Package org.keycloak.services.resources
Class IdentityBrokerService
java.lang.Object
org.keycloak.services.resources.IdentityBrokerService
- All Implemented Interfaces:
IdentityProvider.AuthenticationCallback
public class IdentityBrokerService
extends Object
implements IdentityProvider.AuthenticationCallback
- Author:
- Pedro Igor
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionjakarta.ws.rs.core.Response
afterFirstBrokerLogin
(String code, String clientId, String clientData, String tabId) jakarta.ws.rs.core.Response
afterPostBrokerLoginFlow
(String code, String clientId, String clientData, String tabId) jakarta.ws.rs.core.Response
authenticated
(BrokeredIdentityContext context) This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP.protected jakarta.ws.rs.core.Response
browserAuthentication
(AuthenticationSessionModel authSession, String errorMessage, Object... parameters) jakarta.ws.rs.core.Response
cancelled
(IdentityProviderModel idpConfig) Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side.jakarta.ws.rs.core.Response
clientInitiatedAccountLinking
(String providerAlias, String redirectUri, String clientId, String nonce, String hash) jakarta.ws.rs.core.Response
clientIntiatedAccountLinkingPreflight
(String providerAlias) Closes off CORS preflight requests for account linkingjakarta.ws.rs.core.Response
Called when error happened on the IDP side.getAndVerifyAuthenticationSession
(String encodedCode) Common method to return current authenticationSession and verify if it is not expiredgetEndpoint
(String providerAlias) static IdentityProvider<?>
getIdentityProvider
(KeycloakSession session, RealmModel realm, String alias) static IdentityProviderFactory<?>
getIdentityProviderFactory
(KeycloakSession session, IdentityProviderModel model) void
init()
jakarta.ws.rs.core.Response
performLogin
(String providerAlias, String code, String clientId, String tabId, String clientData, String loginHint) jakarta.ws.rs.core.Response
performPostLogin
(String providerAlias, String code, String clientId, String clientData, String tabId, String loginHint) jakarta.ws.rs.core.Response
retrieveToken
(String providerAlias) jakarta.ws.rs.core.Response
jakarta.ws.rs.core.Response
retryLogin
(IdentityProvider<?> identityProvider, AuthenticationSessionModel authSession) Indicates that login with the particular IDP should be retriedjakarta.ws.rs.core.Response
validateUser
(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)
-
Constructor Details
-
IdentityBrokerService
-
-
Method Details
-
init
public void init() -
clientIntiatedAccountLinkingPreflight
@OPTIONS @Path("/{provider_alias}/link") public jakarta.ws.rs.core.Response clientIntiatedAccountLinkingPreflight(@PathParam("provider_alias") String providerAlias) Closes off CORS preflight requests for account linking- Parameters:
providerAlias
-- Returns:
-
clientInitiatedAccountLinking
@GET @Path("/{provider_alias}/link") public jakarta.ws.rs.core.Response clientInitiatedAccountLinking(@PathParam("provider_alias") String providerAlias, @QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("nonce") String nonce, @QueryParam("hash") String hash) -
performPostLogin
@POST @Path("/{provider_alias}/login") public jakarta.ws.rs.core.Response performPostLogin(@PathParam("provider_alias") String providerAlias, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("client_data") String clientData, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint) -
performLogin
@GET @Path("/{provider_alias}/login") public jakarta.ws.rs.core.Response performLogin(@PathParam("provider_alias") String providerAlias, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("client_data") String clientData, @QueryParam("login_hint") String loginHint) -
retryLogin
public jakarta.ws.rs.core.Response retryLogin(IdentityProvider<?> identityProvider, AuthenticationSessionModel authSession) Description copied from interface:IdentityProvider.AuthenticationCallback
Indicates that login with the particular IDP should be retried- Specified by:
retryLogin
in interfaceIdentityProvider.AuthenticationCallback
- Parameters:
identityProvider
- provider to retry loginauthSession
- authentication session- Returns:
- see description
-
getEndpoint
-
retrieveTokenPreflight
@Path("{provider_alias}/token") @OPTIONS public jakarta.ws.rs.core.Response retrieveTokenPreflight() -
retrieveToken
@GET @Path("{provider_alias}/token") public jakarta.ws.rs.core.Response retrieveToken(@PathParam("provider_alias") String providerAlias) -
authenticated
Description copied from interface:IdentityProvider.AuthenticationCallback
This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP. There is an assumption that authenticationSession is set in the context when this method is called- Specified by:
authenticated
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
validateUser
public jakarta.ws.rs.core.Response validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm) -
afterFirstBrokerLogin
-
afterPostBrokerLoginFlow
-
cancelled
Description copied from interface:IdentityProvider.AuthenticationCallback
Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side. Assumption is that authenticationSession is set in theKeycloakContext
when this method is called- Specified by:
cancelled
in interfaceIdentityProvider.AuthenticationCallback
- Parameters:
idpConfig
- identity provider config- Returns:
- see description
-
error
Description copied from interface:IdentityProvider.AuthenticationCallback
Called when error happened on the IDP side. Assumption is that authenticationSession is set in theKeycloakContext
when this method is called- Specified by:
error
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
getAndVerifyAuthenticationSession
Description copied from interface:IdentityProvider.AuthenticationCallback
Common method to return current authenticationSession and verify if it is not expired- Specified by:
getAndVerifyAuthenticationSession
in interfaceIdentityProvider.AuthenticationCallback
- Returns:
- see description
-
browserAuthentication
protected jakarta.ws.rs.core.Response browserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters) -
getIdentityProvider
public static IdentityProvider<?> getIdentityProvider(KeycloakSession session, RealmModel realm, String alias) -
getIdentityProviderFactory
public static IdentityProviderFactory<?> getIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)
-