Package org.keycloak.broker.oidc
Class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
java.lang.Object
org.keycloak.broker.provider.AbstractIdentityProvider<C>
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<C>
- All Implemented Interfaces:
ExchangeExternalToken
,ExchangeTokenToIdentityProviderToken
,IdentityProvider<C>
,Provider
- Direct Known Subclasses:
BitbucketIdentityProvider
,FacebookIdentityProvider
,GitHubIdentityProvider
,InstagramIdentityProvider
,LinkedInIdentityProvider
,MicrosoftIdentityProvider
,OIDCIdentityProvider
,OpenshiftV3IdentityProvider
,OpenshiftV4IdentityProvider
,PayPalIdentityProvider
,StackoverflowIdentityProvider
public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityProviderConfig>
extends AbstractIdentityProvider<C>
implements ExchangeTokenToIdentityProviderToken, ExchangeExternalToken
- Author:
- Pedro Igor
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider
IdentityProvider.AuthenticationCallback
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
protected static final org.jboss.logging.Logger
protected static com.fasterxml.jackson.databind.ObjectMapper
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
ACCOUNT_LINK_URL, session
Fields inherited from interface org.keycloak.broker.provider.IdentityProvider
EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncom.fasterxml.jackson.databind.JsonNode
asJsonNode
(String json) authenticateTokenRequest
(SimpleHttp tokenRequest) void
authenticationFinished
(AuthenticationSessionModel authSession, BrokeredIdentityContext context) protected SimpleHttp
buildUserInfoRequest
(String subjectToken, String userInfoUrl) callback
(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.protected jakarta.ws.rs.core.UriBuilder
protected BrokeredIdentityContext
doGetFederatedIdentity
(String accessToken) final BrokeredIdentityContext
exchangeExternal
(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) void
exchangeExternalComplete
(UserSessionModel userSession, BrokeredIdentityContext context, jakarta.ws.rs.core.MultivaluedMap<String, String> params) protected BrokeredIdentityContext
exchangeExternalImpl
(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) protected BrokeredIdentityContext
exchangeExternalUserInfoValidationOnly
(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) jakarta.ws.rs.core.Response
exchangeFromToken
(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, jakarta.ws.rs.core.MultivaluedMap<String, String> params) protected jakarta.ws.rs.core.Response
exchangeSessionToken
(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject) protected jakarta.ws.rs.core.Response
exchangeStoredToken
(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject) protected BrokeredIdentityContext
extractIdentityFromProfile
(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node) protected String
extractTokenFromResponse
(String response, String tokenName) protected JsonWebToken
protected String
protected abstract String
getFederatedIdentity
(String response) getJsonProperty
(com.fasterxml.jackson.databind.JsonNode jsonNode, String name) Get JSON property as text.protected String
protected SignatureSignerContext
protected jakarta.ws.rs.core.Response
hasExternalExchangeToken
(EventBuilder event, UserSessionModel tokenUserSession, jakarta.ws.rs.core.MultivaluedMap<String, String> params) check to see if we have a token exchange in session in other words check to see if this session was created by an external exchangeboolean
jakarta.ws.rs.core.Response
performLogin
(AuthenticationRequest request) Initiates the authentication process by sending an authentication request to an identity provider.jakarta.ws.rs.core.Response
retrieveToken
(KeycloakSession session, FederatedIdentityModel identity) Returns aResponse
containing the token previously stored during the authentication process for a specific user.protected boolean
protected BrokeredIdentityContext
validateExternalTokenThroughUserInfo
(EventBuilder event, String subjectToken, String subjectTokenType) Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider
backchannelLogout, close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, export, getLinkingUrl, getMarshaller, importNewUser, keycloakInitiatedBrowserLogout, preprocessFederatedIdentity, updateBrokeredUser
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger -
OAUTH2_GRANT_TYPE_REFRESH_TOKEN
- See Also:
-
OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
- See Also:
-
FEDERATED_REFRESH_TOKEN
- See Also:
-
FEDERATED_TOKEN_EXPIRATION
- See Also:
-
ACCESS_DENIED
- See Also:
-
mapper
protected static com.fasterxml.jackson.databind.ObjectMapper mapper -
OAUTH2_PARAMETER_ACCESS_TOKEN
- See Also:
-
OAUTH2_PARAMETER_SCOPE
- See Also:
-
OAUTH2_PARAMETER_STATE
- See Also:
-
OAUTH2_PARAMETER_RESPONSE_TYPE
- See Also:
-
OAUTH2_PARAMETER_REDIRECT_URI
- See Also:
-
OAUTH2_PARAMETER_CODE
- See Also:
-
OAUTH2_PARAMETER_CLIENT_ID
- See Also:
-
OAUTH2_PARAMETER_CLIENT_SECRET
- See Also:
-
OAUTH2_PARAMETER_GRANT_TYPE
- See Also:
-
-
Constructor Details
-
AbstractOAuth2IdentityProvider
-
-
Method Details
-
callback
public Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) Description copied from interface:IdentityProvider
JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Specified by:
callback
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
callback
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Returns:
-
performLogin
Description copied from interface:IdentityProvider
Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Specified by:
performLogin
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
performLogin
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Parameters:
request
- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
retrieveToken
public jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity) Description copied from interface:IdentityProvider
Returns a
Response
containing the token previously stored during the authentication process for a specific user.- Specified by:
retrieveToken
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Returns:
-
getConfig
- Overrides:
getConfig
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
extractTokenFromResponse
-
exchangeFromToken
public jakarta.ws.rs.core.Response exchangeFromToken(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, jakarta.ws.rs.core.MultivaluedMap<String, String> params) - Specified by:
exchangeFromToken
in interfaceExchangeTokenToIdentityProviderToken
authorizedClient
- client requesting exchangetokenUserSession
- UserSessionModel of token exchanging fromtokenSubject
- UserModel of token exchanging fromparams
- form parameters received for requested exchange- Returns:
-
hasExternalExchangeToken
protected jakarta.ws.rs.core.Response hasExternalExchangeToken(EventBuilder event, UserSessionModel tokenUserSession, jakarta.ws.rs.core.MultivaluedMap<String, String> params) check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange- Parameters:
tokenUserSession
-params
-- Returns:
-
exchangeStoredToken
protected jakarta.ws.rs.core.Response exchangeStoredToken(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject) -
exchangeSessionToken
protected jakarta.ws.rs.core.Response exchangeSessionToken(jakarta.ws.rs.core.UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject) -
getFederatedIdentity
-
getAccessTokenResponseParameter
-
doGetFederatedIdentity
-
createAuthorizationUrl
-
getJsonProperty
Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.- Parameters:
jsonNode
- to get property fromname
- of property to get- Returns:
- string value of the property or null.
-
asJsonNode
- Throws:
IOException
-
getDefaultScopes
-
authenticationFinished
public void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) - Specified by:
authenticationFinished
in interfaceIdentityProvider<C extends OAuth2IdentityProviderConfig>
- Overrides:
authenticationFinished
in classAbstractIdentityProvider<C extends OAuth2IdentityProviderConfig>
-
authenticateTokenRequest
-
generateToken
-
getSignatureContext
-
getProfileEndpointForValidation
-
extractIdentityFromProfile
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, com.fasterxml.jackson.databind.JsonNode node) -
validateExternalTokenThroughUserInfo
protected BrokeredIdentityContext validateExternalTokenThroughUserInfo(EventBuilder event, String subjectToken, String subjectTokenType) -
buildUserInfoRequest
-
supportsExternalExchange
protected boolean supportsExternalExchange() -
isIssuer
- Specified by:
isIssuer
in interfaceExchangeExternalToken
-
exchangeExternal
public final BrokeredIdentityContext exchangeExternal(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) - Specified by:
exchangeExternal
in interfaceExchangeExternalToken
-
exchangeExternalImpl
protected BrokeredIdentityContext exchangeExternalImpl(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) -
exchangeExternalUserInfoValidationOnly
protected BrokeredIdentityContext exchangeExternalUserInfoValidationOnly(EventBuilder event, jakarta.ws.rs.core.MultivaluedMap<String, String> params) -
exchangeExternalComplete
public void exchangeExternalComplete(UserSessionModel userSession, BrokeredIdentityContext context, jakarta.ws.rs.core.MultivaluedMap<String, String> params) - Specified by:
exchangeExternalComplete
in interfaceExchangeExternalToken
-