Class JWTClientSecretAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
-
- org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator
-
- All Implemented Interfaces:
org.keycloak.authentication.ClientAuthenticator,org.keycloak.authentication.ClientAuthenticatorFactory,org.keycloak.authentication.ConfigurableAuthenticatorFactory,org.keycloak.provider.ConfiguredProvider,org.keycloak.provider.Provider,org.keycloak.provider.ProviderFactory<org.keycloak.authentication.ClientAuthenticator>
public class JWTClientSecretAuthenticator extends AbstractClientAuthenticator
Client authentication based on JWT signed by client secret instead of private key . See specs for more details.This is server side, which verifies JWT from client_assertion parameter, where the assertion was created on adapter side by org.keycloak.adapters.authentication.JWTClientSecretCredentialsProvider
TODO: Try to create abstract superclass to be shared with
JWTClientAuthenticator. Most of the code can be reused
-
-
Field Summary
Fields Modifier and Type Field Description static StringPROVIDER_ID
-
Constructor Summary
Constructors Constructor Description JWTClientSecretAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidauthenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)Map<String,Object>getAdapterConfiguration(org.keycloak.models.ClientModel client)List<org.keycloak.provider.ProviderConfigProperty>getConfigProperties()List<org.keycloak.provider.ProviderConfigProperty>getConfigPropertiesPerClient()StringgetDisplayType()StringgetHelpText()StringgetId()Set<String>getProtocolAuthenticatorMethods(String loginProtocol)org.keycloak.models.AuthenticationExecutionModel.Requirement[]getRequirementChoices()booleanisConfigurable()booleansupportsSecret()-
Methods inherited from class org.keycloak.authentication.authenticators.client.AbstractClientAuthenticator
close, create, create, getReferenceCategory, init, isFormDataRequest, isUserSetupAllowed, postInit
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
authenticateClient
public void authenticateClient(org.keycloak.authentication.ClientAuthenticationFlowContext context)
-
isConfigurable
public boolean isConfigurable()
-
getConfigPropertiesPerClient
public List<org.keycloak.provider.ProviderConfigProperty> getConfigPropertiesPerClient()
-
getAdapterConfiguration
public Map<String,Object> getAdapterConfiguration(org.keycloak.models.ClientModel client)
-
getProtocolAuthenticatorMethods
public Set<String> getProtocolAuthenticatorMethods(String loginProtocol)
-
supportsSecret
public boolean supportsSecret()
-
getId
public String getId()
-
getDisplayType
public String getDisplayType()
-
getRequirementChoices
public org.keycloak.models.AuthenticationExecutionModel.Requirement[] getRequirementChoices()
-
getHelpText
public String getHelpText()
-
getConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
-
-