org.keycloak.protocol.oidc.grants.IDJWTAuthorizationGrantValidator

All Implemented Interfaces:: JWTAuthorizationGrantValidator, JWTAuthorizationGrantValidationContext

public class IDJWTAuthorizationGrantValidator extends DefaultJWTAuthorizationGrantValidator

the assertion validator for Identity Assertion JWT Authorization Grant (ID-JAG). Identity Assertion JWT is a new type of JWT that can be used as an authorization grant per RFC 7523. https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/

Author:: Yutaka Obuchi

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator
clientAssertionState, currentTime, session
Method Summary

Modifier and Type

Method

Description

static IDJWTAuthorizationGrantValidator

createValidator(KeycloakSession session, String scope, ClientAssertionState clientAssertionState)

void

validateClient()

boolean

validateTokenActive(int allowedClockSkew, int maxExp, boolean reusePermitted)

Methods inherited from class org.keycloak.protocol.oidc.grants.DefaultJWTAuthorizationGrantValidator
failureCallback, getAssertion, getJWT, getRestrictedScopes, getScopeParam, setRestrictedScopes, validateIssuer, validateSubject

Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator
getClientAssertion, getJtiCacheKeyPrefix, getJws, getState, validateSignatureAlgorithm, validateTokenAudience, validateTokenReuse

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.protocol.oidc.JWTAuthorizationGrantValidationContext
getIssuer, getJws, getSubject

Methods inherited from interface org.keycloak.protocol.oidc.grants.JWTAuthorizationGrantValidator
validateSignatureAlgorithm, validateTokenAudience

Method Details
- createValidator
  
  public static IDJWTAuthorizationGrantValidator createValidator(KeycloakSession session, String scope, ClientAssertionState clientAssertionState)
- validateClient
  
  public void validateClient()
  
  Specified by:
  
  validateClient in interface JWTAuthorizationGrantValidator
  
  Overrides:
  
  validateClient in class DefaultJWTAuthorizationGrantValidator
- validateTokenActive
  
  public boolean validateTokenActive(int allowedClockSkew, int maxExp, boolean reusePermitted)
  
  Specified by:
  
  validateTokenActive in interface JWTAuthorizationGrantValidator
  
  Overrides:
  
  validateTokenActive in class AbstractBaseJWTValidator

Class IDJWTAuthorizationGrantValidator

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

Method Summary

Methods inherited from class org.keycloak.protocol.oidc.grants.DefaultJWTAuthorizationGrantValidator

Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractBaseJWTValidator

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.protocol.oidc.JWTAuthorizationGrantValidationContext

Methods inherited from interface org.keycloak.protocol.oidc.grants.JWTAuthorizationGrantValidator

Method Details

createValidator

validateClient

validateTokenActive