Package org.keycloak.broker.oidc
Class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
- java.lang.Object
-
- org.keycloak.broker.provider.AbstractIdentityProvider<C>
-
- org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<C>
-
- All Implemented Interfaces:
ExchangeExternalToken,ExchangeTokenToIdentityProviderToken,IdentityProvider<C>,Provider
- Direct Known Subclasses:
BitbucketIdentityProvider,FacebookIdentityProvider,GitHubIdentityProvider,InstagramIdentityProvider,LinkedInIdentityProvider,MicrosoftIdentityProvider,OIDCIdentityProvider,OpenshiftV3IdentityProvider,OpenshiftV4IdentityProvider,PayPalIdentityProvider,StackoverflowIdentityProvider
public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig> extends AbstractIdentityProvider<C> implements ExchangeTokenToIdentityProviderToken, ExchangeExternalToken
- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classAbstractOAuth2IdentityProvider.Endpoint-
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback
-
-
Field Summary
Fields Modifier and Type Field Description static StringACCESS_DENIEDstatic StringFEDERATED_REFRESH_TOKENstatic StringFEDERATED_TOKEN_EXPIRATIONprotected static org.jboss.logging.Loggerloggerprotected static com.fasterxml.jackson.databind.ObjectMappermapperstatic StringOAUTH2_GRANT_TYPE_AUTHORIZATION_CODEstatic StringOAUTH2_GRANT_TYPE_REFRESH_TOKENstatic StringOAUTH2_PARAMETER_ACCESS_TOKENstatic StringOAUTH2_PARAMETER_CLIENT_IDstatic StringOAUTH2_PARAMETER_CLIENT_SECRETstatic StringOAUTH2_PARAMETER_CODEstatic StringOAUTH2_PARAMETER_GRANT_TYPEstatic StringOAUTH2_PARAMETER_REDIRECT_URIstatic StringOAUTH2_PARAMETER_RESPONSE_TYPEstatic StringOAUTH2_PARAMETER_SCOPEstatic StringOAUTH2_PARAMETER_STATE-
Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session
-
Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
-
-
Constructor Summary
Constructors Constructor Description AbstractOAuth2IdentityProvider(KeycloakSession session, C config)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description com.fasterxml.jackson.databind.JsonNodeasJsonNode(String json)SimpleHttpauthenticateTokenRequest(SimpleHttp tokenRequest)voidauthenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)protected SimpleHttpbuildUserInfoRequest(String subjectToken, String userInfoUrl)Objectcallback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.protected javax.ws.rs.core.UriBuildercreateAuthorizationUrl(AuthenticationRequest request)protected BrokeredIdentityContextdoGetFederatedIdentity(String accessToken)BrokeredIdentityContextexchangeExternal(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)voidexchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)protected BrokeredIdentityContextexchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)protected BrokeredIdentityContextexchangeExternalUserInfoValidationOnly(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)javax.ws.rs.core.ResponseexchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)protected javax.ws.rs.core.ResponseexchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)protected javax.ws.rs.core.ResponseexchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)protected BrokeredIdentityContextextractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)protected StringextractTokenFromResponse(String response, String tokenName)protected JsonWebTokengenerateToken()protected StringgetAccessTokenResponseParameter()CgetConfig()protected abstract StringgetDefaultScopes()BrokeredIdentityContextgetFederatedIdentity(String response)StringgetJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)Get JSON property as text.protected StringgetProfileEndpointForValidation(EventBuilder event)protected SignatureSignerContextgetSignatureContext()protected javax.ws.rs.core.ResponsehasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)check to see if we have a token exchange in session in other words check to see if this session was created by an external exchangebooleanisIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)javax.ws.rs.core.ResponseperformLogin(AuthenticationRequest request)Initiates the authentication process by sending an authentication request to an identity provider.javax.ws.rs.core.ResponseretrieveToken(KeycloakSession session, FederatedIdentityModel identity)Returns aResponsecontaining the token previously stored during the authentication process for a specific user.protected booleansupportsExternalExchange()protected BrokeredIdentityContextvalidateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType)-
Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
backchannelLogout, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, keycloakInitiatedBrowserLogout, preprocessFederatedIdentity, updateBrokeredUser
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
OAUTH2_GRANT_TYPE_REFRESH_TOKEN
public static final String OAUTH2_GRANT_TYPE_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
public static final String OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
- See Also:
- Constant Field Values
-
FEDERATED_REFRESH_TOKEN
public static final String FEDERATED_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
FEDERATED_TOKEN_EXPIRATION
public static final String FEDERATED_TOKEN_EXPIRATION
- See Also:
- Constant Field Values
-
ACCESS_DENIED
public static final String ACCESS_DENIED
- See Also:
- Constant Field Values
-
mapper
protected static com.fasterxml.jackson.databind.ObjectMapper mapper
-
OAUTH2_PARAMETER_ACCESS_TOKEN
public static final String OAUTH2_PARAMETER_ACCESS_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_SCOPE
public static final String OAUTH2_PARAMETER_SCOPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_STATE
public static final String OAUTH2_PARAMETER_STATE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_RESPONSE_TYPE
public static final String OAUTH2_PARAMETER_RESPONSE_TYPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_REDIRECT_URI
public static final String OAUTH2_PARAMETER_REDIRECT_URI
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CODE
public static final String OAUTH2_PARAMETER_CODE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_ID
public static final String OAUTH2_PARAMETER_CLIENT_ID
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_SECRET
public static final String OAUTH2_PARAMETER_CLIENT_SECRET
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_GRANT_TYPE
public static final String OAUTH2_PARAMETER_GRANT_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractOAuth2IdentityProvider
public AbstractOAuth2IdentityProvider(KeycloakSession session, C config)
-
-
Method Detail
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
Description copied from interface:IdentityProviderJAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callbackin interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
callbackin classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>- Returns:
-
performLogin
public javax.ws.rs.core.Response performLogin(AuthenticationRequest request)
Description copied from interface:IdentityProviderInitiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLoginin interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
performLoginin classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>- Parameters:
request- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
retrieveToken
public javax.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity)
Description copied from interface:IdentityProviderReturns a
Responsecontaining the token previously stored during the authentication process for a specific user.- Specified by:
retrieveTokenin interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>- Returns:
-
getConfig
public C getConfig()
- Overrides:
getConfigin classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
extractTokenFromResponse
protected String extractTokenFromResponse(String response, String tokenName)
-
exchangeFromToken
public javax.ws.rs.core.Response exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)- Specified by:
exchangeFromTokenin interfaceExchangeTokenToIdentityProviderTokenauthorizedClient- client requesting exchangetokenUserSession- UserSessionModel of token exchanging fromtokenSubject- UserModel of token exchanging fromparams- form parameters received for requested exchange- Returns:
-
hasExternalExchangeToken
protected javax.ws.rs.core.Response hasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)
check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange- Parameters:
tokenUserSession-params-- Returns:
-
exchangeStoredToken
protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
-
exchangeSessionToken
protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
-
getFederatedIdentity
public BrokeredIdentityContext getFederatedIdentity(String response)
-
getAccessTokenResponseParameter
protected String getAccessTokenResponseParameter()
-
doGetFederatedIdentity
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken)
-
createAuthorizationUrl
protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)
-
getJsonProperty
public String getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)
Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.- Parameters:
jsonNode- to get property fromname- of property to get- Returns:
- string value of the property or null.
-
asJsonNode
public com.fasterxml.jackson.databind.JsonNode asJsonNode(String json) throws IOException
- Throws:
IOException
-
getDefaultScopes
protected abstract String getDefaultScopes()
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
- Specified by:
authenticationFinishedin interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>- Overrides:
authenticationFinishedin classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
authenticateTokenRequest
public SimpleHttp authenticateTokenRequest(SimpleHttp tokenRequest)
-
generateToken
protected JsonWebToken generateToken()
-
getSignatureContext
protected SignatureSignerContext getSignatureContext()
-
getProfileEndpointForValidation
protected String getProfileEndpointForValidation(EventBuilder event)
-
extractIdentityFromProfile
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)
-
validateExternalTokenThroughUserInfo
protected BrokeredIdentityContext validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType)
-
buildUserInfoRequest
protected SimpleHttp buildUserInfoRequest(String subjectToken, String userInfoUrl)
-
supportsExternalExchange
protected boolean supportsExternalExchange()
-
isIssuer
public boolean isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
isIssuerin interfaceExchangeExternalToken
-
exchangeExternal
public final BrokeredIdentityContext exchangeExternal(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
exchangeExternalin interfaceExchangeExternalToken
-
exchangeExternalImpl
protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalUserInfoValidationOnly
protected BrokeredIdentityContext exchangeExternalUserInfoValidationOnly(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalComplete
public void exchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
exchangeExternalCompletein interfaceExchangeExternalToken
-
-