Package org.keycloak.authentication.authenticators.client

Class JWTClientAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator

org.keycloak.authentication.authenticators.client.JWTClientAuthenticator

All Implemented Interfaces:

ClientAuthenticator, ClientAuthenticatorFactory, ConfigurableAuthenticatorFactory, ConfiguredProvider, Provider, ProviderFactory<ClientAuthenticator>

public class JWTClientAuthenticator
extends AbstractClientAuthenticator

Client authentication based on JWT signed by client private key . See specs for more details. This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientCredentialsProvider

Author:

Marek Posolda

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ATTR_PREFIX
static final String	CERTIFICATE_ATTR
static final String	PROVIDER_ID

Fields inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory

REQUIREMENT_CHOICES

Constructor Summary

Constructors

Constructor	Description
JWTClientAuthenticator()

Method Summary

Modifier and Type	Method	Description
void	authenticateClient(ClientAuthenticationFlowContext context)
Map<String,Object>	getAdapterConfiguration(ClientModel client)
List<ProviderConfigProperty>	getConfigProperties()
List<ProviderConfigProperty>	getConfigPropertiesPerClient()
String	getDisplayType()
String	getHelpText()
String	getId()
Set<String>	getProtocolAuthenticatorMethods(String loginProtocol)
AuthenticationExecutionModel.Requirement[]	getRequirementChoices()
protected PublicKey	getSignatureValidationKey(ClientModel client, ClientAuthenticationFlowContext context, JWSInput jws)
boolean	isConfigurable()

Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator

close, create, create, getReferenceCategory, init, isUserSetupAllowed, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.ClientAuthenticatorFactory

supportsSecret

Methods inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory

getOptionalReferenceCategories

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, getConfigMetadata, order

Field Details

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

• Constant Field Values

ATTR_PREFIX

public static final String ATTR_PREFIX

See Also:

• Constant Field Values

CERTIFICATE_ATTR

public static final String CERTIFICATE_ATTR

See Also:

• Constant Field Values

Constructor Details

JWTClientAuthenticator

public JWTClientAuthenticator()

Method Details

authenticateClient

public void authenticateClient(ClientAuthenticationFlowContext context)

getSignatureValidationKey

protected PublicKey getSignatureValidationKey(ClientModel client,
 ClientAuthenticationFlowContext context,
 JWSInput jws)

getDisplayType

public String getDisplayType()

isConfigurable

public boolean isConfigurable()

getRequirementChoices

public AuthenticationExecutionModel.Requirement[] getRequirementChoices()

getHelpText

public String getHelpText()

getConfigProperties

public List<ProviderConfigProperty> getConfigProperties()

getConfigPropertiesPerClient

public List<ProviderConfigProperty> getConfigPropertiesPerClient()

getAdapterConfiguration

public Map<String,Object> getAdapterConfiguration(ClientModel client)

getId

public String getId()

getProtocolAuthenticatorMethods

public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)