Package org.keycloak.services.resources
Class IdentityBrokerService
- java.lang.Object
-
- org.keycloak.services.resources.IdentityBrokerService
-
- All Implemented Interfaces:
IdentityProvider.AuthenticationCallback
public class IdentityBrokerService extends Object implements IdentityProvider.AuthenticationCallback
- Author:
- Pedro Igor
-
-
Constructor Summary
Constructors Constructor Description IdentityBrokerService(KeycloakSession session)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.ws.rs.core.ResponseafterFirstBrokerLogin(String code, String clientId, String tabId)javax.ws.rs.core.ResponseafterPostBrokerLoginFlow(String code, String clientId, String tabId)javax.ws.rs.core.Responseauthenticated(BrokeredIdentityContext context)This method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP.protected javax.ws.rs.core.ResponsebrowserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters)javax.ws.rs.core.Responsecancelled(IdentityProviderModel idpConfig)Called when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side.javax.ws.rs.core.ResponseclientInitiatedAccountLinking(String providerId, String redirectUri, String clientId, String nonce, String hash)javax.ws.rs.core.ResponseclientIntiatedAccountLinkingPreflight(String providerId)Closes off CORS preflight requests for account linkingjavax.ws.rs.core.Responseerror(String message)Called when error happened on the IDP side.AuthenticationSessionModelgetAndVerifyAuthenticationSession(String encodedCode)Common method to return current authenticationSession and verify if it is not expiredObjectgetEndpoint(String providerId)static IdentityProvidergetIdentityProvider(KeycloakSession session, RealmModel realm, String alias)static IdentityProviderFactorygetIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)voidinit()javax.ws.rs.core.ResponseperformLogin(String providerId, String code, String clientId, String tabId, String loginHint)javax.ws.rs.core.ResponseperformPostLogin(String providerId, String code, String clientId, String tabId, String loginHint)javax.ws.rs.core.ResponseretrieveToken(String providerId)javax.ws.rs.core.ResponseretrieveTokenPreflight()javax.ws.rs.core.ResponsevalidateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)
-
-
-
Constructor Detail
-
IdentityBrokerService
public IdentityBrokerService(KeycloakSession session)
-
-
Method Detail
-
init
public void init()
-
clientIntiatedAccountLinkingPreflight
@OPTIONS @Path("/{provider_id}/link") public javax.ws.rs.core.Response clientIntiatedAccountLinkingPreflight(@PathParam("provider_id") String providerId)Closes off CORS preflight requests for account linking- Parameters:
providerId-- Returns:
-
clientInitiatedAccountLinking
@GET @Path("/{provider_id}/link") public javax.ws.rs.core.Response clientInitiatedAccountLinking(@PathParam("provider_id") String providerId, @QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("nonce") String nonce, @QueryParam("hash") String hash)
-
performPostLogin
@POST @Path("/{provider_id}/login") public javax.ws.rs.core.Response performPostLogin(@PathParam("provider_id") String providerId, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint)
-
performLogin
@GET @Path("/{provider_id}/login") public javax.ws.rs.core.Response performLogin(@PathParam("provider_id") String providerId, @QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId, @QueryParam("login_hint") String loginHint)
-
getEndpoint
@Path("{provider_id}/endpoint") public Object getEndpoint(@PathParam("provider_id") String providerId)
-
retrieveTokenPreflight
@Path("{provider_id}/token") @OPTIONS public javax.ws.rs.core.Response retrieveTokenPreflight()
-
retrieveToken
@GET @Path("{provider_id}/token") public javax.ws.rs.core.Response retrieveToken(@PathParam("provider_id") String providerId)
-
authenticated
public javax.ws.rs.core.Response authenticated(BrokeredIdentityContext context)
Description copied from interface:IdentityProvider.AuthenticationCallbackThis method should be called by provider after the JAXRS callback endpoint has finished authentication with the remote IDP. There is an assumption that authenticationSession is set in the context when this method is called- Specified by:
authenticatedin interfaceIdentityProvider.AuthenticationCallback- Returns:
- see description
-
validateUser
public javax.ws.rs.core.Response validateUser(AuthenticationSessionModel authSession, UserModel user, RealmModel realm)
-
afterFirstBrokerLogin
@GET @Path("/after-first-broker-login") public javax.ws.rs.core.Response afterFirstBrokerLogin(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId)
-
afterPostBrokerLoginFlow
@GET @Path("/after-post-broker-login") public javax.ws.rs.core.Response afterPostBrokerLoginFlow(@QueryParam("session_code") String code, @QueryParam("client_id") String clientId, @QueryParam("tab_id") String tabId)
-
cancelled
public javax.ws.rs.core.Response cancelled(IdentityProviderModel idpConfig)
Description copied from interface:IdentityProvider.AuthenticationCallbackCalled when user cancelled authentication on the IDP side - for example user didn't approve consent page on the IDP side. Assumption is that authenticationSession is set in theKeycloakContextwhen this method is called- Specified by:
cancelledin interfaceIdentityProvider.AuthenticationCallback- Parameters:
idpConfig- identity provider config- Returns:
- see description
-
error
public javax.ws.rs.core.Response error(String message)
Description copied from interface:IdentityProvider.AuthenticationCallbackCalled when error happened on the IDP side. Assumption is that authenticationSession is set in theKeycloakContextwhen this method is called- Specified by:
errorin interfaceIdentityProvider.AuthenticationCallback- Returns:
- see description
-
getAndVerifyAuthenticationSession
public AuthenticationSessionModel getAndVerifyAuthenticationSession(String encodedCode)
Description copied from interface:IdentityProvider.AuthenticationCallbackCommon method to return current authenticationSession and verify if it is not expired- Specified by:
getAndVerifyAuthenticationSessionin interfaceIdentityProvider.AuthenticationCallback- Returns:
- see description
-
browserAuthentication
protected javax.ws.rs.core.Response browserAuthentication(AuthenticationSessionModel authSession, String errorMessage, Object... parameters)
-
getIdentityProvider
public static IdentityProvider getIdentityProvider(KeycloakSession session, RealmModel realm, String alias)
-
getIdentityProviderFactory
public static IdentityProviderFactory getIdentityProviderFactory(KeycloakSession session, IdentityProviderModel model)
-
-