidsetGuiOrder(String guiOrder) voidsetHashAlgorithm(String hashAlgorithm) voidsetIncludeInTokenScope(boolean includeInTokenScope) voidsetIsDynamicScope(boolean isDynamicScope) voidsetIssuerDid(String issuerDid) voidsetKeyAttestationRequired(boolean keyAttestationRequired) voidvoidsetProtocol(String protocol) voidsetRequiredKeyAttestationKeyStorage(List<String> keyStorage) voidsetSdJwtNumberOfDecoys(Integer sdJwtNumberOfDecoys) voidsetSdJwtVisibleClaims(String sdJwtVisibleClaims) voidsetSdJwtVisibleClaims(List<String> sdJwtVisibleClaims) voidsetSigningAlg(String signingAlg) voidsetSigningKeyId(String signingKeyId) voidsetSupportedCredentialTypes(String supportedCredentialTypes) voidsetSupportedCredentialTypes(List<String> supportedCredentialTypes) voidsetTokenJwsType(String tokenJwsType) voidsetVcContexts(String vcContexts) voidsetVcContexts(List<String> vcContexts) voidsetVcDisplay(String vcDisplay) voidvoidupdateProtocolMapper(ProtocolMapperModel mapping) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.models.ClientScopeModel
isIncludeInOpenIDProviderMetadata, setIncludeInOpenIDProviderMetadata
-
Field Details
-
SD_JWT_VISIBLE_CLAIMS_DEFAULT
- See Also:
-
SD_JWT_DECOYS_DEFAULT
public static final int SD_JWT_DECOYS_DEFAULT- See Also:
-
FORMAT_DEFAULT
- See Also:
-
HASH_ALGORITHM_DEFAULT
- See Also:
-
TOKEN_TYPE_DEFAULT
- See Also:
-
EXPIRY_IN_SECONDS_DEFAULT
public static final int EXPIRY_IN_SECONDS_DEFAULT- See Also:
-
CRYPTOGRAPHIC_BINDING_METHODS_DEFAULT
- See Also:
-
ISSUER_DID
the credential configuration id as provided in the metadata endpoint- See Also:
-
CONFIGURATION_ID
- See Also:
-
CREDENTIAL_IDENTIFIER
- See Also:
-
FORMAT
- See Also:
-
EXPIRY_IN_SECONDS
- See Also:
-
VCT
- See Also:
-
TYPES
the value that is added into the "types"-attribute of a verifiable credential- See Also:
-
CONTEXTS
the value that is entered into the "@contexts"-attribute of a verifiable credential- See Also:
-
SIGNING_ALG
The credential signature algorithm. If it is not configured, then the realm active key is used to sign the verifiable credential- See Also:
-
CRYPTOGRAPHIC_BINDING_METHODS
if the credential is only meant for specific cryptographic binding algorithms the global default list can be overridden here. The global default list is retrieved from the available keys in the realm.- See Also:
-
SIGNING_KEY_ID
an optional configuration that can be used to select a specific key for signing the credential- See Also:
-
VC_DISPLAY
an optional attribute for the metadata endpoint- See Also:
-
SD_JWT_NUMBER_OF_DECOYS
this attribute holds a customizable value for the number of decoys to use in a SD-JWT credential- See Also:
-
SD_JWT_VISIBLE_CLAIMS
an optional attribute that tells us which attributes should be added into the SD-JWT body.- See Also:
-
HASH_ALGORITHM
an optional configuration that can be used to select a specific hash algorithm- See Also:
-
TOKEN_JWS_TYPE
this attribute holds the 'typ' value that will be added into the JWS header of the credential.- See Also:
-
INCLUDE_IN_METADATA
this configuration property can be used to enforce specific claims to be included in the metadata, if they would normally not and vice versa- See Also:
-
KEY_ATTESTATION_REQUIRED
OPTIONAL. Object that describes the requirement for key attestations as described in Appendix D, which the Credential Issuer expects the Wallet to send within the proof(s) of the Credential Request. If the Credential Issuer does not require a key attestation, this parameter MUST NOT be present in the metadata. If both key_storage and user_authentication parameters are absent, the key_attestations_required parameter may be empty, indicating a key attestation is needed without additional constraints.- See Also:
-
KEY_ATTESTATION_REQUIRED_KEY_STORAGE
OPTIONAL. A non-empty array defining values specified in Appendix D.2 accepted by the Credential Issuer.- See Also:
-
KEY_ATTESTATION_REQUIRED_USER_AUTH
OPTIONAL. A non-empty array defining values specified in Appendix D.2 accepted by the Credential Issuer.- See Also:
-
-
Constructor Details
-
CredentialScopeModel
-
-
Method Details
-
getIssuerDid
-
setIssuerDid
-
getScope
-
getCredentialConfigurationId
-
setCredentialConfigurationId
-
getCredentialIdentifier
-
setCredentialIdentifier
-
getFormat
-
setFormat
-
getExpiryInSeconds
-
setExpiryInSeconds
-
getSdJwtNumberOfDecoys
public int getSdJwtNumberOfDecoys() -
setSdJwtNumberOfDecoys
-
getVct
-
setVct
-
getTokenJwsType
-
setTokenJwsType
-
getSigningKeyId
-
setSigningKeyId
-
getHashAlgorithm
-
setHashAlgorithm
-
getSupportedCredentialTypes
-
setSupportedCredentialTypes
-
setSupportedCredentialTypes
-
getVcContexts
-
setVcContexts
-
setVcContexts
-
getSigningAlg
-
setSigningAlg
-
getCryptographicBindingMethods
-
setCryptographicBindingMethods
-
setCryptographicBindingMethods
-
getSdJwtVisibleClaims
-
setSdJwtVisibleClaims
-
setSdJwtVisibleClaims
-
getVcDisplay
-
setVcDisplay
-
isKeyAttestationRequired
public boolean isKeyAttestationRequired() -
setKeyAttestationRequired
public void setKeyAttestationRequired(boolean keyAttestationRequired) -
getRequiredKeyAttestationKeyStorage
-
setRequiredKeyAttestationKeyStorage
-
getRequiredKeyAttestationUserAuthentication
-
getRequiredKeyAttestationUserAuthentication
-
getId
- Specified by:
getIdin interfaceClientScopeModel
-
getName
- Specified by:
getNamein interfaceClientScopeModel
-
setName
- Specified by:
setNamein interfaceClientScopeModel
-
getRealm
- Specified by:
getRealmin interfaceClientScopeModel
-
getDescription
- Specified by:
getDescriptionin interfaceClientScopeModel
-
setDescription
- Specified by:
setDescriptionin interfaceClientScopeModel
-
getProtocol
- Specified by:
getProtocolin interfaceClientScopeModel
-
setProtocol
- Specified by:
setProtocolin interfaceClientScopeModel
-
setAttribute
- Specified by:
setAttributein interfaceClientScopeModel
-
removeAttribute
- Specified by:
removeAttributein interfaceClientScopeModel
-
getAttribute
- Specified by:
getAttributein interfaceClientScopeModel
-
getAttributes
- Specified by:
getAttributesin interfaceClientScopeModel
-
isDisplayOnConsentScreen
public boolean isDisplayOnConsentScreen()- Specified by:
isDisplayOnConsentScreenin interfaceClientScopeModel
-
setDisplayOnConsentScreen
public void setDisplayOnConsentScreen(boolean displayOnConsentScreen) - Specified by:
setDisplayOnConsentScreenin interfaceClientScopeModel
-
getConsentScreenText
- Specified by:
getConsentScreenTextin interfaceClientScopeModel
-
setConsentScreenText
- Specified by:
setConsentScreenTextin interfaceClientScopeModel
-
getGuiOrder
- Specified by:
getGuiOrderin interfaceClientScopeModel- Specified by:
getGuiOrderin interfaceOrderedModel
-
setGuiOrder
- Specified by:
setGuiOrderin interfaceClientScopeModel
-
isIncludeInTokenScope
public boolean isIncludeInTokenScope()- Specified by:
isIncludeInTokenScopein interfaceClientScopeModel
-
setIncludeInTokenScope
public void setIncludeInTokenScope(boolean includeInTokenScope) - Specified by:
setIncludeInTokenScopein interfaceClientScopeModel
-
isDynamicScope
public boolean isDynamicScope()- Specified by:
isDynamicScopein interfaceClientScopeModel
-
setIsDynamicScope
public void setIsDynamicScope(boolean isDynamicScope) - Specified by:
setIsDynamicScopein interfaceClientScopeModel
-
getDynamicScopeRegexp
- Specified by:
getDynamicScopeRegexpin interfaceClientScopeModel
-
getOid4vcProtocolMappersStream
-
getProtocolMappersStream
Description copied from interface:ProtocolMapperContainerModelReturns protocol mappers as a stream.- Specified by:
getProtocolMappersStreamin interfaceProtocolMapperContainerModel- Returns:
- Stream of protocol mapper. Never returns
null.
-
addProtocolMapper
- Specified by:
addProtocolMapperin interfaceProtocolMapperContainerModel
-
removeProtocolMapper
- Specified by:
removeProtocolMapperin interfaceProtocolMapperContainerModel
-
updateProtocolMapper
- Specified by:
updateProtocolMapperin interfaceProtocolMapperContainerModel
-
getProtocolMapperById
- Specified by:
getProtocolMapperByIdin interfaceProtocolMapperContainerModel
-
getProtocolMapperByType
- Specified by:
getProtocolMapperByTypein interfaceProtocolMapperContainerModel
-
getProtocolMapperByName
- Specified by:
getProtocolMapperByNamein interfaceProtocolMapperContainerModel
-
getScopeMappingsStream
Description copied from interface:ScopeContainerModelReturns scope mappings for this scope container as a stream.- Specified by:
getScopeMappingsStreamin interfaceScopeContainerModel- Returns:
- Stream of
RoleModel. Never returnsnull.
-
getRealmScopeMappingsStream
Description copied from interface:ScopeContainerModelFrom the scope mappings returned byScopeContainerModel.getScopeMappingsStream()returns only those that belong to the realm that owns this scope container.- Specified by:
getRealmScopeMappingsStreamin interfaceScopeContainerModel- Returns:
- stream of
RoleModel. Never returnsnull.
-
addScopeMapping
- Specified by:
addScopeMappingin interfaceScopeContainerModel
-
deleteScopeMapping
- Specified by:
deleteScopeMappingin interfaceScopeContainerModel
-
hasDirectScope
Description copied from interface:ScopeContainerModelReturnstrue, if this object has the given role directly in its scope.- Specified by:
hasDirectScopein interfaceScopeContainerModel- Parameters:
role- the role- Returns:
- see description
- See Also:
-
hasScope
Description copied from interface:ScopeContainerModelReturnstrue, if this object has the given role directly or indirectly in its scope,falseotherwise.- Specified by:
hasScopein interfaceScopeContainerModel- Parameters:
role- the role- Returns:
- see description
- See Also:
-