Package org.keycloak.services.resources
Class IdentityBrokerService
- java.lang.Object
-
- org.keycloak.services.resources.IdentityBrokerService
-
- All Implemented Interfaces:
IdentityProvider.AuthenticationCallback
public class IdentityBrokerService extends Object implements IdentityProvider.AuthenticationCallback
- Author:
- Pedro Igor
-
-
Constructor Summary
Constructors Constructor Description IdentityBrokerService(KeycloakSession session)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.Response
afterFirstBrokerLogin(String code, String clientId, String tabId)
javax.ws.rs.core.Response
afterPostBrokerLoginFlow(String code, String clientId, String tabId)
javax.ws.rs.core.Response
authenticated(BrokeredIdentityContext context)
This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP.protected javax.ws.rs.core.Response
browserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters)
javax.ws.rs.core.Response
cancelled(IdentityProviderModel idpConfig)
Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side.javax.ws.rs.core.Response
clientInitiatedAccountLinking(String providerId, String redirectUri, String clientId, String nonce, String hash)
javax.ws.rs.core.Response
clientIntiatedAccountLinkingPreflight(String providerId)
Closes off CORS preflight requests for account linkingjavax.ws.rs.core.Response
error(String message)
Called when error happened on the IDP side.AuthenticationSessionModel
getAndVerifyAuthenticationSession(String encodedCode)
Common method to return current authenticationSession and verify if it is not expiredObject
getEndpoint(String providerId)
static IdentityProvider
getIdentityProvider(KeycloakSession session, RealmModel realm, String alias)
static IdentityProviderFactory
getIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)
void
init()
javax.ws.rs.core.Response
performLogin(String providerId, String code, String clientId, String tabId, String loginHint)
javax.ws.rs.core.Response
performPostLogin(String providerId, String code, String clientId, String tabId, String loginHint)
javax.ws.rs.core.Response
retrieveToken(String providerId)
javax.ws.rs.core.Response
retrieveTokenPreflight()
javax.ws.rs.core.Response
validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)
-
-
-
Constructor Detail
-
IdentityBrokerService
public IdentityBrokerService(KeycloakSession session)
-
-
Method Detail
-
init
public void init()
-
clientIntiatedAccountLinkingPreflight
@OPTIONS @Path("/{provider_id}/link") public javax.ws.rs.core.Response clientIntiatedAccountLinkingPreflight(@PathParam("provider_id") String providerId)
Closes off CORS preflight requests for account linking- Parameters:
providerId
-- Returns:
-
clientInitiatedAccountLinking
@GET @Path("/{provider_id}/link") public javax.ws.rs.core.Response clientInitiatedAccountLinking(@PathParam("provider_id") String providerId, @QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("nonce") String nonce, @QueryParam("hash") String hash)
-
performPostLogin
@POST @Path("/{provider_id}/login") public javax.ws.rs.core.Response performPostLogin(@PathParam("provider_id") String providerId, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint)
-
performLogin
@GET @Path("/{provider_id}/login") public javax.ws.rs.core.Response performLogin(@PathParam("provider_id") String providerId, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint)
-
getEndpoint
@Path("{provider_id}/endpoint") public Object getEndpoint(@PathParam("provider_id") String providerId)
-
retrieveTokenPreflight
@Path("{provider_id}/token") @OPTIONS public javax.ws.rs.core.Response retrieveTokenPreflight()
-
retrieveToken
@GET @Path("{provider_id}/token") public javax.ws.rs.core.Response retrieveToken(@PathParam("provider_id") String providerId)
-
authenticated
public javax.ws.rs.core.Response authenticated(BrokeredIdentityContext context)
Description copied from interface:IdentityProvider.AuthenticationCallback
This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP. There is an assumption that authenticationSession is set in the context when this method is called- Specified by:
authenticated
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
validateUser
public javax.ws.rs.core.Response validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)
-
afterFirstBrokerLogin
@GET @Path("/after-first-broker-login") public javax.ws.rs.core.Response afterFirstBrokerLogin(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId)
-
afterPostBrokerLoginFlow
@GET @Path("/after-post-broker-login") public javax.ws.rs.core.Response afterPostBrokerLoginFlow(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId)
-
cancelled
public javax.ws.rs.core.Response cancelled(IdentityProviderModel idpConfig)
Description copied from interface:IdentityProvider.AuthenticationCallback
Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side. Assumption is that authenticationSession is set in theKeycloakContext
when this method is called- Specified by:
cancelled
in interfaceIdentityProvider.AuthenticationCallback
- Parameters:
idpConfig
- identity provider config- Returns:
- see description
-
error
public javax.ws.rs.core.Response error(String message)
Description copied from interface:IdentityProvider.AuthenticationCallback
Called when error happened on the IDP side. Assumption is that authenticationSession is set in theKeycloakContext
when this method is called- Specified by:
error
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
getAndVerifyAuthenticationSession
public AuthenticationSessionModel getAndVerifyAuthenticationSession(String encodedCode)
Description copied from interface:IdentityProvider.AuthenticationCallback
Common method to return current authenticationSession and verify if it is not expired- Specified by:
getAndVerifyAuthenticationSession
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
browserAuthentication
protected javax.ws.rs.core.Response browserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters)
-
getIdentityProvider
public static IdentityProvider getIdentityProvider(KeycloakSession session, RealmModel realm, String alias)
-
getIdentityProviderFactory
public static IdentityProviderFactory getIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)
-
-