Package org.keycloak.protocol.oidc.tokenexchange

Class V1TokenExchangeProvider

java.lang.Object

org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

org.keycloak.protocol.oidc.tokenexchange.V1TokenExchangeProvider

All Implemented Interfaces:

TokenExchangeProvider, Provider

Direct Known Subclasses:

ExternalToInternalTokenExchangeProvider

public class V1TokenExchangeProvider
extends AbstractTokenExchangeProvider

V1 token exchange provider. Supports all token exchange types (standard, federated, subject impersonation)

Author:

Dmitry Telegin

Field Summary

Fields inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

client, clientAuthAttributes, clientConnection, context, cors, event, formParams, headers, params, realm, session, tokenManager

Constructor Summary

Constructors

Constructor	Description
V1TokenExchangeProvider()

Method Summary

Modifier and Type	Method	Description
protected jakarta.ws.rs.core.Response	exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken)
protected jakarta.ws.rs.core.Response	exchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients)
protected String	getRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients)
protected String	getRequestedTokenType()
protected List<String>	getSupportedOAuthResponseTokenTypes()
protected ClientModel	getTargetClient(List<ClientModel> targetAudienceClients)
int	getVersion()
protected void	setClientToContext(List<ClientModel> targetAudienceClients)
boolean	supports(TokenExchangeContext context)	Check if exchange request is supported by this provider
protected jakarta.ws.rs.core.Response	tokenExchange()
protected void	validateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients)

Methods inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

close, createSessionModel, exchange, exchangeClientToClient, exchangeExternalToken, exchangeToIdentityProvider, forbiddenIfClientIsNotTokenHolder, forbiddenIfClientIsNotWithinTokenAudience, getSubjectIssuer, getTargetAudienceClients, importUserFromExternalIdentity, isExternalInternalTokenExchangeRequest, updateUserSessionFromClientAuth

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

V1TokenExchangeProvider

public V1TokenExchangeProvider()

Method Details

getVersion

public int getVersion()

Returns:

version of the token-exchange provider. Could be useful by various components (like for example identity-providers), which need to interact with the token-exchange provider to doublecheck if it should have a "legacy" behaviour (for older version of token-exchange provider) or a "new" behaviour

supports

public boolean supports(TokenExchangeContext context)

Description copied from interface: TokenExchangeProvider

Check if exchange request is supported by this provider

Parameters:

context - token exchange context

Returns:

true if the request is supported

tokenExchange

protected jakarta.ws.rs.core.Response tokenExchange()

Specified by:

tokenExchange in class AbstractTokenExchangeProvider

getRequestedTokenType

protected String getRequestedTokenType()

Specified by:

getRequestedTokenType in class AbstractTokenExchangeProvider

validateAudience

protected void validateAudience(AccessToken token,
 boolean disallowOnHolderOfTokenMismatch,
 List<ClientModel> targetAudienceClients)

Specified by:

validateAudience in class AbstractTokenExchangeProvider

getSupportedOAuthResponseTokenTypes

protected List<String> getSupportedOAuthResponseTokenTypes()

Specified by:

getSupportedOAuthResponseTokenTypes in class AbstractTokenExchangeProvider

getRequestedScope

protected String getRequestedScope(AccessToken token,
 List<ClientModel> targetAudienceClients)

Specified by:

getRequestedScope in class AbstractTokenExchangeProvider

setClientToContext

protected void setClientToContext(List<ClientModel> targetAudienceClients)

Overrides:

setClientToContext in class AbstractTokenExchangeProvider

getTargetClient

protected ClientModel getTargetClient(List<ClientModel> targetAudienceClients)

exchangeClientToOIDCClient

protected jakarta.ws.rs.core.Response exchangeClientToOIDCClient(UserModel targetUser,
 UserSessionModel targetUserSession,
 String requestedTokenType,
 List<ClientModel> targetAudienceClients,
 String scope,
 AccessToken subjectToken)

Specified by:

exchangeClientToOIDCClient in class AbstractTokenExchangeProvider

exchangeClientToSAML2Client

protected jakarta.ws.rs.core.Response exchangeClientToSAML2Client(UserModel targetUser,
 UserSessionModel targetUserSession,
 String requestedTokenType,
 List<ClientModel> targetAudienceClients)

Specified by:

exchangeClientToSAML2Client in class AbstractTokenExchangeProvider