Class AudienceResolveProtocolMapper
java.lang.Object
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
org.keycloak.protocol.oidc.mappers.AudienceResolveProtocolMapper
- All Implemented Interfaces:
OIDCAccessTokenMapper
,TokenIntrospectionTokenMapper
,ProtocolMapper
,ConfiguredProvider
,Provider
,ProviderFactory<ProtocolMapper>
public class AudienceResolveProtocolMapper
extends AbstractOIDCProtocolMapper
implements OIDCAccessTokenMapper, TokenIntrospectionTokenMapper
Protocol mapper, which adds all client_ids of "allowed" clients to the audience field of the token. Allowed client means the client
for which user has at least one client role
- Author:
- Marek Posolda
-
Field Summary
Fields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic ProtocolMapperModel
createClaimMapper
(String name, boolean accessToken, boolean introspectionEndpoint) getEffectiveModel
(KeycloakSession session, RealmModel realm, ProtocolMapperModel protocolMapperModel) Get effective configuration of protocol mapper.getId()
int
Priority of this protocolMapper implementation.transformAccessToken
(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformIntrospectionToken
(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) Methods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getProtocol, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponse, transformIDToken, transformUserInfoToken
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig
Methods inherited from interface org.keycloak.protocol.ProtocolMapper
validateConfig
Methods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, order
-
Field Details
-
PROVIDER_ID
- See Also:
-
-
Constructor Details
-
AudienceResolveProtocolMapper
public AudienceResolveProtocolMapper()
-
-
Method Details
-
getConfigProperties
- Specified by:
getConfigProperties
in interfaceConfiguredProvider
-
getId
- Specified by:
getId
in interfaceProviderFactory<ProtocolMapper>
-
getDisplayType
- Specified by:
getDisplayType
in interfaceProtocolMapper
-
getDisplayCategory
- Specified by:
getDisplayCategory
in interfaceProtocolMapper
-
getHelpText
- Specified by:
getHelpText
in interfaceConfiguredProvider
-
getPriority
public int getPriority()Description copied from interface:ProtocolMapper
Priority of this protocolMapper implementation. Lower goes first.- Specified by:
getPriority
in interfaceProtocolMapper
- Returns:
-
transformAccessToken
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformAccessToken
in interfaceOIDCAccessTokenMapper
- Overrides:
transformAccessToken
in classAbstractOIDCProtocolMapper
-
transformIntrospectionToken
public AccessToken transformIntrospectionToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformIntrospectionToken
in interfaceTokenIntrospectionTokenMapper
- Overrides:
transformIntrospectionToken
in classAbstractOIDCProtocolMapper
-
getEffectiveModel
public ProtocolMapperModel getEffectiveModel(KeycloakSession session, RealmModel realm, ProtocolMapperModel protocolMapperModel) Description copied from interface:ProtocolMapper
Get effective configuration of protocol mapper. Effective configuration takes "default values" of the options into consideration and hence it is the configuration, which would be actually used when processing this protocolMapper during issuing tokens/assertions. So for instance, when configuration option "introspection.token.claim" is unset in the protocolMapperModel, but default value of this option is supposed to be "true", then effective config returned by this method will contain "introspection.token.claim" config option with value "true" . If the "introspection.token.claim" is set, then the default value is typically ignored in the effective configuration, but this can depend on the implementation of particular protocol mapper.- Specified by:
getEffectiveModel
in interfaceProtocolMapper
- Overrides:
getEffectiveModel
in classAbstractOIDCProtocolMapper
-
createClaimMapper
public static ProtocolMapperModel createClaimMapper(String name, boolean accessToken, boolean introspectionEndpoint)
-