Package org.keycloak.authentication.requiredactions.util

Class CredentialDeleteHelper

java.lang.Object

org.keycloak.authentication.requiredactions.util.CredentialDeleteHelper

public class CredentialDeleteHelper
extends Object

Author:

Marek Posolda

Constructor Summary

Constructors

Constructor	Description
CredentialDeleteHelper()

Method Summary

Modifier and Type	Method	Description
static CredentialModel	removeCredential(KeycloakSession session, UserModel user, String credentialId, Supplier<Integer> currentLoAProvider)	Removing credential of given ID of specified user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CredentialDeleteHelper

public CredentialDeleteHelper()

Method Details

removeCredential

public static CredentialModel removeCredential(KeycloakSession session,
 UserModel user,
 String credentialId,
 Supplier<Integer> currentLoAProvider)

Removing credential of given ID of specified user. It does the necessary validation to validate if specified credential can be removed. In case of step-up authentication enabled, it verifies if user authenticated with corresponding level in order to be able to remove this credential. For instance removing 2nd-factor credential require authentication with 2nd-factor as well for security reasons.

Parameters:

session -

user -

credentialId -

currentLoAProvider - supplier of current authenticated level. Can be retrieved for instance from session or from the token

Returns:

removed credential. It can return null if credential was not found or if it was legacy format of federated credential ID