org.keycloak.broker.oidc

Class OIDCIdentityProvider

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProvider<C>

org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

org.keycloak.broker.oidc.OIDCIdentityProvider

All Implemented Interfaces:

IdentityProvider<OIDCIdentityProviderConfig>, Provider

Direct Known Subclasses:

GoogleIdentityProvider, KeycloakOIDCIdentityProvider

public class OIDCIdentityProvider
extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Author:

Pedro Igor

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	OIDCIdentityProvider.OIDCEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

AbstractOAuth2IdentityProvider.Endpoint

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

IdentityProvider.AuthenticationCallback

Field Summary

Fields

Modifier and Type	Field and Description
static String	FEDERATED_ID_TOKEN
protected static org.jboss.logging.Logger	logger
static String	OAUTH2_PARAMETER_PROMPT
static String	SCOPE_OPENID

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

FEDERATED_ACCESS_TOKEN, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Constructor Summary

Constructors

Constructor and Description
OIDCIdentityProvider(OIDCIdentityProviderConfig config)

Method Summary

Methods

Modifier and Type	Method and Description
Object	callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
protected javax.ws.rs.core.UriBuilder	createAuthorizationUrl(AuthenticationRequest request)
protected String	getDefaultScopes()
protected PublicKey	getExternalIdpKey()
protected FederatedIdentity	getFederatedIdentity(Map<String,String> notes, String response)
javax.ws.rs.core.Response	keycloakInitiatedBrowserLogout(UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm) Called when a Keycloak application initiates a logout through the browser.
protected boolean	verify(JWSInput jws, PublicKey key)

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

asJsonNode, doGetFederatedIdentity, extractTokenFromResponse, getConfig, getJsonProperty, handleRequest, retrieveToken

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

close, export

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

OAUTH2_PARAMETER_PROMPT

public static final String OAUTH2_PARAMETER_PROMPT

See Also:

Constant Field Values

SCOPE_OPENID

public static final String SCOPE_OPENID

See Also:

Constant Field Values

FEDERATED_ID_TOKEN

public static final String FEDERATED_ID_TOKEN

See Also:

Constant Field Values

Constructor Detail

OIDCIdentityProvider

public OIDCIdentityProvider(OIDCIdentityProviderConfig config)

Method Detail

callback

public Object callback(RealmModel realm,
              IdentityProvider.AuthenticationCallback callback,
              EventBuilder event)

Description copied from interface: IdentityProvider

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

Specified by:

callback in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

callback in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Returns:

getExternalIdpKey

protected PublicKey getExternalIdpKey()

verify

protected boolean verify(JWSInput jws,
             PublicKey key)

keycloakInitiatedBrowserLogout

public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(UserSessionModel userSession,
                                                       javax.ws.rs.core.UriInfo uriInfo,
                                                       RealmModel realm)

Description copied from interface: IdentityProvider

Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP

Specified by:

keycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

keycloakInitiatedBrowserLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

Returns:

null if this is not supported by this provider

createAuthorizationUrl

protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)

Overrides:

createAuthorizationUrl in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

getFederatedIdentity

protected FederatedIdentity getFederatedIdentity(Map<String,String> notes,
                                     String response)

Overrides:

getFederatedIdentity in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

getDefaultScopes

protected String getDefaultScopes()

Specified by:

getDefaultScopes in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>