org.keycloak.broker.oidc

Class OIDCIdentityProvider

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProvider<C>

org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

org.keycloak.broker.oidc.OIDCIdentityProvider

All Implemented Interfaces:

IdentityProvider<OIDCIdentityProviderConfig>, Provider

Direct Known Subclasses:

GoogleIdentityProvider, KeycloakOIDCIdentityProvider

public class OIDCIdentityProvider
extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Author:

Pedro Igor

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	OIDCIdentityProvider.OIDCEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

AbstractOAuth2IdentityProvider.Endpoint

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

IdentityProvider.AuthenticationCallback

Field Summary

Fields

Modifier and Type	Field and Description
static String	FEDERATED_ACCESS_TOKEN_RESPONSE
static String	FEDERATED_ID_TOKEN
protected static org.jboss.logging.Logger	logger
static String	OAUTH2_PARAMETER_PROMPT
static String	SCOPE_OPENID
static String	USER_INFO
static String	VALIDATED_ID_TOKEN

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

ACCESS_DENIED, FEDERATED_ACCESS_TOKEN, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

session

Constructor Summary

Constructors

Constructor and Description
OIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)

Method Summary

Modifier and Type	Method and Description
void	attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context)
void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
protected void	backchannelLogout(UserSessionModel userSession, String idToken)
Object	callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
protected javax.ws.rs.core.UriBuilder	createAuthorizationUrl(AuthenticationRequest request)
protected String	getDefaultScopes()
BrokeredIdentityContext	getFederatedIdentity(String response)
protected String	getUserInfoUrl()
javax.ws.rs.core.Response	keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)
protected void	processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response)
String	refreshToken(KeycloakSession session, UserSessionModel userSession) Returns access token response as a string from a refresh token invocation on the remote OIDC broker
protected JsonWebToken	validateToken(String encodedToken)
protected boolean	verify(JWSInput jws)

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

asJsonNode, doGetFederatedIdentity, extractTokenFromResponse, getConfig, getJsonProperty, performLogin, retrieveToken

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

close, export, getMarshaller, importNewUser, preprocessFederatedIdentity, updateBrokeredUser

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

OAUTH2_PARAMETER_PROMPT

public static final String OAUTH2_PARAMETER_PROMPT

See Also:

Constant Field Values

SCOPE_OPENID

public static final String SCOPE_OPENID

See Also:

Constant Field Values

FEDERATED_ID_TOKEN

public static final String FEDERATED_ID_TOKEN

See Also:

Constant Field Values

USER_INFO

public static final String USER_INFO

See Also:

Constant Field Values

FEDERATED_ACCESS_TOKEN_RESPONSE

public static final String FEDERATED_ACCESS_TOKEN_RESPONSE

See Also:

Constant Field Values

VALIDATED_ID_TOKEN

public static final String VALIDATED_ID_TOKEN

See Also:

Constant Field Values

Constructor Detail

OIDCIdentityProvider

public OIDCIdentityProvider(KeycloakSession session,
                            OIDCIdentityProviderConfig config)

Method Detail

callback

public Object callback(RealmModel realm,
                       IdentityProvider.AuthenticationCallback callback,
                       EventBuilder event)

Specified by:

callback in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

callback in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

backchannelLogout

public void backchannelLogout(KeycloakSession session,
                              UserSessionModel userSession,
                              javax.ws.rs.core.UriInfo uriInfo,
                              RealmModel realm)

Specified by:

backchannelLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

backchannelLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

backchannelLogout

protected void backchannelLogout(UserSessionModel userSession,
                                 String idToken)

keycloakInitiatedBrowserLogout

public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
                                                                UserSessionModel userSession,
                                                                javax.ws.rs.core.UriInfo uriInfo,
                                                                RealmModel realm)

Specified by:

keycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

keycloakInitiatedBrowserLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

refreshToken

public String refreshToken(KeycloakSession session,
                           UserSessionModel userSession)

Returns access token response as a string from a refresh token invocation on the remote OIDC broker

Parameters:

session -

userSession -

Returns:

createAuthorizationUrl

protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)

Overrides:

createAuthorizationUrl in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

processAccessTokenResponse

protected void processAccessTokenResponse(BrokeredIdentityContext context,
                                          AccessTokenResponse response)

getFederatedIdentity

public BrokeredIdentityContext getFederatedIdentity(String response)

Overrides:

getFederatedIdentity in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

getUserInfoUrl

protected String getUserInfoUrl()

verify

protected boolean verify(JWSInput jws)

validateToken

protected JsonWebToken validateToken(String encodedToken)

attachUserSession

public void attachUserSession(UserSessionModel userSession,
                              ClientSessionModel clientSession,
                              BrokeredIdentityContext context)

Specified by:

attachUserSession in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

attachUserSession in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

getDefaultScopes

protected String getDefaultScopes()

Specified by:

getDefaultScopes in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>