Class JWTClientSecretAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
-
- org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator
-
- All Implemented Interfaces:
org.keycloak.authentication.ClientAuthenticator
,org.keycloak.authentication.ClientAuthenticatorFactory
,org.keycloak.authentication.ConfigurableAuthenticatorFactory
,org.keycloak.provider.ConfiguredProvider
,org.keycloak.provider.Provider
,org.keycloak.provider.ProviderFactory<org.keycloak.authentication.ClientAuthenticator>
public class JWTClientSecretAuthenticator extends AbstractClientAuthenticator
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientSecretCredentialsProvider
TODO: Try to create abstract superclass to be shared with
JWTClientAuthenticator
. Most of the code can be reused
-
-
Field Summary
Fields Modifier and Type Field Description static String
PROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientSecretAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
authenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)
Map<String,Object>
getAdapterConfiguration(org.keycloak.models.ClientModel client)
List<org.keycloak.provider.ProviderConfigProperty>
getConfigProperties()
List<org.keycloak.provider.ProviderConfigProperty>
getConfigPropertiesPerClient()
String
getDisplayType()
String
getHelpText()
String
getId()
Set<String>
getProtocolAuthenticatorMethods(String loginProtocol)
org.keycloak.models.AuthenticationExecutionModel.Requirement[]
getRequirementChoices()
boolean
isConfigurable()
boolean
supportsSecret()
-
Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
close, create, create, getReferenceCategory, init, isFormDataRequest, isUserSetupAllowed, postInit
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
authenticateClient
public void authenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)
-
isConfigurable
public boolean isConfigurable()
-
getConfigPropertiesPerClient
public List<org.keycloak.provider.ProviderConfigProperty> getConfigPropertiesPerClient()
-
getAdapterConfiguration
public Map<String,Object> getAdapterConfiguration(org.keycloak.models.ClientModel client)
-
getProtocolAuthenticatorMethods
public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)
-
supportsSecret
public boolean supportsSecret()
-
getId
public String getId()
-
getDisplayType
public String getDisplayType()
-
getRequirementChoices
public org.keycloak.models.AuthenticationExecutionModel.Requirement[] getRequirementChoices()
-
getHelpText
public String getHelpText()
-
getConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
-
-