Package org.keycloak.authentication.actiontoken

Class DefaultActionToken

java.lang.Object

org.keycloak.representations.JsonWebToken

org.keycloak.models.DefaultActionTokenKey

org.keycloak.authentication.actiontoken.DefaultActionToken

All Implemented Interfaces:

Serializable, SingleUseObjectKeyModel, SingleUseObjectValueModel, Token

Direct Known Subclasses:

ExecuteActionsActionToken, IdpVerifyAccountLinkActionToken, ResetCredentialsActionToken, UpdateEmailActionToken, VerifyEmailActionToken

public class DefaultActionToken
extends DefaultActionTokenKey
implements SingleUseObjectValueModel

Part of action token that is intended to be used e.g. in link sent in password-reset email. The token encapsulates user, expected action and its time of expiry.

Author:

hmlnarik

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final TokenVerifier.Predicate<DefaultActionTokenKey>	ACTION_TOKEN_BASIC_CHECKS
static final String	JSON_FIELD_AUTHENTICATION_SESSION_ID
static final String	JSON_FIELD_EMAIL

Fields inherited from class org.keycloak.models.DefaultActionTokenKey

ACTION_TOKEN_USER_ID, JSON_FIELD_ACTION_VERIFICATION_NONCE

Fields inherited from class org.keycloak.representations.JsonWebToken

audience, AZP, exp, iat, id, issuedFor, issuer, nbf, otherClaims, subject, SUBJECT, type

Constructor Summary

Constructors

Modifier	Constructor	Description
	DefaultActionToken()	Single-use random value used for verification whether the relevant action is allowed.
protected	DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce)
protected	DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId)

Method Summary

Modifier and Type	Method	Description
String	getCompoundAuthenticationSessionId()
String	getEmail()
String	getNote(String name)	Returns value of the given note (or null when no note of this name is present)
Map<String,String>	getNotes()	Returns unmodifiable map of all notes.
final String	removeNote(String name)	Removes given note, and returns original value (or null when no value was present)
String	serialize(KeycloakSession session, RealmModel realm, jakarta.ws.rs.core.UriInfo uri)	Updates the following fields and serializes this token into a signed JWT.
void	setCompoundAuthenticationSessionId(String compoundAuthenticationSessionId)
void	setEmail(String email)
final String	setNote(String name, String value)	Sets value of the given note

Methods inherited from class org.keycloak.models.DefaultActionTokenKey

from, getActionId, getActionVerificationNonce, getUserId

Methods inherited from class org.keycloak.representations.JsonWebToken

addAudience, audience, exp, expiration, getAudience, getCategory, getExp, getExpiration, getIat, getId, getIssuedAt, getIssuedFor, getIssuer, getNbf, getNotBefore, getOtherClaims, getSubject, getType, hasAnyAudience, hasAudience, iat, id, isActive, isActive, isExpired, isIssuedBeforeSessionStart, isNotBefore, issuedAt, issuedFor, issuedNow, issuer, nbf, notBefore, setOtherClaims, setSubject, subject, type

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.models.SingleUseObjectKeyModel

getExpiration, serializeKey

Field Details

JSON_FIELD_AUTHENTICATION_SESSION_ID

public static final String JSON_FIELD_AUTHENTICATION_SESSION_ID

See Also:

• Constant Field Values

JSON_FIELD_EMAIL

public static final String JSON_FIELD_EMAIL

See Also:

• Constant Field Values

ACTION_TOKEN_BASIC_CHECKS

public static final TokenVerifier.Predicate<DefaultActionTokenKey> ACTION_TOKEN_BASIC_CHECKS

Constructor Details

DefaultActionToken

public DefaultActionToken()

Single-use random value used for verification whether the relevant action is allowed.

DefaultActionToken

protected DefaultActionToken(String userId,
 String actionId,
 int absoluteExpirationInSecs,
 UUID actionVerificationNonce)

Parameters:

userId - User ID

actionId - Action ID

absoluteExpirationInSecs - Absolute expiration time in seconds in timezone of Keycloak.

actionVerificationNonce -

DefaultActionToken

protected DefaultActionToken(String userId,
 String actionId,
 int absoluteExpirationInSecs,
 UUID actionVerificationNonce,
 String compoundAuthenticationSessionId)

Parameters:

userId - User ID

actionId - Action ID

absoluteExpirationInSecs - Absolute expiration time in seconds in timezone of Keycloak.

actionVerificationNonce -

Method Details

getCompoundAuthenticationSessionId

public String getCompoundAuthenticationSessionId()

setCompoundAuthenticationSessionId

public void setCompoundAuthenticationSessionId(String compoundAuthenticationSessionId)

getNotes

public Map<String,String> getNotes()

Description copied from interface: SingleUseObjectValueModel

Returns unmodifiable map of all notes.

Specified by:

getNotes in interface SingleUseObjectValueModel

Returns:

see description. Returns empty map if no note is set, never returns null.

getNote

public String getNote(String name)

Description copied from interface: SingleUseObjectValueModel

Returns value of the given note (or null when no note of this name is present)

Specified by:

getNote in interface SingleUseObjectValueModel

Returns:

see description

setNote

public final String setNote(String name,
 String value)

Sets value of the given note

Returns:

original value (or null when no value was present)

removeNote

public final String removeNote(String name)

Removes given note, and returns original value (or null when no value was present)

Returns:

see description

setEmail

public void setEmail(String email)

getEmail

public String getEmail()

serialize

public String serialize(KeycloakSession session,
 RealmModel realm,
 jakarta.ws.rs.core.UriInfo uri)

Updates the following fields and serializes this token into a signed JWT. The list of updated fields follows:

• id: random nonce
• issuedAt: Current time
• issuer: URI of the given realm
• audience: URI of the given realm (same as issuer)

Parameters:

session -

realm -

uri -

Returns: