public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig> implements ExchangeExternalToken
| Modifier and Type | Class and Description |
|---|---|
protected class |
OIDCIdentityProvider.OIDCEndpoint |
AbstractOAuth2IdentityProvider.EndpointIdentityProvider.AuthenticationCallback| Modifier and Type | Field and Description |
|---|---|
static String |
ACCESS_TOKEN_EXPIRATION |
static String |
EXCHANGE_PROVIDER |
static String |
FEDERATED_ACCESS_TOKEN_RESPONSE |
static String |
FEDERATED_ID_TOKEN |
protected static org.jboss.logging.Logger |
logger |
static String |
SCOPE_OPENID |
static String |
USER_INFO |
static String |
VALIDATED_ID_TOKEN |
ACCESS_DENIED, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATEACCOUNT_LINK_URL, sessionEXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN| Constructor and Description |
|---|
OIDCIdentityProvider(KeycloakSession session,
OIDCIdentityProviderConfig config) |
| Modifier and Type | Method and Description |
|---|---|
void |
authenticationFinished(AuthenticationSessionModel authSession,
BrokeredIdentityContext context) |
void |
backchannelLogout(KeycloakSession session,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
RealmModel realm) |
protected void |
backchannelLogout(UserSessionModel userSession,
String idToken) |
Object |
callback(RealmModel realm,
IdentityProvider.AuthenticationCallback callback,
EventBuilder event)
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
|
protected javax.ws.rs.core.UriBuilder |
createAuthorizationUrl(AuthenticationRequest request) |
protected BrokeredIdentityContext |
exchangeExternalImpl(EventBuilder event,
javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected javax.ws.rs.core.Response |
exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject) |
protected javax.ws.rs.core.Response |
exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject) |
protected BrokeredIdentityContext |
extractIdentity(AccessTokenResponse tokenResponse,
String accessToken,
JsonWebToken idToken) |
protected BrokeredIdentityContext |
extractIdentityFromProfile(EventBuilder event,
com.fasterxml.jackson.databind.JsonNode userInfo) |
protected String |
getDefaultScopes() |
BrokeredIdentityContext |
getFederatedIdentity(String response) |
protected String |
getProfileEndpointForValidation(EventBuilder event) |
protected SimpleHttp |
getRefreshTokenRequest(KeycloakSession session,
String refreshToken,
String clientId,
String clientSecret) |
protected String |
getUserInfoUrl() |
protected String |
getusernameClaimNameForIdToken() |
protected String |
getUsernameFromUserInfo(com.fasterxml.jackson.databind.JsonNode userInfo) |
boolean |
isIssuer(String issuer,
javax.ws.rs.core.MultivaluedMap<String,String> params) |
javax.ws.rs.core.Response |
keycloakInitiatedBrowserLogout(KeycloakSession session,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
RealmModel realm)
Called when a Keycloak application initiates a logout through the browser.
|
void |
preprocessFederatedIdentity(KeycloakSession session,
RealmModel realm,
BrokeredIdentityContext context) |
protected void |
processAccessTokenResponse(BrokeredIdentityContext context,
AccessTokenResponse response) |
String |
refreshTokenForLogout(KeycloakSession session,
UserSessionModel userSession)
Returns access token response as a string from a refresh token invocation on the remote OIDC broker
|
protected boolean |
supportsExternalExchange() |
protected BrokeredIdentityContext |
validateJwt(EventBuilder event,
String subjectToken,
String subjectTokenType) |
JsonWebToken |
validateToken(String encodedToken) |
protected JsonWebToken |
validateToken(String encodedToken,
boolean ignoreAudience) |
protected boolean |
verify(JWSInput jws) |
asJsonNode, authenticateTokenRequest, buildUserInfoRequest, doGetFederatedIdentity, exchangeExternal, exchangeExternalComplete, exchangeExternalUserInfoValidationOnly, exchangeFromToken, extractTokenFromResponse, generateToken, getAccessTokenResponseParameter, getConfig, getJsonProperty, getSignatureContext, hasExternalExchangeToken, performLogin, retrieveToken, validateExternalTokenThroughUserInfoclose, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, updateBrokeredUserclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitexchangeExternal, exchangeExternalCompleteprotected static final org.jboss.logging.Logger logger
public static final String SCOPE_OPENID
public static final String FEDERATED_ID_TOKEN
public static final String USER_INFO
public static final String FEDERATED_ACCESS_TOKEN_RESPONSE
public static final String VALIDATED_ID_TOKEN
public static final String ACCESS_TOKEN_EXPIRATION
public static final String EXCHANGE_PROVIDER
public OIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
IdentityProvidercallback in interface IdentityProvider<OIDCIdentityProviderConfig>callback in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>public String refreshTokenForLogout(KeycloakSession session, UserSessionModel userSession)
session - userSession - public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
backchannelLogout in interface IdentityProvider<OIDCIdentityProviderConfig>backchannelLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>protected void backchannelLogout(UserSessionModel userSession, String idToken)
public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
IdentityProviderkeycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>keycloakInitiatedBrowserLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject)
exchangeStoredToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response)
protected SimpleHttp getRefreshTokenRequest(KeycloakSession session, String refreshToken, String clientId, String clientSecret)
protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event,
ClientModel authorizedClient,
UserSessionModel tokenUserSession,
UserModel tokenSubject)
exchangeSessionToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>public BrokeredIdentityContext getFederatedIdentity(String response)
getFederatedIdentity in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken) throws IOException
IOExceptionprotected String getusernameClaimNameForIdToken()
protected String getUserInfoUrl()
protected boolean verify(JWSInput jws)
public JsonWebToken validateToken(String encodedToken)
protected JsonWebToken validateToken(String encodedToken, boolean ignoreAudience)
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
authenticationFinished in interface IdentityProvider<OIDCIdentityProviderConfig>authenticationFinished in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected String getDefaultScopes()
getDefaultScopes in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>public boolean isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
isIssuer in interface ExchangeExternalTokenisIssuer in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected boolean supportsExternalExchange()
supportsExternalExchange in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected String getProfileEndpointForValidation(EventBuilder event)
getProfileEndpointForValidation in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode userInfo)
extractIdentityFromProfile in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected String getUsernameFromUserInfo(com.fasterxml.jackson.databind.JsonNode userInfo)
protected final BrokeredIdentityContext validateJwt(EventBuilder event, String subjectToken, String subjectTokenType)
protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
exchangeExternalImpl in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)
createAuthorizationUrl in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
preprocessFederatedIdentity in interface IdentityProvider<OIDCIdentityProviderConfig>preprocessFederatedIdentity in class AbstractIdentityProvider<OIDCIdentityProviderConfig>Copyright © 2021 JBoss by Red Hat. All rights reserved.