Class JWTClientCredentialsProvider
- java.lang.Object
-
- org.keycloak.protocol.oidc.client.authentication.JWTClientCredentialsProvider
-
- All Implemented Interfaces:
ClientCredentialsProvider
public class JWTClientCredentialsProvider extends Object implements ClientCredentialsProvider
Client authentication based on JWT signed by client private key . See specs for more details.- Author:
- Marek Posolda
-
-
Field Summary
Fields Modifier and Type Field Description static StringPROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientCredentialsProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected JsonWebTokencreateRequestToken(String clientId, String realmInfoUrl)StringcreateSignedRequestToken(String clientId, String realmInfoUrl)StringgetId()Return the ID of the provider.PublicKeygetPublicKey()protected intgetTokenTimeout()voidinit(AdapterConfig deployment, Object config)Called by adapter during deployment of your application.voidsetClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)Called every time adapter needs to perform backchannel requestvoidsetTokenTimeout(int tokenTimeout)voidsetupKeyPair(KeyPair keyPair)voidsetupKeyPair(KeyPair keyPair, String algorithm)
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getId
public String getId()
Description copied from interface:ClientCredentialsProviderReturn the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }- Specified by:
getIdin interfaceClientCredentialsProvider- Returns:
-
setupKeyPair
public void setupKeyPair(KeyPair keyPair)
-
setTokenTimeout
public void setTokenTimeout(int tokenTimeout)
-
getTokenTimeout
protected int getTokenTimeout()
-
getPublicKey
public PublicKey getPublicKey()
-
init
public void init(AdapterConfig deployment, Object config)
Description copied from interface:ClientCredentialsProviderCalled by adapter during deployment of your application. You can for example read configuration and init your authenticator here- Specified by:
initin interfaceClientCredentialsProvider- Parameters:
deployment- the adapter configurationconfig- the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
-
setClientCredentials
public void setClientCredentials(AdapterConfig deployment, Map<String,String> requestHeaders, Map<String,String> formParams)
Description copied from interface:ClientCredentialsProviderCalled every time adapter needs to perform backchannel request- Specified by:
setClientCredentialsin interfaceClientCredentialsProvider- Parameters:
deployment- Fully resolved deploymentrequestHeaders- You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak serverformParams- You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
-
createSignedRequestToken
public String createSignedRequestToken(String clientId, String realmInfoUrl)
-
createRequestToken
protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl)
-
-