Package org.keycloak.protocol.oidc.grants

Class OAuth2GrantTypeBase

java.lang.Object
org.keycloak.protocol.oidc.grants.OAuth2GrantTypeBase
All Implemented Interfaces:
OAuth2GrantType, Provider
Direct Known Subclasses:
AuthorizationCodeGrantType, CibaGrantType, ClientCredentialsGrantType, DeviceGrantType, PermissionGrantType, PreAuthorizedCodeGrantType, RefreshTokenGrantType, ResourceOwnerPasswordCredentialsGrantType, TokenExchangeGrantType
public abstract class OAuth2GrantTypeBase extends Object implements OAuth2GrantType
Base class for OAuth 2.0 grant types
Author:
Dmitry Telegin (et al.)

  • Field Details

  • Constructor Details

    • OAuth2GrantTypeBase

      public OAuth2GrantTypeBase()

  • Method Details

    • setContext

      protected void setContext(OAuth2GrantType.Context context)

    • createTokenResponse

      protected jakarta.ws.rs.core.Response createTokenResponse(UserModel user, UserSessionModel userSession, ClientSessionContext clientSessionCtx, String scopeParam, boolean code, Function<TokenManager.AccessTokenResponseBuilder,ClientPolicyContext> clientPolicyContextGenerator)

    • checkAndBindMtlsHoKToken

      protected void checkAndBindMtlsHoKToken(TokenManager.AccessTokenResponseBuilder responseBuilder, boolean useRefreshToken)

    • updateClientSession

      protected void updateClientSession(AuthenticatedClientSessionModel clientSession)

    • updateUserSessionFromClientAuth

      protected void updateUserSessionFromClientAuth(UserSessionModel userSession)

    • getRequestedScopes

      protected String getRequestedScopes()

    • checkClient

      protected void checkClient()

    • addCustomTokenResponseClaims

      protected void addCustomTokenResponseClaims(org.keycloak.representations.AccessTokenResponse res, ClientSessionContext clientSessionCtx)
      Extension point for subclasses to add custom claims to the AccessTokenResponse before it is returned. Default implementation does nothing.

    • processAuthorizationDetails

      protected List<AuthorizationDetailsResponse> processAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx)
      Processes the authorization_details parameter using provider discovery. This method can be overridden by subclasses to customize the behavior.
      Parameters:
      userSession - the user session
      clientSessionCtx - the client session context
      Returns:
      the authorization details response if processing was successful, null otherwise

    • handleMissingAuthorizationDetails

      protected List<AuthorizationDetailsResponse> handleMissingAuthorizationDetails(UserSessionModel userSession, ClientSessionContext clientSessionCtx)
      Handle missing authorization_details parameter by allowing processors to generate authorization details response. This is used in Pre-Authorized Code Flow where the credential offer contains the authorized credential configuration IDs.
      Parameters:
      userSession - the user session
      clientSessionCtx - the client session context
      Returns:
      the authorization details response if generation was successful, null otherwise

    • close

      public void close()
      Specified by:
      close in interface Provider