Class DefaultActionToken
java.lang.Object
org.keycloak.representations.JsonWebToken
org.keycloak.models.DefaultActionTokenKey
org.keycloak.authentication.actiontoken.DefaultActionToken
- All Implemented Interfaces:
Serializable
,SingleUseObjectKeyModel
,SingleUseObjectValueModel
,Token
- Direct Known Subclasses:
ExecuteActionsActionToken
,IdpVerifyAccountLinkActionToken
,ResetCredentialsActionToken
,UpdateEmailActionToken
,VerifyEmailActionToken
Part of action token that is intended to be used e.g. in link sent in password-reset email.
The token encapsulates user, expected action and its time of expiry.
- Author:
- hmlnarik
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionstatic final TokenVerifier.Predicate<DefaultActionTokenKey>
static final String
static final String
Fields inherited from class org.keycloak.models.DefaultActionTokenKey
ACTION_TOKEN_USER_ID, JSON_FIELD_ACTION_VERIFICATION_NONCE
-
Constructor Summary
ModifierConstructorDescriptionSingle-use random value used for verification whether the relevant action is allowed.protected
DefaultActionToken
(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce) protected
DefaultActionToken
(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId) -
Method Summary
Modifier and TypeMethodDescriptiongetEmail()
Returns value of the given note (ornull
when no note of this name is present)getNotes()
Returns unmodifiable map of all notes.final String
removeNote
(String name) Removes given note, and returns original value (ornull
when no value was present)serialize
(KeycloakSession session, RealmModel realm, jakarta.ws.rs.core.UriInfo uri) Updates the following fields and serializes this token into a signed JWT.void
setCompoundAuthenticationSessionId
(String compoundAuthenticationSessionId) void
final String
Sets value of the given noteMethods inherited from class org.keycloak.models.DefaultActionTokenKey
from, getActionId, getActionVerificationNonce, getUserId
Methods inherited from class org.keycloak.representations.JsonWebToken
addAudience, audience, exp, expiration, getAudience, getCategory, getExp, getExpiration, getIat, getId, getIssuedAt, getIssuedFor, getIssuer, getNbf, getNotBefore, getOtherClaims, getSubject, getType, hasAnyAudience, hasAudience, iat, id, isActive, isActive, isExpired, isIssuedBeforeSessionStart, isNotBefore, issuedAt, issuedFor, issuedNow, issuer, nbf, notBefore, setOtherClaims, setSubject, subject, type
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.models.SingleUseObjectKeyModel
getExpiration, serializeKey
-
Field Details
-
JSON_FIELD_AUTHENTICATION_SESSION_ID
- See Also:
-
JSON_FIELD_EMAIL
- See Also:
-
ACTION_TOKEN_BASIC_CHECKS
-
-
Constructor Details
-
DefaultActionToken
public DefaultActionToken()Single-use random value used for verification whether the relevant action is allowed. -
DefaultActionToken
protected DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce) - Parameters:
userId
- User IDactionId
- Action IDabsoluteExpirationInSecs
- Absolute expiration time in seconds in timezone of Keycloak.actionVerificationNonce
-
-
DefaultActionToken
protected DefaultActionToken(String userId, String actionId, int absoluteExpirationInSecs, UUID actionVerificationNonce, String compoundAuthenticationSessionId) - Parameters:
userId
- User IDactionId
- Action IDabsoluteExpirationInSecs
- Absolute expiration time in seconds in timezone of Keycloak.actionVerificationNonce
-
-
-
Method Details
-
getCompoundAuthenticationSessionId
-
setCompoundAuthenticationSessionId
-
getNotes
Description copied from interface:SingleUseObjectValueModel
Returns unmodifiable map of all notes.- Specified by:
getNotes
in interfaceSingleUseObjectValueModel
- Returns:
- see description. Returns empty map if no note is set, never returns
null
.
-
getNote
Description copied from interface:SingleUseObjectValueModel
Returns value of the given note (ornull
when no note of this name is present)- Specified by:
getNote
in interfaceSingleUseObjectValueModel
- Returns:
- see description
-
setNote
Sets value of the given note- Returns:
- original value (or
null
when no value was present)
-
removeNote
Removes given note, and returns original value (ornull
when no value was present)- Returns:
- see description
-
setEmail
-
getEmail
-
serialize
Updates the following fields and serializes this token into a signed JWT. The list of updated fields follows:id
: random nonceissuedAt
: Current timeissuer
: URI of the given realmaudience
: URI of the given realm (same as issuer)
- Parameters:
session
-realm
-uri
-- Returns:
-