java.lang.Object

org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

org.keycloak.protocol.oidc.tokenexchange.StandardTokenExchangeProvider

All Implemented Interfaces:: TokenExchangeProvider, Provider

public class StandardTokenExchangeProvider extends AbstractTokenExchangeProvider

Provider for internal-internal token exchange, which is compliant with the token exchange specification https://datatracker.ietf.org/doc/html/rfc8693

Author:: Marek Posolda

Field Summary

Fields inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
client, clientAuthAttributes, clientConnection, context, cors, event, formParams, headers, params, realm, session, tokenManager
Constructor Summary

Constructors

Constructor

Description

StandardTokenExchangeProvider()
Method Summary

Modifier and Type

Method

Description

protected void

checkRequestedAudiences(TokenManager.AccessTokenResponseBuilder responseBuilder)

protected jakarta.ws.rs.core.Response

exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken)

protected jakarta.ws.rs.core.Response

exchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients)

protected String

getRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients)

protected String

getRequestedTokenType()

protected List<String>

getSupportedOAuthResponseTokenTypes()

int

getVersion()

boolean

supports(TokenExchangeContext context)

protected jakarta.ws.rs.core.Response

tokenExchange()

protected void

validateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients)

protected void

validateConsents(UserModel targetUser, ClientSessionContext clientSessionCtx)

Methods inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider
close, createSessionModel, exchange, exchangeClientToClient, exchangeExternalToken, exchangeToIdentityProvider, forbiddenIfClientIsNotTokenHolder, forbiddenIfClientIsNotWithinTokenAudience, getSubjectIssuer, getTargetAudienceClients, importUserFromExternalIdentity, isExternalInternalTokenExchangeRequest, setClientToContext, updateUserSessionFromClientAuth

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- StandardTokenExchangeProvider
  
  public StandardTokenExchangeProvider()
Method Details
- getVersion
  
  public int getVersion()
- supports
  
  public boolean supports(TokenExchangeContext context)
- tokenExchange
  
  protected jakarta.ws.rs.core.Response tokenExchange()
  
  Specified by:
  
  tokenExchange in class AbstractTokenExchangeProvider
- validateAudience
  
  protected void validateAudience(AccessToken token, boolean disallowOnHolderOfTokenMismatch, List<ClientModel> targetAudienceClients)
  
  Specified by:
  
  validateAudience in class AbstractTokenExchangeProvider
- validateConsents
  
  protected void validateConsents(UserModel targetUser, ClientSessionContext clientSessionCtx)
- getRequestedScope
  
  protected String getRequestedScope(AccessToken token, List<ClientModel> targetAudienceClients)
  
  Specified by:
  
  getRequestedScope in class AbstractTokenExchangeProvider
- exchangeClientToOIDCClient
  
  protected jakarta.ws.rs.core.Response exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients, String scope, AccessToken subjectToken)
  
  Specified by:
  
  exchangeClientToOIDCClient in class AbstractTokenExchangeProvider
- exchangeClientToSAML2Client
  
  protected jakarta.ws.rs.core.Response exchangeClientToSAML2Client(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, List<ClientModel> targetAudienceClients)
  
  Specified by:
  
  exchangeClientToSAML2Client in class AbstractTokenExchangeProvider
- checkRequestedAudiences
  
  protected void checkRequestedAudiences(TokenManager.AccessTokenResponseBuilder responseBuilder)
- getSupportedOAuthResponseTokenTypes
  
  protected List<String> getSupportedOAuthResponseTokenTypes()
  
  Specified by:
  
  getSupportedOAuthResponseTokenTypes in class AbstractTokenExchangeProvider
- getRequestedTokenType
  
  protected String getRequestedTokenType()
  
  Specified by:
  
  getRequestedTokenType in class AbstractTokenExchangeProvider

Class StandardTokenExchangeProvider

Field Summary

Fields inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.protocol.oidc.tokenexchange.AbstractTokenExchangeProvider

Methods inherited from class java.lang.Object

Constructor Details

StandardTokenExchangeProvider

Method Details

getVersion

supports

tokenExchange

validateAudience

validateConsents

getRequestedScope

exchangeClientToOIDCClient

exchangeClientToSAML2Client

checkRequestedAudiences

getSupportedOAuthResponseTokenTypes

getRequestedTokenType