Class AuthzClient
- java.lang.Object
-
- org.keycloak.authorization.client.AuthzClient
-
public class AuthzClient extends Object
This is class serves as an entry point for clients looking for access to Keycloak Authorization Services.
When creating a new instances make sure you have a Keycloak Server running at the location specified in the client configuration. The client tries to obtain server configuration by invoking the UMA Discovery Endpoint, usually available from the server at http(s)://{server}:{port}/auth/realms/{realm}/.well-known/uma-configuration.
- Author:
- Pedro Igor
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthorizationResource
authorization()
Creates aAuthorizationResource
instance which can be used to obtain permissions from the server.AuthorizationResource
authorization(String accessToken)
Creates aAuthorizationResource
instance which can be used to obtain permissions from the server.AuthorizationResource
authorization(String userName, String password)
Creates aAuthorizationResource
instance which can be used to obtain permissions from the server.AuthorizationResource
authorization(String userName, String password, String scope)
static AuthzClient
create()
Creates a new instance.static AuthzClient
create(InputStream configStream)
Creates a new instance.static AuthzClient
create(Configuration configuration)
Creates a new instance.Configuration
getConfiguration()
Obtains the client configurationServerConfiguration
getServerConfiguration()
Returns the configuration obtained from the server at the UMA Discovery Endpoint.AccessTokenResponse
obtainAccessToken()
Obtains an access token using the client credentials.AccessTokenResponse
obtainAccessToken(String userName, String password)
Obtains an access token using the resource owner credentials.ProtectionResource
protection()
Creates aProtectionResource
instance which can be used to access the Protection API.ProtectionResource
protection(String accessToken)
Creates aProtectionResource
instance which can be used to access the Protection API.ProtectionResource
protection(String userName, String password)
Creates aProtectionResource
instance which can be used to access the Protection API.
-
-
-
Method Detail
-
create
public static AuthzClient create() throws RuntimeException
Creates a new instance.
This method expects a
keycloak.json
in the classpath, otherwise an exception will be thrown.- Returns:
- a new instance
- Throws:
RuntimeException
- in case there is nokeycloak.json
file in the classpath or the file could not be parsed
-
create
public static AuthzClient create(InputStream configStream) throws RuntimeException
Creates a new instance.
- Parameters:
configStream
- the input stream with the configuration data- Returns:
- a new instance
- Throws:
RuntimeException
-
create
public static AuthzClient create(Configuration configuration)
Creates a new instance.
- Parameters:
configuration
- the client configuration- Returns:
- a new instance
-
protection
public ProtectionResource protection()
Creates a
ProtectionResource
instance which can be used to access the Protection API.When using this method, the PAT (the access token with the uma_protection scope) is obtained for the client itself, using any of the supported credential types (client/secret, jwt, etc).
- Returns:
- a
ProtectionResource
-
protection
public ProtectionResource protection(String accessToken)
Creates a
ProtectionResource
instance which can be used to access the Protection API.- Parameters:
accessToken
- the PAT (the access token with the uma_protection scope)- Returns:
- a
ProtectionResource
-
protection
public ProtectionResource protection(String userName, String password)
Creates a
ProtectionResource
instance which can be used to access the Protection API.When using this method, the PAT (the access token with the uma_protection scope) is obtained for a given user.
- Returns:
- a
ProtectionResource
-
authorization
public AuthorizationResource authorization()
Creates a
AuthorizationResource
instance which can be used to obtain permissions from the server.- Returns:
- a
AuthorizationResource
-
authorization
public AuthorizationResource authorization(String accessToken)
Creates a
AuthorizationResource
instance which can be used to obtain permissions from the server.- Parameters:
accessToken
- the Access Token that will be used as a bearer to access the token endpoint- Returns:
- a
AuthorizationResource
-
authorization
public AuthorizationResource authorization(String userName, String password)
Creates a
AuthorizationResource
instance which can be used to obtain permissions from the server.- Parameters:
userName
- an ID Token or Access Token representing an identity and/or access contextpassword
-- Returns:
- a
AuthorizationResource
-
authorization
public AuthorizationResource authorization(String userName, String password, String scope)
-
obtainAccessToken
public AccessTokenResponse obtainAccessToken()
Obtains an access token using the client credentials.- Returns:
- an
AccessTokenResponse
-
obtainAccessToken
public AccessTokenResponse obtainAccessToken(String userName, String password)
Obtains an access token using the resource owner credentials.- Returns:
- an
AccessTokenResponse
-
getServerConfiguration
public ServerConfiguration getServerConfiguration()
Returns the configuration obtained from the server at the UMA Discovery Endpoint.- Returns:
- the
ServerConfiguration
-
getConfiguration
public Configuration getConfiguration()
Obtains the client configuration- Returns:
- the
Configuration
-
-