Package org.keycloak.authentication

Interface RequiredActionProvider

All Superinterfaces:
Provider
All Known Implementing Classes:
DeleteAccount, DeleteCredentialAction, RecoveryAuthnCodesAction, TermsAndConditions, UpdateEmail, UpdatePassword, UpdateProfile, UpdateTotp, UpdateUserLocaleAction, VerifyEmail, VerifyUserProfile, WebAuthnPasswordlessRegister, WebAuthnRegister
public interface RequiredActionProvider extends Provider
RequiredAction provider. Required actions are one-time actions that a user must perform before they are logged in.
Version:
$Revision: 1 $
Author:
Bill Burke

  • Method Details

    • initiatedActionSupport

      default InitiatedActionSupport initiatedActionSupport()
      Determines what type of support is provided for application-initiated actions.
      Returns:
      InititatedActionsSupport

    • initiatedActionCanceled

      default void initiatedActionCanceled(KeycloakSession session, AuthenticationSessionModel authSession)
      Callback to let the action know that an application-initiated action was canceled.
      Parameters:
      session - The Keycloak session.
      authSession - The authentication session.

    • evaluateTriggers

      void evaluateTriggers(RequiredActionContext context)
      Called every time a user authenticates. This checks to see if this required action should be triggered. The implementation of this method is responsible for setting the required action on the UserModel. For example, the UpdatePassword required actions checks the password policies to see if the password has expired.
      Parameters:
      context -

    • requiredActionChallenge

      void requiredActionChallenge(RequiredActionContext context)
      If the user has a required action set, this method will be the initial call to obtain what to display to the user's browser. Return null if no action should be done.
      Parameters:
      context -

    • processAction

      void processAction(RequiredActionContext context)
      Called when a required action has form input you want to process.
      Parameters:
      context -

    • getMaxAuthAge

      default int getMaxAuthAge()
      Defines the max time after a user login, after which re-authentication is requested for an AIA. 0 means that re-authentication is always requested.