org.keycloak.protocol.oid4vc.issuance.keybinding.AttestationProofValidatorFactory

All Implemented Interfaces:: ProofValidatorFactory, OID4VCEnvironmentProviderFactory, EnvironmentDependentProviderFactory, ProviderFactory<ProofValidator>

public class AttestationProofValidatorFactory extends Object implements ProofValidatorFactory

Factory for creating AttestationProofValidator instances with configurable trusted keys. Trusted keys are loaded from multiple sources with the following priority (highest to lowest):

Keys by ID from realm attribute 'oid4vc.attestation.trusted_key_ids': Keys referenced by their keyId from the realm's key providers (can include disabled keys, not exposed in well-known endpoints)
Keys from realm attribute 'oid4vc.attestation.trusted_keys': Explicit JWK JSON array
Realm session keys (default): All enabled keys from the realm's key providers (exposed in well-known endpoints)

Keys from higher priority sources take precedence when there are conflicts (same kid). This approach allows using realm keys as a default while supporting additional keys via realm attributes, including disabled keys that are not exposed in well-known endpoints.

Author:: Rodrick Awambeng

Constructor Summary

Constructors

Constructor

Description

AttestationProofValidatorFactory()
Method Summary

Modifier and Type

Method

Description

ProofValidator

create(KeycloakSession session)

String

getId()

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.protocol.oid4vc.OID4VCEnvironmentProviderFactory
isSupported

Methods inherited from interface org.keycloak.protocol.oid4vc.issuance.keybinding.ProofValidatorFactory
close, init, postInit

Methods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, order

Constructor Details
- AttestationProofValidatorFactory
  
  public AttestationProofValidatorFactory()
Method Details
- getId
  
  public String getId()
  
  Specified by:
  
  getId in interface ProviderFactory<ProofValidator>
- create
  
  public ProofValidator create(KeycloakSession session)
  
  Specified by:
  
  create in interface ProviderFactory<ProofValidator>

Class AttestationProofValidatorFactory

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.protocol.oid4vc.OID4VCEnvironmentProviderFactory

Methods inherited from interface org.keycloak.protocol.oid4vc.issuance.keybinding.ProofValidatorFactory

Methods inherited from interface org.keycloak.provider.ProviderFactory

Constructor Details

AttestationProofValidatorFactory

Method Details

getId

create