org.keycloak.representations.oidc.TokenMetadataRepresentation

All Implemented Interfaces:: Serializable, Token

public class TokenMetadataRepresentation extends AccessToken

Author:

Pedro Igor

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.representations.AccessToken
AccessToken.Access, AccessToken.Authorization, AccessToken.Confirmation
Field Summary

Fields inherited from class org.keycloak.representations.AccessToken
allowedOrigins, authorization, authorizationDetails, confirmation, realmAccess, resourceAccess, scope, trustedCertificates

Fields inherited from class org.keycloak.representations.IDToken
accessTokenHash, acr, ACR, ADDRESS, AT_HASH, auth_time, AUTH_TIME, birthdate, BIRTHDATE, C_HASH, CLAIMS_LOCALES, claimsLocales, codeHash, email, EMAIL, EMAIL_VERIFIED, emailVerified, FAMILY_NAME, familyName, gender, GENDER, GIVEN_NAME, givenName, locale, LOCALE, MIDDLE_NAME, middleName, name, NAME, nickName, NICKNAME, nonce, NONCE, PHONE_NUMBER, PHONE_NUMBER_VERIFIED, phoneNumber, phoneNumberVerified, picture, PICTURE, PREFERRED_USERNAME, preferredUsername, profile, PROFILE, S_HASH, SESSION_ID, SESSION_STATE, sessionId, stateHash, UPDATED_AT, updatedAt, website, WEBSITE, zoneinfo, ZONEINFO

Fields inherited from class org.keycloak.representations.JsonWebToken
AUD, audience, AZP, exp, iat, id, issuedFor, issuer, nbf, otherClaims, subject, SUBJECT, type
Constructor Summary

Constructors

Constructor

Description

TokenMetadataRepresentation()
Method Summary

Modifier and Type

Method

Description

String

getClientId()

String

getUserName()

boolean

isActive()

Tests that the token is not expired and is not-before.

void

setActive(boolean active)

void

setClientId(String clientId)

void

setUserName(String userName)

Methods inherited from class org.keycloak.representations.AccessToken
addAccess, getAllowedOrigins, getAuthorization, getAuthorizationDetails, getCategory, getConfirmation, getRealmAccess, getResourceAccess, getResourceAccess, getScope, getTrustedCertificates, id, issuedFor, issuer, isVerifyCaller, isVerifyCaller, setAllowedOrigins, setAuthorization, setAuthorizationDetails, setConfirmation, setRealmAccess, setResourceAccess, setScope, setTrustedCertificates, subject, type

Methods inherited from class org.keycloak.representations.IDToken
getAccessTokenHash, getAcr, getAddress, getAddressClaimsMap, getAuth_time, getBirthdate, getClaimsLocales, getCodeHash, getEmail, getEmailVerified, getFamilyName, getGender, getGivenName, getLocale, getMiddleName, getName, getNickName, getNonce, getPhoneNumber, getPhoneNumberVerified, getPicture, getPreferredUsername, getProfile, getSessionId, getSessionState, getStateHash, getUpdatedAt, getWebsite, getZoneinfo, setAccessTokenHash, setAcr, setAddress, setAddress, setAuth_time, setBirthdate, setClaimsLocales, setCodeHash, setEmail, setEmailVerified, setFamilyName, setGender, setGivenName, setLocale, setMiddleName, setName, setNickName, setNonce, setPhoneNumber, setPhoneNumberVerified, setPicture, setPreferredUsername, setProfile, setSessionId, setStateHash, setUpdatedAt, setWebsite, setZoneinfo

Methods inherited from class org.keycloak.representations.JsonWebToken
addAudience, audience, equals, exp, getAudience, getExp, getIat, getId, getIssuedFor, getIssuer, getNbf, getOtherClaims, getSubject, getType, hasAnyAudience, hasAudience, hashCode, iat, isActive, isExpired, isIssuedBeforeSessionStart, isNotBefore, issuedNow, nbf, setOtherClaims, setSubject, toString

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details
- TokenMetadataRepresentation
  
  public TokenMetadataRepresentation()
Method Details
- isActive
  
  public boolean isActive()
  
  Description copied from class: JsonWebToken
  
  Tests that the token is not expired and is not-before. This assumes a default clock-skew for the "is not before" of 10 seconds which is in line FAPI 2.0. See FAPI 2.0 Security Profile:
  Clock skew is a cause of many interoperability issues. Even a few hundred milliseconds of clock skew can cause JWTs to be rejected for being "issued in the future". The DPoP specification [RFC9449] suggests that JWTs are accepted in the reasonably near future (on the order of seconds or minutes). This document goes further by requiring authorization servers to accept JWTs that have timestamps up to 10 seconds in the future. 10 seconds was chosen as a value that does not affect security while greatly increasing interoperability. Implementers are free to accept JWTs with a timestamp of up to 60 seconds in the future. Some ecosystems have found that the value of 30 seconds is needed to fully eliminate clock skew issues. To prevent implementations switching off iat and nbf checks completely this document imposes a maximum timestamp in the future of 60 seconds.
  
  Overrides:
  
  isActive in class JsonWebToken
- setActive
  
  public void setActive(boolean active)
- getUserName
  
  public String getUserName()
- setUserName
  
  public void setUserName(String userName)
- getClientId
  
  public String getClientId()
- setClientId
  
  public void setClientId(String clientId)

Class TokenMetadataRepresentation

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.representations.AccessToken

Field Summary

Fields inherited from class org.keycloak.representations.AccessToken

Fields inherited from class org.keycloak.representations.IDToken

Fields inherited from class org.keycloak.representations.JsonWebToken

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.representations.AccessToken

Methods inherited from class org.keycloak.representations.IDToken

Methods inherited from class org.keycloak.representations.JsonWebToken

Methods inherited from class java.lang.Object

Constructor Details

TokenMetadataRepresentation

Method Details

isActive

setActive

getUserName

setUserName

getClientId

setClientId