Class JWTClientSecretCredentialsProvider
java.lang.Object
org.keycloak.protocol.oidc.client.authentication.JWTClientSecretCredentialsProvider
- All Implemented Interfaces:
ClientCredentialsProvider
Client authentication based on JWT signed by client secret instead of private key .
See specs for more details.
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected JsonWebToken
createRequestToken
(String clientId, String realmInfoUrl) createSignedRequestToken
(String clientId, String realmInfoUrl) createSignedRequestToken
(String clientId, String realmInfoUrl, String algorithm) getId()
Return the ID of the provider.void
init
(AdapterConfig deployment, Object config) Called by adapter during deployment of your application.void
setClientCredentials
(AdapterConfig deployment, Map<String, String> requestHeaders, Map<String, String> formParams) Called every time adapter needs to perform backchannel requestvoid
setClientSecret
(String clientSecretString) void
setClientSecret
(String clientSecretString, String algorithm)
-
Field Details
-
PROVIDER_ID
- See Also:
-
-
Constructor Details
-
JWTClientSecretCredentialsProvider
public JWTClientSecretCredentialsProvider()
-
-
Method Details
-
getId
Description copied from interface:ClientCredentialsProvider
Return the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }- Specified by:
getId
in interfaceClientCredentialsProvider
- Returns:
-
init
Description copied from interface:ClientCredentialsProvider
Called by adapter during deployment of your application. You can for example read configuration and init your authenticator here- Specified by:
init
in interfaceClientCredentialsProvider
- Parameters:
deployment
- the adapter configurationconfig
- the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
-
setClientCredentials
public void setClientCredentials(AdapterConfig deployment, Map<String, String> requestHeaders, Map<String, String> formParams) Description copied from interface:ClientCredentialsProvider
Called every time adapter needs to perform backchannel request- Specified by:
setClientCredentials
in interfaceClientCredentialsProvider
- Parameters:
deployment
- Fully resolved deploymentrequestHeaders
- You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak serverformParams
- You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server
-
setClientSecret
-
setClientSecret
-
createSignedRequestToken
-
createSignedRequestToken
-
createRequestToken
-