Class JWTClientAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
-
- org.keycloak.authentication.authenticators.client.JWTClientAuthenticator
-
- All Implemented Interfaces:
org.keycloak.authentication.ClientAuthenticator,org.keycloak.authentication.ClientAuthenticatorFactory,org.keycloak.authentication.ConfigurableAuthenticatorFactory,org.keycloak.provider.ConfiguredProvider,org.keycloak.provider.Provider,org.keycloak.provider.ProviderFactory<org.keycloak.authentication.ClientAuthenticator>
public class JWTClientAuthenticator extends AbstractClientAuthenticator
Client authentication based on JWT signed by client private key . See specs for more details. This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientCredentialsProvider- Author:
- Marek Posolda
-
-
Field Summary
Fields Modifier and Type Field Description static StringATTR_PREFIXstatic StringCERTIFICATE_ATTRstatic StringPROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidauthenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)Map<String,Object>getAdapterConfiguration(org.keycloak.models.ClientModel client)List<org.keycloak.provider.ProviderConfigProperty>getConfigProperties()List<org.keycloak.provider.ProviderConfigProperty>getConfigPropertiesPerClient()StringgetDisplayType()StringgetHelpText()StringgetId()Set<String>getProtocolAuthenticatorMethods(String loginProtocol)org.keycloak.models.AuthenticationExecutionModel.Requirement[]getRequirementChoices()protected PublicKeygetSignatureValidationKey(org.keycloak.models.ClientModel client, org.keycloak.authentication.ClientAuthenticationFlowContext context, org.keycloak.jose.jws.JWSInput jws)booleanisConfigurable()-
Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
close, create, create, getReferenceCategory, init, isFormDataRequest, isUserSetupAllowed, postInit
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
ATTR_PREFIX
public static final String ATTR_PREFIX
- See Also:
- Constant Field Values
-
CERTIFICATE_ATTR
public static final String CERTIFICATE_ATTR
- See Also:
- Constant Field Values
-
-
Method Detail
-
authenticateClient
public void authenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)
-
getSignatureValidationKey
protected PublicKey getSignatureValidationKey(org.keycloak.models.ClientModel client, org.keycloak.authentication.ClientAuthenticationFlowContext context, org.keycloak.jose.jws.JWSInput jws)
-
getDisplayType
public String getDisplayType()
-
isConfigurable
public boolean isConfigurable()
-
getRequirementChoices
public org.keycloak.models.AuthenticationExecutionModel.Requirement[] getRequirementChoices()
-
getHelpText
public String getHelpText()
-
getConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
-
getConfigPropertiesPerClient
public List<org.keycloak.provider.ProviderConfigProperty> getConfigPropertiesPerClient()
-
getAdapterConfiguration
public Map<String,Object> getAdapterConfiguration(org.keycloak.models.ClientModel client)
-
getId
public String getId()
-
-