Package org.keycloak.protocol.oidc.rar

Interface AuthorizationDetailsProcessor<ADR extends AuthorizationDetailsJSONRepresentation>

All Superinterfaces:
Provider
All Known Implementing Classes:
OID4VCAuthorizationDetailsProcessor
public interface AuthorizationDetailsProcessor<ADR extends AuthorizationDetailsJSONRepresentation> extends Provider
Provider interface for processing authorization_details parameter in OAuth2/OIDC authorization and token requests. This follows the RAR (Rich Authorization Requests) specification and allows different implementations to handle various types of authorization details. The authorization_details parameter can be used in both authorization requests and token requests (as specified for example in the OpenID for Verifiable Credential Issuance specification).
Author:
Forkim Akwichek

  • Method Details

    • isSupported

      boolean isSupported()
      Checks if this processor should be regarded as supported in the running context.

    • getSupportedType

      String getSupportedType()
      Returns:
      supported type of authorization_details "type" claim, which this processor is able to process. This should usually correspond with the "providerId" of the AuthorizationDetailsProcessorFactory, which created this processor

    • getSupportedResponseJavaType

      Class<ADR> getSupportedResponseJavaType()
      Returns:
      supported Java type of AuthorizationDetailsJSONRepresentation subclass, which this processor can create in the token response

    • process

      ADR process(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation authorizationDetailsMember) throws InvalidAuthorizationDetailsException
      Processes the authorization_details parameter and returns a response if this processor is able to handle the given authorization_details parameter.
      Parameters:
      userSession - the user session
      clientSessionCtx - the client session context
      authorizationDetailsMember - the authorization_details member (usually one member from the list) sent in the "authorization_details" request parameter
      Returns:
      authorization details response if this processor can handle the parameter, null if the parameter is incompatible with this processor
      Throws:
      InvalidAuthorizationDetailsException

    • handleMissingAuthorizationDetails

      List<ADR> handleMissingAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx) throws InvalidAuthorizationDetailsException
      Method is invoked in cases when authorization_details parameter is missing in the request. It allows processor to generate authorization details response in such a case
      Parameters:
      userSession - the user session
      clientSessionCtx - the client session context
      Returns:
      authorization details response if this processor can handle current request in case that authorization_details parameter was not provided
      Throws:
      InvalidAuthorizationDetailsException

    • processStoredAuthorizationDetails

      ADR processStoredAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx, AuthorizationDetailsJSONRepresentation storedAuthDetailsMember) throws InvalidAuthorizationDetailsException
      Method is invoked when authorization_details was used in the authorization request but is missing from the token request. This method should process the stored authorization_details and ensure they are returned in the token response.
      Parameters:
      userSession - the user session
      clientSessionCtx - the client session context
      storedAuthDetailsMember - the parsed member (usually one member of the list) from the authorization_details parameter that were stored during the authorization request
      Returns:
      authorization details response if this processor can handle the stored authorization_details, null if the processor cannot handle the stored authorization_details
      Throws:
      InvalidAuthorizationDetailsException

    • getSupportedAuthorizationDetails

      default List<ADR> getSupportedAuthorizationDetails(List<AuthorizationDetailsJSONRepresentation> authzDetailsResponse)
      Parameters:
      authzDetailsResponse - all the authorizationDetails. May contain also authorizationDetails entries, with different "type" than the type understandable by this processor
      Returns:
      sublist of the list provided by "authDetailsResponse" parameter, which will contain just the authorizationDetails of the corresponding type of this processor.