Package org.keycloak.protocol.oidc
Class OIDCLoginProtocol
- java.lang.Object
-
- org.keycloak.protocol.oidc.OIDCLoginProtocol
-
- All Implemented Interfaces:
LoginProtocol
,Provider
public class OIDCLoginProtocol extends Object implements LoginProtocol
- Author:
- Bill Burke, Stian Thorgersen
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol
LoginProtocol.Error
-
-
Field Summary
-
Constructor Summary
Constructors Constructor Description OIDCLoginProtocol()
OIDCLoginProtocol(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers, EventBuilder event)
-
Method Summary
-
-
-
Field Detail
-
LOGIN_PROTOCOL
public static final String LOGIN_PROTOCOL
- See Also:
- Constant Field Values
-
STATE_PARAM
public static final String STATE_PARAM
- See Also:
- Constant Field Values
-
SCOPE_PARAM
public static final String SCOPE_PARAM
- See Also:
- Constant Field Values
-
CODE_PARAM
public static final String CODE_PARAM
- See Also:
- Constant Field Values
-
RESPONSE_TYPE_PARAM
public static final String RESPONSE_TYPE_PARAM
- See Also:
- Constant Field Values
-
GRANT_TYPE_PARAM
public static final String GRANT_TYPE_PARAM
- See Also:
- Constant Field Values
-
REDIRECT_URI_PARAM
public static final String REDIRECT_URI_PARAM
- See Also:
- Constant Field Values
-
POST_LOGOUT_REDIRECT_URI_PARAM
public static final String POST_LOGOUT_REDIRECT_URI_PARAM
- See Also:
- Constant Field Values
-
CLIENT_ID_PARAM
public static final String CLIENT_ID_PARAM
- See Also:
- Constant Field Values
-
NONCE_PARAM
public static final String NONCE_PARAM
- See Also:
- Constant Field Values
-
MAX_AGE_PARAM
public static final String MAX_AGE_PARAM
- See Also:
- Constant Field Values
-
PROMPT_PARAM
public static final String PROMPT_PARAM
- See Also:
- Constant Field Values
-
LOGIN_HINT_PARAM
public static final String LOGIN_HINT_PARAM
- See Also:
- Constant Field Values
-
REQUEST_PARAM
public static final String REQUEST_PARAM
- See Also:
- Constant Field Values
-
REQUEST_URI_PARAM
public static final String REQUEST_URI_PARAM
- See Also:
- Constant Field Values
-
UI_LOCALES_PARAM
public static final String UI_LOCALES_PARAM
- See Also:
- Constant Field Values
-
CLAIMS_PARAM
public static final String CLAIMS_PARAM
- See Also:
- Constant Field Values
-
ACR_PARAM
public static final String ACR_PARAM
- See Also:
- Constant Field Values
-
ID_TOKEN_HINT
public static final String ID_TOKEN_HINT
- See Also:
- Constant Field Values
-
LOGOUT_STATE_PARAM
public static final String LOGOUT_STATE_PARAM
- See Also:
- Constant Field Values
-
LOGOUT_REDIRECT_URI
public static final String LOGOUT_REDIRECT_URI
- See Also:
- Constant Field Values
-
LOGOUT_VALIDATED_ID_TOKEN_SESSION_STATE
public static final String LOGOUT_VALIDATED_ID_TOKEN_SESSION_STATE
- See Also:
- Constant Field Values
-
LOGOUT_VALIDATED_ID_TOKEN_ISSUED_AT
public static final String LOGOUT_VALIDATED_ID_TOKEN_ISSUED_AT
- See Also:
- Constant Field Values
-
ISSUER
public static final String ISSUER
- See Also:
- Constant Field Values
-
RESPONSE_MODE_PARAM
public static final String RESPONSE_MODE_PARAM
- See Also:
- Constant Field Values
-
PROMPT_VALUE_NONE
public static final String PROMPT_VALUE_NONE
- See Also:
- Constant Field Values
-
PROMPT_VALUE_LOGIN
public static final String PROMPT_VALUE_LOGIN
- See Also:
- Constant Field Values
-
PROMPT_VALUE_CONSENT
public static final String PROMPT_VALUE_CONSENT
- See Also:
- Constant Field Values
-
PROMPT_VALUE_SELECT_ACCOUNT
public static final String PROMPT_VALUE_SELECT_ACCOUNT
- See Also:
- Constant Field Values
-
CLIENT_SECRET_BASIC
public static final String CLIENT_SECRET_BASIC
- See Also:
- Constant Field Values
-
CLIENT_SECRET_POST
public static final String CLIENT_SECRET_POST
- See Also:
- Constant Field Values
-
CLIENT_SECRET_JWT
public static final String CLIENT_SECRET_JWT
- See Also:
- Constant Field Values
-
PRIVATE_KEY_JWT
public static final String PRIVATE_KEY_JWT
- See Also:
- Constant Field Values
-
TLS_CLIENT_AUTH
public static final String TLS_CLIENT_AUTH
- See Also:
- Constant Field Values
-
CODE_CHALLENGE_PARAM
public static final String CODE_CHALLENGE_PARAM
- See Also:
- Constant Field Values
-
CODE_CHALLENGE_METHOD_PARAM
public static final String CODE_CHALLENGE_METHOD_PARAM
- See Also:
- Constant Field Values
-
PKCE_CODE_CHALLENGE_MIN_LENGTH
public static final int PKCE_CODE_CHALLENGE_MIN_LENGTH
- See Also:
- Constant Field Values
-
PKCE_CODE_CHALLENGE_MAX_LENGTH
public static final int PKCE_CODE_CHALLENGE_MAX_LENGTH
- See Also:
- Constant Field Values
-
PKCE_CODE_VERIFIER_MIN_LENGTH
public static final int PKCE_CODE_VERIFIER_MIN_LENGTH
- See Also:
- Constant Field Values
-
PKCE_CODE_VERIFIER_MAX_LENGTH
public static final int PKCE_CODE_VERIFIER_MAX_LENGTH
- See Also:
- Constant Field Values
-
PKCE_METHOD_PLAIN
public static final String PKCE_METHOD_PLAIN
- See Also:
- Constant Field Values
-
PKCE_METHOD_S256
public static final String PKCE_METHOD_S256
- See Also:
- Constant Field Values
-
session
protected KeycloakSession session
-
realm
protected RealmModel realm
-
uriInfo
protected javax.ws.rs.core.UriInfo uriInfo
-
headers
protected javax.ws.rs.core.HttpHeaders headers
-
event
protected EventBuilder event
-
responseType
protected OIDCResponseType responseType
-
responseMode
protected OIDCResponseMode responseMode
-
-
Constructor Detail
-
OIDCLoginProtocol
public OIDCLoginProtocol(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers, EventBuilder event)
-
OIDCLoginProtocol
public OIDCLoginProtocol()
-
-
Method Detail
-
setSession
public OIDCLoginProtocol setSession(KeycloakSession session)
- Specified by:
setSession
in interfaceLoginProtocol
-
setRealm
public OIDCLoginProtocol setRealm(RealmModel realm)
- Specified by:
setRealm
in interfaceLoginProtocol
-
setUriInfo
public OIDCLoginProtocol setUriInfo(javax.ws.rs.core.UriInfo uriInfo)
- Specified by:
setUriInfo
in interfaceLoginProtocol
-
setHttpHeaders
public OIDCLoginProtocol setHttpHeaders(javax.ws.rs.core.HttpHeaders headers)
- Specified by:
setHttpHeaders
in interfaceLoginProtocol
-
setEventBuilder
public OIDCLoginProtocol setEventBuilder(EventBuilder event)
- Specified by:
setEventBuilder
in interfaceLoginProtocol
-
authenticated
public javax.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
- Specified by:
authenticated
in interfaceLoginProtocol
-
sendError
public javax.ws.rs.core.Response sendError(AuthenticationSessionModel authSession, LoginProtocol.Error error)
- Specified by:
sendError
in interfaceLoginProtocol
-
backchannelLogout
public javax.ws.rs.core.Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
- Specified by:
backchannelLogout
in interfaceLoginProtocol
-
frontchannelLogout
public javax.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
- Specified by:
frontchannelLogout
in interfaceLoginProtocol
-
finishBrowserLogout
public javax.ws.rs.core.Response finishBrowserLogout(UserSessionModel userSession, AuthenticationSessionModel logoutSession)
Description copied from interface:LoginProtocol
This method is called when browser logout is going to be finished. It is not triggered during backchannel logout- Specified by:
finishBrowserLogout
in interfaceLoginProtocol
- Parameters:
userSession
- user session, which was logged outlogoutSession
- authentication session, which was used during logout to track the logout state- Returns:
- response to be sent to the client
-
requireReauthentication
public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession)
- Specified by:
requireReauthentication
in interfaceLoginProtocol
- Returns:
- true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate
-
isPromptLogin
protected boolean isPromptLogin(AuthenticationSessionModel authSession)
-
isAuthTimeExpired
protected boolean isAuthTimeExpired(UserSessionModel userSession, AuthenticationSessionModel authSession)
-
isReAuthRequiredForKcAction
protected boolean isReAuthRequiredForKcAction(UserSessionModel userSession, AuthenticationSessionModel authSession)
-
sendPushRevocationPolicyRequest
public boolean sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl)
Description copied from interface:LoginProtocol
Send not-before revocation policy to the given client.- Specified by:
sendPushRevocationPolicyRequest
in interfaceLoginProtocol
- Returns:
true
if revocation policy was successfully updated at the client,false
otherwise.
-
-