Package org.keycloak.authentication.actiontoken

Class TokenUtils

java.lang.Object
org.keycloak.authentication.actiontoken.TokenUtils
public class TokenUtils extends Object
Author:
hmlnarik

  • Constructor Details

    • TokenUtils

      public TokenUtils()

  • Method Details

    • checkThat

      public static TokenVerifier.Predicate<JsonWebToken> checkThat(BooleanSupplier function, String errorEvent, String errorMessage)
      Returns a predicate for use in TokenVerifier using the given boolean-returning function. When the function return false, this predicate throws a ExplainedTokenVerificationException with message and errorEvent set from errorMessage and errorEvent, .
      Parameters:
      function -
      errorEvent -
      errorMessage -
      Returns:

    • checkThat

      public static <T extends JsonWebToken> TokenVerifier.Predicate<T> checkThat(Predicate<T> function, String errorEvent, String errorMessage)
      Returns a predicate for use in TokenVerifier using the given boolean-returning function. When the function return false, this predicate throws a ExplainedTokenVerificationException with message and errorEvent set from errorMessage and errorEvent, .
      Parameters:
      function -
      errorEvent -
      errorMessage -
      Returns:

    • onlyIf

      public static <T extends JsonWebToken> TokenVerifier.Predicate<T> onlyIf(Predicate<T> condition, TokenVerifier.Predicate<T> predicate)
      Returns a predicate that is applied only if the given condition evaluates to . In case it evaluates to false, the predicate passes.
      Type Parameters:
      T -
      Parameters:
      condition - Condition guarding execution of the predicate
      predicate - Predicate that gets tested if the condition evaluates to true
      Returns:

    • predicates

      public static <T extends JsonWebToken> TokenVerifier.Predicate<? super T>[] predicates(TokenVerifier.Predicate<? super T>... predicate)

    • checkRequestedAudiences

      public static Set<String> checkRequestedAudiences(JsonWebToken token, List<String> requestedAudience)
      Check that all requested audiences from parameter "requestedAudience" are available in the accessToken. If some are missing, return the missing audiences. Assumption is, that token does not contain any additional audiences, which is true for example during token-exchange
      Parameters:
      token - token to check
      requestedAudience - requested audiences
      Returns:
      set of audiences, which are requested, but are missing from the token