Package org.keycloak.services.util
Class DPoPUtil
java.lang.Object
org.keycloak.services.util.DPoPUtil
- Author:
- Dmitry Telegin
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static enum
static class
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
bindToken
(AccessToken token, String thumbprint) static void
bindToken
(AccessToken token, DPoP dPoP) static Stream<Map.Entry<ProtocolMapperModel,
ProtocolMapper>> creates a protocol mapper that cannot be modified by administration users and that is used to bind AccessTokens to specific DPoP keys.retrieveDPoPHeaderIfPresent
(KeycloakSession keycloakSession, EventBuilder event, Cors cors) retrieveDPoPHeaderIfPresent
(KeycloakSession keycloakSession, OIDCAdvancedConfigWrapper clientConfig, EventBuilder event, Cors cors) checks the current request if a DPoP HTTP Header is present and returns it if it is present.static void
validateBinding
(AccessToken token, DPoP dPoP) static void
validateDPoPJkt
(String dpopJkt, KeycloakSession session, EventBuilder event, Cors cors)
-
Field Details
-
DEFAULT_PROOF_LIFETIME
public static final int DEFAULT_PROOF_LIFETIME- See Also:
-
DEFAULT_ALLOWED_CLOCK_SKEW
public static final int DEFAULT_ALLOWED_CLOCK_SKEW- See Also:
-
DPOP_TOKEN_TYPE
- See Also:
-
DPOP_SCHEME
- See Also:
-
DPOP_SESSION_ATTRIBUTE
- See Also:
-
DPOP_HTTP_HEADER
- See Also:
-
DPOP_SUPPORTED_ALGS
-
-
Constructor Details
-
DPoPUtil
public DPoPUtil()
-
-
Method Details
-
getTransientProtocolMapper
creates a protocol mapper that cannot be modified by administration users and that is used to bind AccessTokens to specific DPoP keys.
NOTE: The binding was solved with a protocol mapper to have generic solution for DPoP on all implemented grantTypes, even custom-implemented grantTypes. -
retrieveDPoPHeaderIfPresent
public static Optional<DPoP> retrieveDPoPHeaderIfPresent(KeycloakSession keycloakSession, OIDCAdvancedConfigWrapper clientConfig, EventBuilder event, Cors cors) checks the current request if a DPoP HTTP Header is present and returns it if it is present. -
retrieveDPoPHeaderIfPresent
public static Optional<DPoP> retrieveDPoPHeaderIfPresent(KeycloakSession keycloakSession, EventBuilder event, Cors cors) -
validateBinding
- Throws:
VerificationException
-
bindToken
-
bindToken
-
validateDPoPJkt
public static void validateDPoPJkt(String dpopJkt, KeycloakSession session, EventBuilder event, Cors cors)
-