Class JWTClientAuthenticator
java.lang.Object
org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
org.keycloak.authentication.authenticators.client.JWTClientAuthenticator
- All Implemented Interfaces:
ClientAuthenticator
,ClientAuthenticatorFactory
,ConfigurableAuthenticatorFactory
,ConfiguredProvider
,Provider
,ProviderFactory<ClientAuthenticator>
Client authentication based on JWT signed by client private key .
See specs for more details.
This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by
org.keycloak.adapters.authentication.JWTClientCredentialsProvider
- Author:
- Marek Posolda
-
Field Summary
Fields inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory
REQUIREMENT_CHOICES
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Initial call for the authenticator.getAdapterConfiguration
(ClientModel client) Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client.List of config properties for this client implementation.Friendly name for the authenticatorgetId()
getProtocolAuthenticatorMethods
(String loginProtocol) Get authentication methods for the specified protocolWhat requirement settings are allowed.protected PublicKey
getSignatureValidationKey
(ClientModel client, ClientAuthenticationFlowContext context, JWSInput jws) boolean
Is this authenticator configurable globally?Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
close, create, create, getReferenceCategory, init, isUserSetupAllowed, postInit
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.authentication.ClientAuthenticatorFactory
supportsSecret
Methods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig
Methods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, order
-
Field Details
-
PROVIDER_ID
- See Also:
-
ATTR_PREFIX
- See Also:
-
CERTIFICATE_ATTR
- See Also:
-
-
Constructor Details
-
JWTClientAuthenticator
public JWTClientAuthenticator()
-
-
Method Details
-
authenticateClient
Description copied from interface:ClientAuthenticator
Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the ClientAuthenticator's requirements. If it doesn't, it should send back a challenge response by calling the ClientAuthenticationFlowContext.challenge(Response). -
getSignatureValidationKey
protected PublicKey getSignatureValidationKey(ClientModel client, ClientAuthenticationFlowContext context, JWSInput jws) -
getDisplayType
Description copied from interface:ConfigurableAuthenticatorFactory
Friendly name for the authenticator- Returns:
-
isConfigurable
public boolean isConfigurable()Description copied from interface:ClientAuthenticatorFactory
Is this authenticator configurable globally?- Returns:
-
getRequirementChoices
Description copied from interface:ConfigurableAuthenticatorFactory
What requirement settings are allowed.- Returns:
-
getHelpText
-
getConfigProperties
-
getConfigPropertiesPerClient
Description copied from interface:ClientAuthenticatorFactory
List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client. Applicable only if "isConfigurablePerClient" is true- Returns:
-
getAdapterConfiguration
Description copied from interface:ClientAuthenticatorFactory
Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)- Returns:
-
getId
-
getProtocolAuthenticatorMethods
Description copied from interface:ClientAuthenticatorFactory
Get authentication methods for the specified protocol- Parameters:
loginProtocol
- corresponds toProviderFactory.getId()
- Returns:
- name of supported client authenticator methods in the protocol specific "language"
-