Package org.keycloak.authentication.actiontoken

Interface ActionTokenHandler<T extends JsonWebToken>

Type Parameters:
T - Class implementing the action token
All Superinterfaces:
Provider
All Known Implementing Classes:
AbstractActionTokenHandler, ExecuteActionsActionTokenHandler, IdpVerifyAccountLinkActionTokenHandler, InviteOrgActionTokenHandler, ResetCredentialsActionTokenHandler, UpdateEmailActionTokenHandler, VerifyEmailActionTokenHandler
public interface ActionTokenHandler<T extends JsonWebToken> extends Provider
Handler of the action token.
Author:
hmlnarik

  • Method Details

    • preHandleToken

      default jakarta.ws.rs.core.Response preHandleToken(T token, ActionTokenContext<T> tokenContext)
      This method allows to parse the token and extract information from it after initial verification.
      Parameters:
      token - Token.
      tokenContext - Token context.
      Returns:
      Error response if the initial verification fails, null otherwise.

    • handleToken

      jakarta.ws.rs.core.Response handleToken(T token, ActionTokenContext<T> tokenContext)
      Performs the action as per the token details. This method is only called if all verifiers returned in handleToken(T, org.keycloak.authentication.actiontoken.ActionTokenContext<T>) succeed.
      Parameters:
      token -
      tokenContext -
      Returns:

    • getTokenClass

      Class<T> getTokenClass()
      Returns the Java token class for use with deserialization.
      Returns:

    • getVerifiers

      default TokenVerifier.Predicate<? super T>[] getVerifiers(ActionTokenContext<T> tokenContext)
      Returns an array of verifiers that are tested prior to handling the token. All verifiers have to pass successfully for token to be handled. The returned array must not be null.
      Parameters:
      tokenContext -
      Returns:
      Verifiers or an empty array. The returned array must not be null.

    • getAuthenticationSessionIdFromToken

      String getAuthenticationSessionIdFromToken(T token, ActionTokenContext<T> tokenContext, AuthenticationSessionModel currentAuthSession)
      Returns a compound authentication session ID requested from within the given token that the handler should attempt to join.
      Parameters:
      token - Token. Can be null
      tokenContext -
      currentAuthSession - Authentication session that is currently in progress, null if no authentication session is not set
      Returns:
      Authentication session ID (can be null if the token does not contain authentication session ID)
      See Also:

    • eventType

      EventType eventType()
      Returns a event type logged with EventBuilder class.
      Returns:

    • getDefaultEventError

      String getDefaultEventError()
      Returns an error to be shown in the EventBuilder detail when token handling fails and no more specific error is provided.
      Returns:

    • getDefaultErrorMessage

      String getDefaultErrorMessage()
      Returns an error to be shown in the response when token handling fails and no more specific error message is provided.
      Returns:

    • startFreshAuthenticationSession

      AuthenticationSessionModel startFreshAuthenticationSession(T token, ActionTokenContext<T> tokenContext) throws VerificationException
      Creates a fresh authentication session according to the information from the token. The default implementation creates a new authentication session that requests termination after required actions.
      Parameters:
      token -
      tokenContext -
      Returns:
      Throws:
      VerificationException

    • canUseTokenRepeatedly

      boolean canUseTokenRepeatedly(T token, ActionTokenContext<T> tokenContext)
      Returns true when the token can be used repeatedly to invoke the action, false when the token is intended to be for single use only.
      Returns:
      see above