Package org.keycloak.broker.oidc
Class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
- java.lang.Object
-
- org.keycloak.broker.provider.AbstractIdentityProvider<C>
-
- org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<C>
-
- All Implemented Interfaces:
ExchangeExternalToken
,ExchangeTokenToIdentityProviderToken
,IdentityProvider<C>
,Provider
- Direct Known Subclasses:
BitbucketIdentityProvider
,FacebookIdentityProvider
,GitHubIdentityProvider
,InstagramIdentityProvider
,LinkedInIdentityProvider
,MicrosoftIdentityProvider
,OIDCIdentityProvider
,OpenshiftV3IdentityProvider
,OpenshiftV4IdentityProvider
,PayPalIdentityProvider
,StackoverflowIdentityProvider
public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig> extends AbstractIdentityProvider<C> implements ExchangeTokenToIdentityProviderToken, ExchangeExternalToken
- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
AbstractOAuth2IdentityProvider.Endpoint
-
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback
-
-
Field Summary
Fields Modifier and Type Field Description static String
ACCESS_DENIED
static String
FEDERATED_REFRESH_TOKEN
static String
FEDERATED_TOKEN_EXPIRATION
protected static org.jboss.logging.Logger
logger
protected static com.fasterxml.jackson.databind.ObjectMapper
mapper
static String
OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
static String
OAUTH2_GRANT_TYPE_REFRESH_TOKEN
static String
OAUTH2_PARAMETER_ACCESS_TOKEN
static String
OAUTH2_PARAMETER_CLIENT_ID
static String
OAUTH2_PARAMETER_CLIENT_SECRET
static String
OAUTH2_PARAMETER_CODE
static String
OAUTH2_PARAMETER_GRANT_TYPE
static String
OAUTH2_PARAMETER_REDIRECT_URI
static String
OAUTH2_PARAMETER_RESPONSE_TYPE
static String
OAUTH2_PARAMETER_SCOPE
static String
OAUTH2_PARAMETER_STATE
-
Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session
-
Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
-
-
Constructor Summary
Constructors Constructor Description AbstractOAuth2IdentityProvider(KeycloakSession session, C config)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description com.fasterxml.jackson.databind.JsonNode
asJsonNode(String json)
SimpleHttp
authenticateTokenRequest(SimpleHttp tokenRequest)
void
authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
protected SimpleHttp
buildUserInfoRequest(String subjectToken, String userInfoUrl)
Object
callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.protected javax.ws.rs.core.UriBuilder
createAuthorizationUrl(AuthenticationRequest request)
protected BrokeredIdentityContext
doGetFederatedIdentity(String accessToken)
BrokeredIdentityContext
exchangeExternal(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
void
exchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)
protected BrokeredIdentityContext
exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
protected BrokeredIdentityContext
exchangeExternalUserInfoValidationOnly(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
javax.ws.rs.core.Response
exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response
exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
protected javax.ws.rs.core.Response
exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
protected BrokeredIdentityContext
extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)
protected String
extractTokenFromResponse(String response, String tokenName)
protected JsonWebToken
generateToken()
protected String
getAccessTokenResponseParameter()
C
getConfig()
protected abstract String
getDefaultScopes()
BrokeredIdentityContext
getFederatedIdentity(String response)
String
getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)
Get JSON property as text.protected String
getProfileEndpointForValidation(EventBuilder event)
protected SignatureSignerContext
getSignatureContext()
protected javax.ws.rs.core.Response
hasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)
check to see if we have a token exchange in session in other words check to see if this session was created by an external exchangeboolean
isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
javax.ws.rs.core.Response
performLogin(AuthenticationRequest request)
Initiates the authentication process by sending an authentication request to an identity provider.javax.ws.rs.core.Response
retrieveToken(KeycloakSession session, FederatedIdentityModel identity)
Returns aResponse
containing the token previously stored during the authentication process for a specific user.protected boolean
supportsExternalExchange()
protected BrokeredIdentityContext
validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType)
-
Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
backchannelLogout, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, keycloakInitiatedBrowserLogout, preprocessFederatedIdentity, updateBrokeredUser
-
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
OAUTH2_GRANT_TYPE_REFRESH_TOKEN
public static final String OAUTH2_GRANT_TYPE_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
public static final String OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
- See Also:
- Constant Field Values
-
FEDERATED_REFRESH_TOKEN
public static final String FEDERATED_REFRESH_TOKEN
- See Also:
- Constant Field Values
-
FEDERATED_TOKEN_EXPIRATION
public static final String FEDERATED_TOKEN_EXPIRATION
- See Also:
- Constant Field Values
-
ACCESS_DENIED
public static final String ACCESS_DENIED
- See Also:
- Constant Field Values
-
mapper
protected static com.fasterxml.jackson.databind.ObjectMapper mapper
-
OAUTH2_PARAMETER_ACCESS_TOKEN
public static final String OAUTH2_PARAMETER_ACCESS_TOKEN
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_SCOPE
public static final String OAUTH2_PARAMETER_SCOPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_STATE
public static final String OAUTH2_PARAMETER_STATE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_RESPONSE_TYPE
public static final String OAUTH2_PARAMETER_RESPONSE_TYPE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_REDIRECT_URI
public static final String OAUTH2_PARAMETER_REDIRECT_URI
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CODE
public static final String OAUTH2_PARAMETER_CODE
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_ID
public static final String OAUTH2_PARAMETER_CLIENT_ID
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_CLIENT_SECRET
public static final String OAUTH2_PARAMETER_CLIENT_SECRET
- See Also:
- Constant Field Values
-
OAUTH2_PARAMETER_GRANT_TYPE
public static final String OAUTH2_PARAMETER_GRANT_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractOAuth2IdentityProvider
public AbstractOAuth2IdentityProvider(KeycloakSession session, C config)
-
-
Method Detail
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
Description copied from interface:IdentityProvider
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callback
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
callback
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Returns:
-
performLogin
public javax.ws.rs.core.Response performLogin(AuthenticationRequest request)
Description copied from interface:IdentityProvider
Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLogin
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
performLogin
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Parameters:
request
- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
retrieveToken
public javax.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity)
Description copied from interface:IdentityProvider
Returns a
Response
containing the token previously stored during the authentication process for a specific user.- Specified by:
retrieveToken
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Returns:
-
getConfig
public C getConfig()
- Overrides:
getConfig
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
extractTokenFromResponse
protected String extractTokenFromResponse(String response, String tokenName)
-
exchangeFromToken
public javax.ws.rs.core.Response exchangeFromToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
exchangeFromToken
in interfaceExchangeTokenToIdentityProviderToken
authorizedClient
- client requesting exchangetokenUserSession
- UserSessionModel of token exchanging fromtokenSubject
- UserModel of token exchanging fromparams
- form parameters received for requested exchange- Returns:
-
hasExternalExchangeToken
protected javax.ws.rs.core.Response hasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, javax.ws.rs.core.MultivaluedMap<String,String> params)
check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange- Parameters:
tokenUserSession
-params
-- Returns:
-
exchangeStoredToken
protected javax.ws.rs.core.Response exchangeStoredToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
-
exchangeSessionToken
protected javax.ws.rs.core.Response exchangeSessionToken(javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
-
getFederatedIdentity
public BrokeredIdentityContext getFederatedIdentity(String response)
-
getAccessTokenResponseParameter
protected String getAccessTokenResponseParameter()
-
doGetFederatedIdentity
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken)
-
createAuthorizationUrl
protected javax.ws.rs.core.UriBuilder createAuthorizationUrl(AuthenticationRequest request)
-
getJsonProperty
public String getJsonProperty(com.fasterxml.jackson.databind.JsonNode jsonNode, String name)
Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.- Parameters:
jsonNode
- to get property fromname
- of property to get- Returns:
- string value of the property or null.
-
asJsonNode
public com.fasterxml.jackson.databind.JsonNode asJsonNode(String json) throws IOException
- Throws:
IOException
-
getDefaultScopes
protected abstract String getDefaultScopes()
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
- Specified by:
authenticationFinished
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
authenticationFinished
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
authenticateTokenRequest
public SimpleHttp authenticateTokenRequest(SimpleHttp tokenRequest)
-
generateToken
protected JsonWebToken generateToken()
-
getSignatureContext
protected SignatureSignerContext getSignatureContext()
-
getProfileEndpointForValidation
protected String getProfileEndpointForValidation(EventBuilder event)
-
extractIdentityFromProfile
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node)
-
validateExternalTokenThroughUserInfo
protected BrokeredIdentityContext validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType)
-
buildUserInfoRequest
protected SimpleHttp buildUserInfoRequest(String subjectToken, String userInfoUrl)
-
supportsExternalExchange
protected boolean supportsExternalExchange()
-
isIssuer
public boolean isIssuer(String issuer, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
isIssuer
in interfaceExchangeExternalToken
-
exchangeExternal
public final BrokeredIdentityContext exchangeExternal(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
exchangeExternal
in interfaceExchangeExternalToken
-
exchangeExternalImpl
protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalUserInfoValidationOnly
protected BrokeredIdentityContext exchangeExternalUserInfoValidationOnly(EventBuilder event, javax.ws.rs.core.MultivaluedMap<String,String> params)
-
exchangeExternalComplete
public void exchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, javax.ws.rs.core.MultivaluedMap<String,String> params)
- Specified by:
exchangeExternalComplete
in interfaceExchangeExternalToken
-
-