Class OID4VCAuthorizationDetailsProcessor
java.lang.Object
org.keycloak.protocol.oid4vc.issuance.OID4VCAuthorizationDetailsProcessor
- All Implemented Interfaces:
AuthorizationDetailsProcessor<OID4VCAuthorizationDetail>,Provider
public class OID4VCAuthorizationDetailsProcessor
extends Object
implements AuthorizationDetailsProcessor<OID4VCAuthorizationDetail>
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidafterAuthorizationDetailsProcessed(UserSessionModel userSession, ClientSessionContext clientSessionCtx, OID4VCAuthorizationDetail oid4vcAuthzDetailResponse) Hook method called after authorization_details are processed and before the token response is created.voidclose()protected IssuedVerifiableCredentialModelcreateIssuedVerifiableCredential(UserModel userModel, ClientModel clientModel, CredentialScopeModel credentialScope) generateResponseAuthorizationDetails(CredentialScopeModel credScope, String credOffersId) handleMissingAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx) Method is invoked in cases when authorization_details parameter is missing in the request.booleanChecks if this processor should be regarded as supported in the running context.process(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation authzDetail) Processes the authorization_details parameter and returns a response if this processor is able to handle the given authorization_details parameter.processStoredAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation storedAuthDetails) Method is invoked when authorization_details was used in the authorization request but is missing from the token request.Sanitize authorization details before they are sent as part of the Token Response https://github.com/keycloak/keycloak/issues/50079Validates an authorization detail against supported credentials and other constraints.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.protocol.oidc.rar.AuthorizationDetailsProcessor
getSupportedAuthorizationDetails
-
Constructor Details
-
OID4VCAuthorizationDetailsProcessor
-
-
Method Details
-
isSupported
public boolean isSupported()Description copied from interface:AuthorizationDetailsProcessorChecks if this processor should be regarded as supported in the running context.- Specified by:
isSupportedin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>
-
getSupportedType
- Specified by:
getSupportedTypein interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Returns:
- supported type of authorization_details "type" claim, which this processor is able to process. This should usually correspond with the "providerId" of
the
AuthorizationDetailsProcessorFactory, which created this processor
-
getSupportedResponseJavaType
- Specified by:
getSupportedResponseJavaTypein interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Returns:
- supported Java type of
AuthorizationDetailsJSONRepresentationsubclass, which this processor can create in the token response
-
process
public OID4VCAuthorizationDetail process(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation authzDetail) Description copied from interface:AuthorizationDetailsProcessorProcesses the authorization_details parameter and returns a response if this processor is able to handle the given authorization_details parameter.- Specified by:
processin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Parameters:
userSession- the user sessionclientSessionCtx- the client session contextauthzDetail- the authorization_details member (usually one member from the list) sent in the "authorization_details" request parameter- Returns:
- authorization details response if this processor can handle the parameter, null if the parameter is incompatible with this processor
-
validateAuthorizationDetail
public OID4VCAuthorizationDetail validateAuthorizationDetail(AuthorizationDetailsJSONRepresentation authzDetail) throws InvalidAuthorizationDetailsException Description copied from interface:AuthorizationDetailsProcessorValidates an authorization detail against supported credentials and other constraints.- Specified by:
validateAuthorizationDetailin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Throws:
InvalidAuthorizationDetailsException
-
sanitizeBeforeSendingTokenResponse
public OID4VCAuthorizationDetail sanitizeBeforeSendingTokenResponse(OID4VCAuthorizationDetail authzDetail) Description copied from interface:AuthorizationDetailsProcessorSanitize authorization details before they are sent as part of the Token Response https://github.com/keycloak/keycloak/issues/50079- Specified by:
sanitizeBeforeSendingTokenResponsein interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Parameters:
authzDetail- The typed authorization detail- Returns:
- A sanitized clone of the authorization detail
-
handleMissingAuthorizationDetails
public List<OID4VCAuthorizationDetail> handleMissingAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx) Description copied from interface:AuthorizationDetailsProcessorMethod is invoked in cases when authorization_details parameter is missing in the request. It allows processor to generate authorization details response in such a case- Specified by:
handleMissingAuthorizationDetailsin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Parameters:
userSession- the user sessionclientSessionCtx- the client session context- Returns:
- authorization details response if this processor can handle current request in case that authorization_details parameter was not provided
-
processStoredAuthorizationDetails
public OID4VCAuthorizationDetail processStoredAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation storedAuthDetails) throws InvalidAuthorizationDetailsException Description copied from interface:AuthorizationDetailsProcessorMethod is invoked when authorization_details was used in the authorization request but is missing from the token request. This method should process the stored authorization_details and ensure they are returned in the token response.- Specified by:
processStoredAuthorizationDetailsin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Parameters:
userSession- the user sessionclientSessionCtx- the client session contextstoredAuthDetails- the parsed member (usually one member of the list) from the authorization_details parameter that were stored during the authorization request- Returns:
- authorization details response if this processor can handle the stored authorization_details, null if the processor cannot handle the stored authorization_details
- Throws:
InvalidAuthorizationDetailsException
-
afterAuthorizationDetailsProcessed
public void afterAuthorizationDetailsProcessed(UserSessionModel userSession, ClientSessionContext clientSessionCtx, OID4VCAuthorizationDetail oid4vcAuthzDetailResponse) Description copied from interface:AuthorizationDetailsProcessorHook method called after authorization_details are processed and before the token response is created. This allows authorization details processors to perform post-processing actions (e.g., creating state objects).- Specified by:
afterAuthorizationDetailsProcessedin interfaceAuthorizationDetailsProcessor<OID4VCAuthorizationDetail>- Parameters:
userSession- the user sessionclientSessionCtx- the client session contextoid4vcAuthzDetailResponse- The response object of the proper type, which is supposed to be processed by this processor.
-
close
public void close() -
generateResponseAuthorizationDetails
public OID4VCAuthorizationDetail generateResponseAuthorizationDetails(CredentialScopeModel credScope, String credOffersId) -
createIssuedVerifiableCredential
protected IssuedVerifiableCredentialModel createIssuedVerifiableCredential(UserModel userModel, ClientModel clientModel, CredentialScopeModel credentialScope)
-