Package org.keycloak.authentication.authenticators.client

Class JWTClientSecretAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator

org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator

All Implemented Interfaces:

ClientAuthenticator, ClientAuthenticatorFactory, ConfigurableAuthenticatorFactory, ConfiguredPerClientProvider, ConfiguredProvider, Provider, ProviderFactory<ClientAuthenticator>

public class JWTClientSecretAuthenticator
extends AbstractClientAuthenticator

Client authentication based on JWT signed by client secret instead of private key . See specs for more details.

This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientSecretCredentialsProvider

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PROVIDER_ID

Fields inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory

REQUIREMENT_CHOICES

Constructor Summary

Constructors

Constructor	Description
JWTClientSecretAuthenticator()

Method Summary

Modifier and Type	Method	Description
void	authenticateClient(ClientAuthenticationFlowContext context)
Map<String,Object>	getAdapterConfiguration(ClientModel client)
List<ProviderConfigProperty>	getConfigProperties()
List<ProviderConfigProperty>	getConfigPropertiesPerClient()
String	getDisplayType()
String	getHelpText()
String	getId()
Set<String>	getProtocolAuthenticatorMethods(String loginProtocol)
AuthenticationExecutionModel.Requirement[]	getRequirementChoices()
boolean	isConfigurable()
boolean	supportsSecret()
boolean	verifySignature(AbstractJWTClientValidator validator)

Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator

close, create, create, getReferenceCategory, init, isUserSetupAllowed, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory

getOptionalReferenceCategories

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig

Methods inherited from interface org.keycloak.provider.ProviderFactory

dependsOn, getConfigMetadata, order

Field Details

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

• Constant Field Values

Constructor Details

JWTClientSecretAuthenticator

public JWTClientSecretAuthenticator()

Method Details

authenticateClient

public void authenticateClient(ClientAuthenticationFlowContext context)

verifySignature

public boolean verifySignature(AbstractJWTClientValidator validator)

isConfigurable

public boolean isConfigurable()

getConfigPropertiesPerClient

public List<ProviderConfigProperty> getConfigPropertiesPerClient()

getAdapterConfiguration

public Map<String,Object> getAdapterConfiguration(ClientModel client)

getProtocolAuthenticatorMethods

public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)

supportsSecret

public boolean supportsSecret()

getId

public String getId()

getDisplayType

public String getDisplayType()

getRequirementChoices

public AuthenticationExecutionModel.Requirement[] getRequirementChoices()

getHelpText

public String getHelpText()

getConfigProperties

public List<ProviderConfigProperty> getConfigProperties()