Package org.keycloak.credential.hash

Interface PasswordHashProvider

All Superinterfaces:

Provider

All Known Implementing Classes:

Pbkdf2PasswordHashProvider

public interface PasswordHashProvider
extends Provider

Author:

Kunal Kerkar

Method Summary

Modifier and Type	Method	Description
default String	credentialHashingStrength(PasswordCredentialModel credential)	Returns a string that denotes a hashing strength for a password (do not confuse with strength of the password itself!)
default String	encode(String rawPassword, int iterations)	Deprecated.
default void	encode(String rawPassword, int iterations, CredentialModel credential)	Deprecated. Exists due the backwards compatibility.
PasswordCredentialModel	encodedCredential(String rawPassword, int iterations)
default boolean	policyCheck(PasswordPolicy policy, CredentialModel credential)	Deprecated. Exists due the backwards compatibility.
boolean	policyCheck(PasswordPolicy policy, PasswordCredentialModel credential)
default boolean	verify(String rawPassword, CredentialModel credential)	Deprecated. Exists due the backwards compatibility.
boolean	verify(String rawPassword, PasswordCredentialModel credential)

Methods inherited from interface org.keycloak.provider.Provider

close

Method Details

policyCheck

boolean policyCheck(PasswordPolicy policy,
 PasswordCredentialModel credential)

encodedCredential

PasswordCredentialModel encodedCredential(String rawPassword,
 int iterations)

encode

@Deprecated
default String encode(String rawPassword,
 int iterations)

Deprecated.

Exists due the backwards compatibility. It is recommended to use encodedCredential(String, int)

verify

boolean verify(String rawPassword,
 PasswordCredentialModel credential)

credentialHashingStrength

default String credentialHashingStrength(PasswordCredentialModel credential)

Returns a string that denotes a hashing strength for a password (do not confuse with strength of the password itself!)

The default implementation is returning the number of iterations used for hashing password. Another example could be memory and parallelism configuration for the Argon2 algorithm.

This can be used for example in a metric showing how many hashes were performed with what configuration

Parameters:

credential - The credential for which we want to obtain the string

Returns:

string identifying hashing strength

policyCheck

@Deprecated
default boolean policyCheck(PasswordPolicy policy,
 CredentialModel credential)

Deprecated.

Exists due the backwards compatibility. It is recommended to use policyCheck(PasswordPolicy, PasswordCredentialModel)

encode

@Deprecated
default void encode(String rawPassword,
 int iterations,
 CredentialModel credential)

Deprecated.

Exists due the backwards compatibility. It is recommended to use encodedCredential(String, int)}

verify

@Deprecated
default boolean verify(String rawPassword,
 CredentialModel credential)

Deprecated.

Exists due the backwards compatibility. It is recommended to use verify(String, PasswordCredentialModel)