OIDCIdentityProvider (Keycloak REST Services 3.3.0.CR2 API)

java.lang.Object
- org.keycloak.broker.provider.AbstractIdentityProvider<C>
- - org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
  - - org.keycloak.broker.oidc.OIDCIdentityProvider

All Implemented Interfaces:

IdentityProvider<OIDCIdentityProviderConfig>, TokenExchangeTo, Provider

Direct Known Subclasses:

GitLabIdentityProvider, GoogleIdentityProvider, KeycloakOIDCIdentityProvider
```
public class OIDCIdentityProvider
extends AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>
```
Author:

Pedro Igor

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

protected class OIDCIdentityProvider.OIDCEndpoint
- Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
  AbstractOAuth2IdentityProvider.Endpoint
- Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
  IdentityProvider.AuthenticationCallback

Nested Classes
Modifier and Type	Class and Description
`protected class`	`OIDCIdentityProvider.OIDCEndpoint`

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`ACCESS_TOKEN_EXPIRATION`
`static String`	`FEDERATED_ACCESS_TOKEN_RESPONSE`
`static String`	`FEDERATED_ID_TOKEN`
`protected static org.jboss.logging.Logger`	`logger`
`static String`	`OAUTH2_PARAMETER_PROMPT`
`static String`	`SCOPE_OPENID`
`static String`	`USER_INFO`
`static String`	`VALIDATED_ID_TOKEN`

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
ACCESS_DENIED, FEDERATED_ACCESS_TOKEN, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session

Constructor Summary

Constructors
Constructor and Description

OIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)

Constructors
Constructor and Description
`OIDCIdentityProvider(KeycloakSession session, OIDCIdentityProviderConfig config)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)`
`void`	`backchannelLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)`
`protected void`	`backchannelLogout(UserSessionModel userSession, String idToken)`
`Object`	`callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)`
`protected javax.ws.rs.core.UriBuilder`	`createAuthorizationUrl(AuthenticationRequest request)`
`protected javax.ws.rs.core.Response`	`exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token)`
`protected javax.ws.rs.core.Response`	`exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, AccessToken token)`
`protected BrokeredIdentityContext`	`extractIdentity(AccessTokenResponse tokenResponse, String accessToken, JsonWebToken idToken)`
`protected String`	`getDefaultScopes()`
`BrokeredIdentityContext`	`getFederatedIdentity(String response)`
`protected String`	`getUserInfoUrl()`
`protected String`	`getUsernameClaimName()`
`javax.ws.rs.core.Response`	`keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, RealmModel realm)`
`protected void`	`processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response)`
`String`	`refreshTokenForLogout(KeycloakSession session, UserSessionModel userSession)` Returns access token response as a string from a refresh token invocation on the remote OIDC broker
`protected JsonWebToken`	`validateToken(String encodedToken)`
`protected boolean`	`verify(JWSInput jws)`

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider
asJsonNode, doGetFederatedIdentity, exchangeTo, extractTokenFromResponse, getAccessTokenResponseParameter, getConfig, getJsonProperty, performLogin, retrieveToken

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
close, exchangeErrorResponse, exchangeNotLinked, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, preprocessFederatedIdentity, updateBrokeredUser

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.jboss.logging.Logger logger

OAUTH2_PARAMETER_PROMPT

public static final String OAUTH2_PARAMETER_PROMPT

See Also:: Constant Field Values

SCOPE_OPENID

public static final String SCOPE_OPENID

See Also:: Constant Field Values

FEDERATED_ID_TOKEN

public static final String FEDERATED_ID_TOKEN

See Also:: Constant Field Values

USER_INFO
```
public static final String USER_INFO
```
See Also:

Constant Field Values

FEDERATED_ACCESS_TOKEN_RESPONSE

public static final String FEDERATED_ACCESS_TOKEN_RESPONSE

See Also:: Constant Field Values

VALIDATED_ID_TOKEN

public static final String VALIDATED_ID_TOKEN

See Also:: Constant Field Values

ACCESS_TOKEN_EXPIRATION

public static final String ACCESS_TOKEN_EXPIRATION

See Also:: Constant Field Values

Constructor Detail

OIDCIdentityProvider

public OIDCIdentityProvider(KeycloakSession session,
                            OIDCIdentityProviderConfig config)

Method Detail

callback

public Object callback(RealmModel realm,
                       IdentityProvider.AuthenticationCallback callback,
                       EventBuilder event)

Specified by:: callback in interface IdentityProvider<OIDCIdentityProviderConfig>
Overrides:: callback in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

backchannelLogout

public void backchannelLogout(KeycloakSession session,
                              UserSessionModel userSession,
                              javax.ws.rs.core.UriInfo uriInfo,
                              RealmModel realm)

Specified by:: backchannelLogout in interface IdentityProvider<OIDCIdentityProviderConfig>
Overrides:: backchannelLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

backchannelLogout

protected void backchannelLogout(UserSessionModel userSession,
                                 String idToken)

keycloakInitiatedBrowserLogout

public javax.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
                                                                UserSessionModel userSession,
                                                                javax.ws.rs.core.UriInfo uriInfo,
                                                                RealmModel realm)

Specified by:: keycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>
Overrides:: keycloakInitiatedBrowserLogout in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

refreshTokenForLogout

public String refreshTokenForLogout(KeycloakSession session,
                                    UserSessionModel userSession)

Returns access token response as a string from a refresh token invocation on the remote OIDC broker

Parameters:: session -; userSession -
Returns:

createAuthorizationUrl
```
protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)
```
Overrides:

createAuthorizationUrl in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

processAccessTokenResponse

protected void processAccessTokenResponse(BrokeredIdentityContext context,
                                          AccessTokenResponse response)

exchangeStoredToken

protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo,
                                                        ClientModel authorizedClient,
                                                        UserSessionModel tokenUserSession,
                                                        UserModel tokenSubject,
                                                        AccessToken token)

Overrides:: exchangeStoredToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

exchangeSessionToken

protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo,
                                                         ClientModel authorizedClient,
                                                         UserSessionModel tokenUserSession,
                                                         UserModel tokenSubject,
                                                         AccessToken token)

Overrides:: exchangeSessionToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

getFederatedIdentity
```
public BrokeredIdentityContext getFederatedIdentity(String response)
```
Overrides:

getFederatedIdentity in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

extractIdentity

protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse,
                                                  String accessToken,
                                                  JsonWebToken idToken)
                                           throws IOException

Throws:: IOException

getUsernameClaimName

protected String getUsernameClaimName()

getUserInfoUrl
```
protected String getUserInfoUrl()
```

verify

protected boolean verify(JWSInput jws)

validateToken

protected JsonWebToken validateToken(String encodedToken)

authenticationFinished
```
public void authenticationFinished(AuthenticationSessionModel authSession,
                                   BrokeredIdentityContext context)
```
Specified by:

authenticationFinished in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

authenticationFinished in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

getDefaultScopes
```
protected String getDefaultScopes()
```
Specified by:

getDefaultScopes in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Class OIDCIdentityProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

Field Summary

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

Methods inherited from class java.lang.Object

Field Detail

logger

OAUTH2_PARAMETER_PROMPT

SCOPE_OPENID

FEDERATED_ID_TOKEN

USER_INFO

FEDERATED_ACCESS_TOKEN_RESPONSE

VALIDATED_ID_TOKEN

ACCESS_TOKEN_EXPIRATION

Constructor Detail

OIDCIdentityProvider

Method Detail

callback

backchannelLogout

backchannelLogout

keycloakInitiatedBrowserLogout

refreshTokenForLogout

createAuthorizationUrl

processAccessTokenResponse

exchangeStoredToken

exchangeSessionToken

getFederatedIdentity

extractIdentity

getUsernameClaimName

getUserInfoUrl

verify

validateToken

authenticationFinished

getDefaultScopes