Class JWTClientSecretAuthenticator

java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator
All Implemented Interfaces:
ClientAuthenticator, ClientAuthenticatorFactory, ConfigurableAuthenticatorFactory, ConfiguredProvider, Provider, ProviderFactory<ClientAuthenticator>

public class JWTClientSecretAuthenticator extends AbstractClientAuthenticator
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.

This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientSecretCredentialsProvider

TODO: Try to create abstract superclass to be shared with JWTClientAuthenticator. Most of the code can be reused

  • Field Details

  • Constructor Details

    • JWTClientSecretAuthenticator

      public JWTClientSecretAuthenticator()
  • Method Details

    • authenticateClient

      public void authenticateClient(ClientAuthenticationFlowContext context)
      Description copied from interface: ClientAuthenticator
      Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the ClientAuthenticator's requirements. If it doesn't, it should send back a challenge response by calling the ClientAuthenticationFlowContext.challenge(Response).
    • isConfigurable

      public boolean isConfigurable()
      Description copied from interface: ClientAuthenticatorFactory
      Is this authenticator configurable globally?
      Returns:
    • getConfigPropertiesPerClient

      public List<ProviderConfigProperty> getConfigPropertiesPerClient()
      Description copied from interface: ClientAuthenticatorFactory
      List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client. Applicable only if "isConfigurablePerClient" is true
      Returns:
    • getAdapterConfiguration

      public Map<String,Object> getAdapterConfiguration(ClientModel client)
      Description copied from interface: ClientAuthenticatorFactory
      Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
      Returns:
    • getProtocolAuthenticatorMethods

      public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)
      Description copied from interface: ClientAuthenticatorFactory
      Get authentication methods for the specified protocol
      Parameters:
      loginProtocol - corresponds to ProviderFactory.getId()
      Returns:
      name of supported client authenticator methods in the protocol specific "language"
    • supportsSecret

      public boolean supportsSecret()
      Description copied from interface: ClientAuthenticatorFactory
      Is this authenticator supports client secret?
      Returns:
      if it supports secret
    • getId

      public String getId()
    • getDisplayType

      public String getDisplayType()
      Description copied from interface: ConfigurableAuthenticatorFactory
      Friendly name for the authenticator
      Returns:
    • getRequirementChoices

      public AuthenticationExecutionModel.Requirement[] getRequirementChoices()
      Description copied from interface: ConfigurableAuthenticatorFactory
      What requirement settings are allowed.
      Returns:
    • getHelpText

      public String getHelpText()
    • getConfigProperties

      public List<ProviderConfigProperty> getConfigProperties()