Package org.keycloak.protocol

Interface LoginProtocolFactory

All Superinterfaces:
ProviderFactory<LoginProtocol>
All Known Implementing Classes:
AbstractLoginProtocolFactory, DockerAuthV2ProtocolFactory, OID4VCLoginProtocolFactory, OIDCLoginProtocolFactory, SamlProtocolFactory
public interface LoginProtocolFactory extends ProviderFactory<LoginProtocol>
Version:
$Revision: 1 $
Author:
Bill Burke

  • Method Details

    • getBuiltinMappers

      Map<String,ProtocolMapperModel> getBuiltinMappers()
      List of built in protocol mappers that can be used to apply to clients.
      Returns:

    • createProtocolEndpoint

      Object createProtocolEndpoint(KeycloakSession session, EventBuilder event)

    • createDefaultClientScopes

      void createDefaultClientScopes(RealmModel newRealm, boolean addScopesToExistingClients)
      Called when new realm is created
      Parameters:
      newRealm -
      addScopesToExistingClients - If true, then existing realm clients will be updated (created realm default scopes will be added to them)

    • setupClientDefaults

      void setupClientDefaults(ClientRepresentation rep, ClientModel newClient)
      Setup default values for new clients. This expects that the representation has already set up the client
      Parameters:
      rep -
      newClient -

    • addClientScopeDefaults

      void addClientScopeDefaults(ClientScopeRepresentation clientScope)
      Add default values to ClientScopeRepresentations that refer to the specific login-protocol

    • validateClientScope

      default void validateClientScope(KeycloakSession session, ClientScopeRepresentation clientScope) throws jakarta.ws.rs.WebApplicationException
      Invoked during client-scope creation or update to add additional validation hooks specific to target protocol. May throw errorResponseException in case
      Parameters:
      session - Keycloak session
      clientScope - client scope to create or update
      Throws:
      jakarta.ws.rs.WebApplicationException - or some of it's subclass if validation fails

    • isValidClientScope

      default boolean isValidClientScope(KeycloakSession session, ClientModel client, ClientScopeModel clientScope)
      Test if the clientScope is valid for particular client. Usually called during protocol requests

    • validateClientScopeAssignment

      default void validateClientScopeAssignment(KeycloakSession session, ClientScopeModel clientScope, boolean defaultScope, RealmModel realm)
      Validates whether a client scope can be assigned as Default or Optional to a client or realm. This method is called before assigning a client scope to ensure protocol-specific restrictions are enforced.
      Parameters:
      session - the Keycloak session
      clientScope - the client scope to be assigned
      defaultScope - true if assigning as Default scope, false if Optional
      realm - the realm where the assignment is happening
      Throws:
      jakarta.ws.rs.BadRequestException - if the assignment is not allowed