Class JWTClientCredentialsProvider
- java.lang.Object
-
- org.keycloak.adapters.authentication.JWTClientCredentialsProvider
-
- All Implemented Interfaces:
ClientCredentialsProvider
public class JWTClientCredentialsProvider extends Object implements ClientCredentialsProvider
Client authentication based on JWT signed by client private key . See specs for more details.- Author:
- Marek Posolda
-
-
Field Summary
Fields Modifier and Type Field Description static StringPROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientCredentialsProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected org.keycloak.representations.JsonWebTokencreateRequestToken(String clientId, String realmInfoUrl)StringcreateSignedRequestToken(String clientId, String realmInfoUrl)StringgetId()Return the ID of the provider.PublicKeygetPublicKey()protected intgetTokenTimeout()voidinit(KeycloakDeployment deployment, Object config)Called by adapter during deployment of your application.voidsetClientCredentials(KeycloakDeployment deployment, Map<String,String> requestHeaders, Map<String,String> formParams)Called every time adapter needs to perform backchannel requestvoidsetTokenTimeout(int tokenTimeout)voidsetupKeyPair(KeyPair keyPair)
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getId
public String getId()
Description copied from interface:ClientCredentialsProviderReturn the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }- Specified by:
getIdin interfaceClientCredentialsProvider- Returns:
-
setupKeyPair
public void setupKeyPair(KeyPair keyPair)
-
setTokenTimeout
public void setTokenTimeout(int tokenTimeout)
-
getTokenTimeout
protected int getTokenTimeout()
-
getPublicKey
public PublicKey getPublicKey()
-
init
public void init(KeycloakDeployment deployment, Object config)
Description copied from interface:ClientCredentialsProviderCalled by adapter during deployment of your application. You can for example read configuration and init your authenticator here- Specified by:
initin interfaceClientCredentialsProvider- Parameters:
deployment- the adapter configurationconfig- the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
-
setClientCredentials
public void setClientCredentials(KeycloakDeployment deployment, Map<String,String> requestHeaders, Map<String,String> formParams)
Description copied from interface:ClientCredentialsProviderCalled every time adapter needs to perform backchannel request- Specified by:
setClientCredentialsin interfaceClientCredentialsProvider- Parameters:
deployment- Fully resolved deploymentrequestHeaders- You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak serverformParams- You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
-
createSignedRequestToken
public String createSignedRequestToken(String clientId, String realmInfoUrl)
-
-