Package org.keycloak.broker.oidc
Class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
- java.lang.Object
-
- org.keycloak.broker.provider.AbstractIdentityProvider<C>
-
- org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<C>
-
- All Implemented Interfaces:
org.keycloak.broker.provider.ExchangeExternalToken,org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken,org.keycloak.broker.provider.IdentityProvider<C>,org.keycloak.provider.Provider
- Direct Known Subclasses:
BitbucketIdentityProvider,FacebookIdentityProvider,GitHubIdentityProvider,InstagramIdentityProvider,LinkedInIdentityProvider,MicrosoftIdentityProvider,OIDCIdentityProvider,OpenshiftV3IdentityProvider,OpenshiftV4IdentityProvider,PayPalIdentityProvider,StackoverflowIdentityProvider
public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig> extends org.keycloak.broker.provider.AbstractIdentityProvider<C> implements org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken, org.keycloak.broker.provider.ExchangeExternalToken- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected classAbstractOAuth2IdentityProvider.Endpoint
-
Field Summary
Fields Modifier and Type Field Description static StringACCESS_DENIEDstatic StringFEDERATED_REFRESH_TOKENstatic StringFEDERATED_TOKEN_EXPIRATIONprotected static org.jboss.logging.Loggerloggerprotected static com.fasterxml.jackson.databind.ObjectMappermapperstatic StringOAUTH2_GRANT_TYPE_AUTHORIZATION_CODEstatic StringOAUTH2_GRANT_TYPE_REFRESH_TOKENstatic StringOAUTH2_PARAMETER_ACCESS_TOKENstatic StringOAUTH2_PARAMETER_CLIENT_IDstatic StringOAUTH2_PARAMETER_CLIENT_SECRETstatic StringOAUTH2_PARAMETER_CODEstatic StringOAUTH2_PARAMETER_GRANT_TYPEstatic StringOAUTH2_PARAMETER_REDIRECT_URIstatic StringOAUTH2_PARAMETER_RESPONSE_TYPEstatic StringOAUTH2_PARAMETER_SCOPEstatic StringOAUTH2_PARAMETER_STATE
-
Constructor Summary
Constructors Constructor Description AbstractOAuth2IdentityProvider(org.keycloak.models.KeycloakSession session, C config)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description com.fasterxml.jackson.databind.JsonNodeasJsonNode(String json)org.keycloak.broker.provider.util.SimpleHttpauthenticateTokenRequest(org.keycloak.broker.provider.util.SimpleHttp tokenRequest)voidauthenticationFinished(org.keycloak.sessions.AuthenticationSessionModel authSession, org.keycloak.broker.provider.BrokeredIdentityContext context)protected org.keycloak.broker.provider.util.SimpleHttpbuildUserInfoRequest(String subjectToken, String userInfoUrl)Objectcallback(org.keycloak.models.RealmModel realm, org.keycloak.broker.provider.IdentityProvider.AuthenticationCallback callback, org.keycloak.events.EventBuilder event)protected javax.ws.rs.core.UriBuildercreateAuthorizationUrl(org.keycloak.broker.provider.AuthenticationRequest request)protected org.keycloak.broker.provider.BrokeredIdentityContextdoGetFederatedIdentity(String accessToken)org.keycloak.broker.provider.BrokeredIdentityContextexchangeExternal(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)voidexchangeExternalComplete(org.keycloak.models.UserSessionModel userSession, org.keycloak.broker.provider.BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)protected org.keycloak.broker.provider.BrokeredIdentityContextexchangeExternalImpl(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)protected org.keycloak.broker.provider.BrokeredIdentityContextexchangeExternalUserInfoValidationOnly(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)javax.ws.rs.core.ResponseexchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)protected javax.ws.rs.core.ResponseexchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject)protected javax.ws.rs.core.ResponseexchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject)protected org.keycloak.broker.provider.BrokeredIdentityContextextractIdentityFromProfile(org.keycloak.events.EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)protected StringextractTokenFromResponse(String response, String tokenName)protected org.keycloak.representations.JsonWebTokengenerateToken()protected StringgetAccessTokenResponseParameter()CgetConfig()protected abstract StringgetDefaultScopes()org.keycloak.broker.provider.BrokeredIdentityContextgetFederatedIdentity(String response)StringgetJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)Get JSON property as text.protected StringgetProfileEndpointForValidation(org.keycloak.events.EventBuilder event)protected org.keycloak.crypto.SignatureSignerContextgetSignatureContext()protected javax.ws.rs.core.ResponsehasExternalExchangeToken(org.keycloak.events.EventBuilder event, org.keycloak.models.UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)check to see if we have a token exchange in session in other words check to see if this session was created by an external exchangebooleanisIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)javax.ws.rs.core.ResponseperformLogin(org.keycloak.broker.provider.AuthenticationRequest request)javax.ws.rs.core.ResponseretrieveToken(org.keycloak.models.KeycloakSession session, org.keycloak.models.FederatedIdentityModel identity)protected booleansupportsExternalExchange()protected org.keycloak.broker.provider.BrokeredIdentityContextvalidateExternalTokenThroughUserInfo(org.keycloak.events.EventBuilder event, String subjectToken, String subjectTokenType)-
Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
backchannelLogout, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, keycloakInitiatedBrowserLogout, preprocessFederatedIdentity, updateBrokeredUser
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
OAUTH2_GRANT_TYPE_REFRESH_TOKEN
public static final String OAUTH2_GRANT_TYPE_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
public static final String OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
- See Also:
- Constant Field Values
-
FEDERATED_REFRESH_TOKEN
public static final String FEDERATED_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
FEDERATED_TOKEN_EXPIRATION
public static final String FEDERATED_TOKEN_EXPIRATION
- See Also:
- Constant Field Values
-
ACCESS_DENIED
public static final String ACCESS_DENIED
- See Also:
- Constant Field Values
-
mapper
protected static com.fasterxml.jackson.databind.ObjectMapper mapper
-
OAUTH2_PARAMETER_ACCESS_TOKEN
public static final String OAUTH2_PARAMETER_ACCESS_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_SCOPE
public static final String OAUTH2_PARAMETER_SCOPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_STATE
public static final String OAUTH2_PARAMETER_STATE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_RESPONSE_TYPE
public static final String OAUTH2_PARAMETER_RESPONSE_TYPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_REDIRECT_URI
public static final String OAUTH2_PARAMETER_REDIRECT_URI
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CODE
public static final String OAUTH2_PARAMETER_CODE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_ID
public static final String OAUTH2_PARAMETER_CLIENT_ID
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_SECRET
public static final String OAUTH2_PARAMETER_CLIENT_SECRET
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_GRANT_TYPE
public static final String OAUTH2_PARAMETER_GRANT_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractOAuth2IdentityProvider
public AbstractOAuth2IdentityProvider(org.keycloak.models.KeycloakSession session, C config)
-
-
Method Detail
-
callback
public Object callback(org.keycloak.models.RealmModel realm, org.keycloak.broker.provider.IdentityProvider.AuthenticationCallback callback, org.keycloak.events.EventBuilder event)
- Specified by:
callbackin interfaceorg.keycloak.broker.provider.IdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
callbackin classorg.keycloak.broker.provider.AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
performLogin
public javax.ws.rs.core.Response performLogin(org.keycloak.broker.provider.AuthenticationRequest request)
- Specified by:
performLoginin interfaceorg.keycloak.broker.provider.IdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
performLoginin classorg.keycloak.broker.provider.AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
retrieveToken
public javax.ws.rs.core.Response retrieveToken(org.keycloak.models.KeycloakSession session, org.keycloak.models.FederatedIdentityModel identity)- Specified by:
retrieveTokenin interfaceorg.keycloak.broker.provider.IdentityProvider<C extends OAuth2IdentityProviderConfig>
-
getConfig
public C getConfig()
- Overrides:
getConfigin classorg.keycloak.broker.provider.AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
extractTokenFromResponse
protected String extractTokenFromResponse(String response, String tokenName)
-
exchangeFromToken
public javax.ws.rs.core.Response exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)- Specified by:
exchangeFromTokenin interfaceorg.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken
-
hasExternalExchangeToken
protected javax.ws.rs.core.Response hasExternalExchangeToken(org.keycloak.events.EventBuilder event, org.keycloak.models.UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange- Parameters:
tokenUserSession-params-- Returns:
-
exchangeStoredToken
protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject)
-
exchangeSessionToken
protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, org.keycloak.events.EventBuilder event, org.keycloak.models.ClientModel authorizedClient, org.keycloak.models.UserSessionModel tokenUserSession, org.keycloak.models.UserModel tokenSubject)
-
getFederatedIdentity
public org.keycloak.broker.provider.BrokeredIdentityContext getFederatedIdentity(String response)
-
getAccessTokenResponseParameter
protected String getAccessTokenResponseParameter()
-
doGetFederatedIdentity
protected org.keycloak.broker.provider.BrokeredIdentityContext doGetFederatedIdentity(String accessToken)
-
createAuthorizationUrl
protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(org.keycloak.broker.provider.AuthenticationRequest request)
-
getJsonProperty
public String getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)
Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.- Parameters:
jsonNode- to get property fromname- of property to get- Returns:
- string value of the property or null.
-
asJsonNode
public com.fasterxml.jackson.databind.JsonNode asJsonNode(String json) throws IOException
- Throws:
IOException
-
getDefaultScopes
protected abstract String getDefaultScopes()
-
authenticationFinished
public void authenticationFinished(org.keycloak.sessions.AuthenticationSessionModel authSession, org.keycloak.broker.provider.BrokeredIdentityContext context)- Specified by:
authenticationFinishedin interfaceorg.keycloak.broker.provider.IdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
authenticationFinishedin classorg.keycloak.broker.provider.AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
authenticateTokenRequest
public org.keycloak.broker.provider.util.SimpleHttp authenticateTokenRequest(org.keycloak.broker.provider.util.SimpleHttp tokenRequest)
-
generateToken
protected org.keycloak.representations.JsonWebToken generateToken()
-
getSignatureContext
protected org.keycloak.crypto.SignatureSignerContext getSignatureContext()
-
getProfileEndpointForValidation
protected String getProfileEndpointForValidation(org.keycloak.events.EventBuilder event)
-
extractIdentityFromProfile
protected org.keycloak.broker.provider.BrokeredIdentityContext extractIdentityFromProfile(org.keycloak.events.EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)
-
validateExternalTokenThroughUserInfo
protected org.keycloak.broker.provider.BrokeredIdentityContext validateExternalTokenThroughUserInfo(org.keycloak.events.EventBuilder event, String subjectToken, String subjectTokenType)
-
buildUserInfoRequest
protected org.keycloak.broker.provider.util.SimpleHttp buildUserInfoRequest(String subjectToken, String userInfoUrl)
-
supportsExternalExchange
protected boolean supportsExternalExchange()
-
isIssuer
public boolean isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
isIssuerin interfaceorg.keycloak.broker.provider.ExchangeExternalToken
-
exchangeExternal
public final org.keycloak.broker.provider.BrokeredIdentityContext exchangeExternal(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)- Specified by:
exchangeExternalin interfaceorg.keycloak.broker.provider.ExchangeExternalToken
-
exchangeExternalImpl
protected org.keycloak.broker.provider.BrokeredIdentityContext exchangeExternalImpl(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalUserInfoValidationOnly
protected org.keycloak.broker.provider.BrokeredIdentityContext exchangeExternalUserInfoValidationOnly(org.keycloak.events.EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalComplete
public void exchangeExternalComplete(org.keycloak.models.UserSessionModel userSession, org.keycloak.broker.provider.BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)- Specified by:
exchangeExternalCompletein interfaceorg.keycloak.broker.provider.ExchangeExternalToken
-
-