AbstractOAuth2IdentityProvider (Keycloak REST Services 4.0.0.Final API)

java.lang.Object
- org.keycloak.broker.provider.AbstractIdentityProvider<C>
- - org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<C>

All Implemented Interfaces:

ExchangeExternalToken, ExchangeTokenToIdentityProviderToken, IdentityProvider<C>, Provider

Direct Known Subclasses:

BitbucketIdentityProvider, FacebookIdentityProvider, GitHubIdentityProvider, InstagramIdentityProvider, LinkedInIdentityProvider, MicrosoftIdentityProvider, OIDCIdentityProvider, OpenshiftV3IdentityProvider, PayPalIdentityProvider, StackoverflowIdentityProvider
```
public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
extends AbstractIdentityProvider<C>
implements ExchangeTokenToIdentityProviderToken, ExchangeExternalToken
```
Author:

Pedro Igor

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

protected class AbstractOAuth2IdentityProvider.Endpoint
- Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
  IdentityProvider.AuthenticationCallback

Nested Classes
Modifier and Type	Class and Description
`protected class`	`AbstractOAuth2IdentityProvider.Endpoint`

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`ACCESS_DENIED`
`static String`	`FEDERATED_REFRESH_TOKEN`
`static String`	`FEDERATED_TOKEN_EXPIRATION`
`protected static org.jboss.logging.Logger`	`logger`
`protected static com.fasterxml.jackson.databind.ObjectMapper`	`mapper`
`static String`	`OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE`
`static String`	`OAUTH2_GRANT_TYPE_REFRESH_TOKEN`
`static String`	`OAUTH2_PARAMETER_ACCESS_TOKEN`
`static String`	`OAUTH2_PARAMETER_CLIENT_ID`
`static String`	`OAUTH2_PARAMETER_CLIENT_SECRET`
`static String`	`OAUTH2_PARAMETER_CODE`
`static String`	`OAUTH2_PARAMETER_GRANT_TYPE`
`static String`	`OAUTH2_PARAMETER_REDIRECT_URI`
`static String`	`OAUTH2_PARAMETER_RESPONSE_TYPE`
`static String`	`OAUTH2_PARAMETER_SCOPE`
`static String`	`OAUTH2_PARAMETER_STATE`

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session

Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN

Constructor Summary

Constructors
Constructor and Description

AbstractOAuth2IdentityProvider(KeycloakSession session, C config)

Constructors
Constructor and Description
`AbstractOAuth2IdentityProvider(KeycloakSession session, C config)`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`com.fasterxml.jackson.databind.JsonNode`	`asJsonNode(String json)`
`void`	`authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)`
`protected SimpleHttp`	`buildUserInfoRequest(String subjectToken, String userInfoUrl)`
`Object`	`callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)`
`protected javax.ws.rs.core.UriBuilder`	`createAuthorizationUrl(AuthenticationRequest request)`
`protected BrokeredIdentityContext`	`doGetFederatedIdentity(String accessToken)`
`BrokeredIdentityContext`	`exchangeExternal(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`void`	`exchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`protected BrokeredIdentityContext`	`exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`protected BrokeredIdentityContext`	`exchangeExternalUserInfoValidationOnly(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`javax.ws.rs.core.Response`	`exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`protected javax.ws.rs.core.Response`	`exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)`
`protected javax.ws.rs.core.Response`	`exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)`
`protected BrokeredIdentityContext`	`extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)`
`protected String`	`extractTokenFromResponse(String response, String tokenName)`
`protected String`	`getAccessTokenResponseParameter()`
`C`	`getConfig()`
`protected abstract String`	`getDefaultScopes()`
`BrokeredIdentityContext`	`getFederatedIdentity(String response)`
`String`	`getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)` Get JSON property as text.
`protected String`	`getProfileEndpointForValidation(EventBuilder event)`
`protected javax.ws.rs.core.Response`	`hasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)` check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange
`boolean`	`isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)`
`javax.ws.rs.core.Response`	`performLogin(AuthenticationRequest request)`
`javax.ws.rs.core.Response`	`retrieveToken(KeycloakSession session, FederatedIdentityModel identity)`
`protected boolean`	`supportsExternalExchange()`
`protected BrokeredIdentityContext`	`validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType)`

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
backchannelLogout, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, keycloakInitiatedBrowserLogout, preprocessFederatedIdentity, updateBrokeredUser

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

OAUTH2_GRANT_TYPE_REFRESH_TOKEN

public static final String OAUTH2_GRANT_TYPE_REFRESH_TOKEN

See Also:: Constant Field Values

OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

public static final String OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

See Also:: Constant Field Values

FEDERATED_REFRESH_TOKEN

public static final String FEDERATED_REFRESH_TOKEN

See Also:: Constant Field Values

FEDERATED_TOKEN_EXPIRATION

public static final String FEDERATED_TOKEN_EXPIRATION

See Also:: Constant Field Values

ACCESS_DENIED

public static final String ACCESS_DENIED

See Also:: Constant Field Values

mapper

protected static com.fasterxml.jackson.databind.ObjectMapper mapper

OAUTH2_PARAMETER_ACCESS_TOKEN

public static final String OAUTH2_PARAMETER_ACCESS_TOKEN

See Also:: Constant Field Values

OAUTH2_PARAMETER_SCOPE

public static final String OAUTH2_PARAMETER_SCOPE

See Also:: Constant Field Values

OAUTH2_PARAMETER_STATE

public static final String OAUTH2_PARAMETER_STATE

See Also:: Constant Field Values

OAUTH2_PARAMETER_RESPONSE_TYPE

public static final String OAUTH2_PARAMETER_RESPONSE_TYPE

See Also:: Constant Field Values

OAUTH2_PARAMETER_REDIRECT_URI

public static final String OAUTH2_PARAMETER_REDIRECT_URI

See Also:: Constant Field Values

OAUTH2_PARAMETER_CODE

public static final String OAUTH2_PARAMETER_CODE

See Also:: Constant Field Values

OAUTH2_PARAMETER_CLIENT_ID

public static final String OAUTH2_PARAMETER_CLIENT_ID

See Also:: Constant Field Values

OAUTH2_PARAMETER_CLIENT_SECRET

public static final String OAUTH2_PARAMETER_CLIENT_SECRET

See Also:: Constant Field Values

OAUTH2_PARAMETER_GRANT_TYPE

public static final String OAUTH2_PARAMETER_GRANT_TYPE

See Also:: Constant Field Values

Constructor Detail

AbstractOAuth2IdentityProvider

public AbstractOAuth2IdentityProvider(KeycloakSession session,
                                      C config)

Method Detail

callback

public Object callback(RealmModel realm,
                       IdentityProvider.AuthenticationCallback callback,
                       EventBuilder event)

Specified by:: callback in interface IdentityProvider<C extends OAuth2IdentityProviderConfig>
Overrides:: callback in class AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>

performLogin
```
public javax.ws.rs.core.Response performLogin(AuthenticationRequest request)
```
Specified by:

performLogin in interface IdentityProvider<C extends OAuth2IdentityProviderConfig>

Overrides:

performLogin in class AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>

retrieveToken

public javax.ws.rs.core.Response retrieveToken(KeycloakSession session,
                                               FederatedIdentityModel identity)

Specified by:: retrieveToken in interface IdentityProvider<C extends OAuth2IdentityProviderConfig>

getConfig
```
public C getConfig()
```
Overrides:

getConfig in class AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>

extractTokenFromResponse

protected String extractTokenFromResponse(String response,
                                          String tokenName)

exchangeFromToken

public javax.ws.rs.core.Response exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo,
                                                   EventBuilder event,
                                                   ClientModel authorizedClient,
                                                   UserSessionModel tokenUserSession,
                                                   UserModel tokenSubject,
                                                   javax.ws.rs.core.MultivaluedMap<String,String> params)

Specified by:: exchangeFromToken in interface ExchangeTokenToIdentityProviderToken

hasExternalExchangeToken

protected javax.ws.rs.core.Response hasExternalExchangeToken(EventBuilder event,
                                                             UserSessionModel tokenUserSession,
                                                             javax.ws.rs.core.MultivaluedMap<String,String> params)

check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange

Parameters:: tokenUserSession -; params -
Returns:

exchangeStoredToken

protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo,
                                                        EventBuilder event,
                                                        ClientModel authorizedClient,
                                                        UserSessionModel tokenUserSession,
                                                        UserModel tokenSubject)

exchangeSessionToken

protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo,
                                                         EventBuilder event,
                                                         ClientModel authorizedClient,
                                                         UserSessionModel tokenUserSession,
                                                         UserModel tokenSubject)

getFederatedIdentity

public BrokeredIdentityContext getFederatedIdentity(String response)

getAccessTokenResponseParameter

protected String getAccessTokenResponseParameter()

doGetFederatedIdentity

protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken)

createAuthorizationUrl

protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)

getJsonProperty
```
public String getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode,
                              String name)
```
Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.

Parameters:

jsonNode - to get property from

name - of property to get

Returns:

string value of the property or null.

asJsonNode

public com.fasterxml.jackson.databind.JsonNode asJsonNode(String json)
                                                   throws IOException

Throws:: IOException

getDefaultScopes

protected abstract String getDefaultScopes()

authenticationFinished
```
public void authenticationFinished(AuthenticationSessionModel authSession,
                                   BrokeredIdentityContext context)
```
Specified by:

authenticationFinished in interface IdentityProvider<C extends OAuth2IdentityProviderConfig>

Overrides:

authenticationFinished in class AbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>

getProfileEndpointForValidation

protected String getProfileEndpointForValidation(EventBuilder event)

extractIdentityFromProfile

protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event,
                                                             com.fasterxml.jackson.databind.JsonNode node)

validateExternalTokenThroughUserInfo

protected BrokeredIdentityContext validateExternalTokenThroughUserInfo(EventBuilder event,
                                                                       String subjectToken,
                                                                       String subjectTokenType)

buildUserInfoRequest

protected SimpleHttp buildUserInfoRequest(String subjectToken,
                                          String userInfoUrl)

supportsExternalExchange

protected boolean supportsExternalExchange()

isIssuer

public boolean isIssuer(String issuer,
                        javax.ws.rs.core.MultivaluedMap<String,String> params)

Specified by:: isIssuer in interface ExchangeExternalToken

exchangeExternal

public final BrokeredIdentityContext exchangeExternal(EventBuilder event,
                                                      javax.ws.rs.core.MultivaluedMap<String,String> params)

Specified by:: exchangeExternal in interface ExchangeExternalToken

exchangeExternalImpl

protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event,
                                                       javax.ws.rs.core.MultivaluedMap<String,String> params)

exchangeExternalUserInfoValidationOnly

protected BrokeredIdentityContext exchangeExternalUserInfoValidationOnly(EventBuilder event,
                                                                         javax.ws.rs.core.MultivaluedMap<String,String> params)

exchangeExternalComplete

public void exchangeExternalComplete(UserSessionModel userSession,
                                     BrokeredIdentityContext context,
                                     javax.ws.rs.core.MultivaluedMap<String,String> params)

Specified by:: exchangeExternalComplete in interface ExchangeExternalToken

Class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

Field Summary

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Fields inherited from interface org.keycloak.broker.provider.IdentityProvider

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Methods inherited from class java.lang.Object

Field Detail

logger

OAUTH2_GRANT_TYPE_REFRESH_TOKEN

OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

FEDERATED_REFRESH_TOKEN

FEDERATED_TOKEN_EXPIRATION

ACCESS_DENIED

mapper

OAUTH2_PARAMETER_ACCESS_TOKEN

OAUTH2_PARAMETER_SCOPE

OAUTH2_PARAMETER_STATE

OAUTH2_PARAMETER_RESPONSE_TYPE

OAUTH2_PARAMETER_REDIRECT_URI

OAUTH2_PARAMETER_CODE

OAUTH2_PARAMETER_CLIENT_ID

OAUTH2_PARAMETER_CLIENT_SECRET

OAUTH2_PARAMETER_GRANT_TYPE

Constructor Detail

AbstractOAuth2IdentityProvider

Method Detail

callback

performLogin

retrieveToken

getConfig

extractTokenFromResponse

exchangeFromToken

hasExternalExchangeToken

exchangeStoredToken

exchangeSessionToken

getFederatedIdentity

getAccessTokenResponseParameter

doGetFederatedIdentity

createAuthorizationUrl

getJsonProperty

asJsonNode

getDefaultScopes

authenticationFinished

getProfileEndpointForValidation

extractIdentityFromProfile

validateExternalTokenThroughUserInfo

buildUserInfoRequest

supportsExternalExchange

isIssuer

exchangeExternal

exchangeExternalImpl

exchangeExternalUserInfoValidationOnly

exchangeExternalComplete