Package org.keycloak.protocol.oidc.grants

Class DefaultJWTAuthorizationGrantValidator

java.lang.Object

org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

org.keycloak.protocol.oidc.grants.DefaultJWTAuthorizationGrantValidator

All Implemented Interfaces:

JWTAuthorizationGrantValidator, JWTAuthorizationGrantValidationContext

Direct Known Subclasses:

IDJWTAuthorizationGrantValidator

public class DefaultJWTAuthorizationGrantValidator
extends AbstractBaseJWTValidator
implements JWTAuthorizationGrantValidator

the default assertion validator for JWT Authorization grant that extends AbstractBaseJWTValidator and implements the JWTAuthorizationGrantValidator interface, which extends the JWTAuthorizationGrantValidationContext interface.

Author:

rmartinc

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

clientAssertionState, currentTime, session

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	DefaultJWTAuthorizationGrantValidator(KeycloakSession session, String scope, ClientAssertionState clientAssertionState)

Method Summary

Modifier and Type	Method	Description
static DefaultJWTAuthorizationGrantValidator	createValidator(KeycloakSession session, String scope, ClientAssertionState clientAssertionState)
protected void	failureCallback(String errorDescription)
String	getAssertion()
JsonWebToken	getJWT()
Set<String>	getRestrictedScopes()
String	getScopeParam()
void	setRestrictedScopes(Set<String> restrictedScopes)
void	validateClient()
void	validateIssuer()
void	validateSubject()

Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

getClientAssertion, getJtiCacheKeyPrefix, getJws, getState, validateSignatureAlgorithm, validateTokenActive, validateTokenAudience, validateTokenReuse

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.protocol.oidc.JWTAuthorizationGrantValidationContext

getIssuer, getJws, getSubject

Methods inherited from interface org.keycloak.protocol.oidc.grants.JWTAuthorizationGrantValidator

validateSignatureAlgorithm, validateTokenActive, validateTokenAudience

Constructor Details

DefaultJWTAuthorizationGrantValidator

protected DefaultJWTAuthorizationGrantValidator(KeycloakSession session,
 String scope,
 ClientAssertionState clientAssertionState)

Method Details

createValidator

public static DefaultJWTAuthorizationGrantValidator createValidator(KeycloakSession session,
 String scope,
 ClientAssertionState clientAssertionState)

validateClient

public void validateClient()

Specified by:

validateClient in interface JWTAuthorizationGrantValidator

validateIssuer

public void validateIssuer()

Specified by:

validateIssuer in interface JWTAuthorizationGrantValidator

validateSubject

public void validateSubject()

Specified by:

validateSubject in interface JWTAuthorizationGrantValidator

getJWT

public JsonWebToken getJWT()

Specified by:

getJWT in interface JWTAuthorizationGrantValidationContext

getAssertion

public String getAssertion()

Specified by:

getAssertion in interface JWTAuthorizationGrantValidationContext

getScopeParam

public String getScopeParam()

Specified by:

getScopeParam in interface JWTAuthorizationGrantValidationContext

getRestrictedScopes

public Set<String> getRestrictedScopes()

Specified by:

getRestrictedScopes in interface JWTAuthorizationGrantValidationContext

setRestrictedScopes

public void setRestrictedScopes(Set<String> restrictedScopes)

Specified by:

setRestrictedScopes in interface JWTAuthorizationGrantValidationContext

failureCallback

protected void failureCallback(String errorDescription)

Specified by:

failureCallback in class AbstractBaseJWTValidator