Class DefaultActionToken
- java.lang.Object
-
- org.keycloak.representations.JsonWebToken
-
- org.keycloak.models.DefaultActionTokenKey
-
- org.keycloak.authentication.actiontoken.DefaultActionToken
-
- All Implemented Interfaces:
Serializable
,SingleUseObjectKeyModel
,SingleUseObjectValueModel
,Token
- Direct Known Subclasses:
ExecuteActionsActionToken
,IdpVerifyAccountLinkActionToken
,ResetCredentialsActionToken
,UpdateEmailActionToken
,VerifyEmailActionToken
public class DefaultActionToken extends DefaultActionTokenKey implements SingleUseObjectValueModel
Part of action token that is intended to be used e.g. in link sent in password-reset email. The token encapsulates user, expected action and its time of expiry.- Author:
- hmlnarik
- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.models.SingleUseObjectValueModel
SingleUseObjectValueModel.SearchableFields
-
-
Field Summary
Fields Modifier and Type Field Description static TokenVerifier.Predicate<DefaultActionTokenKey>
ACTION_TOKEN_BASIC_CHECKS
static String
JSON_FIELD_AUTHENTICATION_SESSION_ID
static String
JSON_FIELD_EMAIL
-
Fields inherited from class org.keycloak.models.DefaultActionTokenKey
ACTION_TOKEN_USER_ID, JSON_FIELD_ACTION_VERIFICATION_NONCE
-
-
Constructor Summary
Constructors Modifier Constructor Description DefaultActionToken()
Single-use random value used for verification whether the relevant action is allowed.protected
DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce)
protected
DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getCompoundAuthenticationSessionId()
String
getEmail()
String
getNote(String name)
Returns value of the given note (ornull
when no note of this name is present)Map<String,String>
getNotes()
Returns unmodifiable map of all notes.String
removeNote(String name)
Removes given note, and returns original value (ornull
when no value was present)String
serialize(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uri)
Updates the following fields and serializes this token into a signed JWT.void
setCompoundAuthenticationSessionId(String authenticationSessionId)
void
setEmail(String email)
String
setNote(String name, String value)
Sets value of the given note-
Methods inherited from class org.keycloak.models.DefaultActionTokenKey
from, getActionId, getActionVerificationNonce, getUserId
-
Methods inherited from class org.keycloak.representations.JsonWebToken
addAudience, audience, exp, expiration, getAudience, getCategory, getExp, getExpiration, getIat, getId, getIssuedAt, getIssuedFor, getIssuer, getNbf, getNotBefore, getOtherClaims, getSubject, getType, hasAnyAudience, hasAudience, iat, id, isActive, isActive, isExpired, isIssuedBeforeSessionStart, isNotBefore, issuedAt, issuedFor, issuedNow, issuer, nbf, notBefore, setOtherClaims, setSubject, subject, type
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.models.SingleUseObjectKeyModel
getExpiration, serializeKey
-
-
-
-
Field Detail
-
JSON_FIELD_AUTHENTICATION_SESSION_ID
public static final String JSON_FIELD_AUTHENTICATION_SESSION_ID
- See Also:
- Constant Field Values
-
JSON_FIELD_EMAIL
public static final String JSON_FIELD_EMAIL
- See Also:
- Constant Field Values
-
ACTION_TOKEN_BASIC_CHECKS
public static final TokenVerifier.Predicate<DefaultActionTokenKey> ACTION_TOKEN_BASIC_CHECKS
-
-
Constructor Detail
-
DefaultActionToken
public DefaultActionToken()
Single-use random value used for verification whether the relevant action is allowed.
-
DefaultActionToken
protected DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce)
- Parameters:
userId
- User IDactionId
- Action IDabsoluteExpirationInSecs
- Absolute expiration time in seconds in timezone of Keycloak.actionVerificationNonce
-
-
DefaultActionToken
protected DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId)
- Parameters:
userId
- User IDactionId
- Action IDabsoluteExpirationInSecs
- Absolute expiration time in seconds in timezone of Keycloak.actionVerificationNonce
-
-
-
Method Detail
-
getCompoundAuthenticationSessionId
public String getCompoundAuthenticationSessionId()
-
setCompoundAuthenticationSessionId
public final void setCompoundAuthenticationSessionId(String authenticationSessionId)
-
getNotes
public Map<String,String> getNotes()
Description copied from interface:SingleUseObjectValueModel
Returns unmodifiable map of all notes.- Specified by:
getNotes
in interfaceSingleUseObjectValueModel
- Returns:
- see description. Returns empty map if no note is set, never returns
null
.
-
getNote
public String getNote(String name)
Description copied from interface:SingleUseObjectValueModel
Returns value of the given note (ornull
when no note of this name is present)- Specified by:
getNote
in interfaceSingleUseObjectValueModel
- Returns:
- see description
-
setNote
public final String setNote(String name, String value)
Sets value of the given note- Returns:
- original value (or
null
when no value was present)
-
removeNote
public final String removeNote(String name)
Removes given note, and returns original value (ornull
when no value was present)- Returns:
- see description
-
setEmail
public void setEmail(String email)
-
getEmail
public String getEmail()
-
serialize
public String serialize(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uri)
Updates the following fields and serializes this token into a signed JWT. The list of updated fields follows:id
: random nonceissuedAt
: Current timeissuer
: URI of the given realmaudience
: URI of the given realm (same as issuer)
- Parameters:
session
-realm
-uri
-- Returns:
-
-