org.keycloak.services.clientregistration.oidc.DescriptionConverter 連携図

静的公開メンバ関数
static ClientRepresentation	toInternal (KeycloakSession session, OIDCClientRepresentation clientOIDC) throws ClientRegistrationException

static OIDCClientRepresentation	toExternalResponse (KeycloakSession session, ClientRepresentation client, URI uri)

静的非公開メンバ関数
static boolean	setPublicKey (OIDCClientRepresentation clientOIDC, ClientRepresentation clientRep)

static List< String >	getOIDCResponseTypes (ClientRepresentation client)

static List< String >	getOIDCGrantTypes (ClientRepresentation client)

詳解

著者: Stian Thorgersen

関数詳解

◆ getOIDCGrantTypes()

static List<String> org.keycloak.services.clientregistration.oidc.DescriptionConverter.getOIDCGrantTypes ( ClientRepresentation client )

inlinestaticprivate

                                                                                {
         List<String> grantTypes = new ArrayList<>();
         if (client.isStandardFlowEnabled()) {
             grantTypes.add(OAuth2Constants.AUTHORIZATION_CODE);
         }
         if (client.isImplicitFlowEnabled()) {
             grantTypes.add(OAuth2Constants.IMPLICIT);
         }
         if (client.isDirectAccessGrantsEnabled()) {
             grantTypes.add(OAuth2Constants.PASSWORD);
         }
         if (client.isServiceAccountsEnabled()) {
             grantTypes.add(OAuth2Constants.CLIENT_CREDENTIALS);
         }
         if (client.getAuthorizationServicesEnabled() != null && client.getAuthorizationServicesEnabled()) {
             grantTypes.add(OAuth2Constants.UMA_GRANT_TYPE);
         }
         grantTypes.add(OAuth2Constants.REFRESH_TOKEN);
         return grantTypes;
     }

◆ getOIDCResponseTypes()

static List<String> org.keycloak.services.clientregistration.oidc.DescriptionConverter.getOIDCResponseTypes ( ClientRepresentation client )

inlinestaticprivate

                                                                                   {
         List<String> responseTypes = new ArrayList<>();
         if (client.isStandardFlowEnabled()) {
             responseTypes.add(OAuth2Constants.CODE);
             responseTypes.add(OIDCResponseType.NONE);
         }
         if (client.isImplicitFlowEnabled()) {
             responseTypes.add(OIDCResponseType.ID_TOKEN);
             responseTypes.add("id_token token");
         }
         if (client.isStandardFlowEnabled() && client.isImplicitFlowEnabled()) {
             responseTypes.add("code id_token");
             responseTypes.add("code token");
             responseTypes.add("code id_token token");
         }
         return responseTypes;
     }

◆ setPublicKey()

static boolean org.keycloak.services.clientregistration.oidc.DescriptionConverter.setPublicKey	(	OIDCClientRepresentation	clientOIDC,
		ClientRepresentation	clientRep
	)

inlinestaticprivate

                                                                                                              {
         if (clientOIDC.getJwksUri() == null && clientOIDC.getJwks() == null) {
             return false;
         }
 
         if (clientOIDC.getJwksUri() != null && clientOIDC.getJwks() != null) {
             throw new ClientRegistrationException("Illegal to use both jwks_uri and jwks");
         }
 
         OIDCAdvancedConfigWrapper configWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep);
 
         if (clientOIDC.getJwks() != null) {
             JSONWebKeySet keySet = clientOIDC.getJwks();
             JWK publicKeyJWk = JWKSUtils.getKeyForUse(keySet, JWK.Use.SIG);
             if (publicKeyJWk == null) {
                 return false;
             } else {
                 PublicKey publicKey = JWKParser.create(publicKeyJWk).toPublicKey();
                 String publicKeyPem = KeycloakModelUtils.getPemFromKey(publicKey);
                 CertificateRepresentation rep = new CertificateRepresentation();
                 rep.setPublicKey(publicKeyPem);
                 rep.setKid(publicKeyJWk.getKeyId());
                 CertificateInfoHelper.updateClientRepresentationCertificateInfo(clientRep, rep, JWTClientAuthenticator.ATTR_PREFIX);
 
                 configWrapper.setUseJwksUrl(false);
 
                 return true;
             }
         } else {
             configWrapper.setUseJwksUrl(true);
             configWrapper.setJwksUrl(clientOIDC.getJwksUri());
             return true;
         }
     }

◆ toExternalResponse()

static OIDCClientRepresentation org.keycloak.services.clientregistration.oidc.DescriptionConverter.toExternalResponse	(	KeycloakSession	session,
		ClientRepresentation	client,
		URI	uri
	)

inlinestatic

                                                                                                                              {
         OIDCClientRepresentation response = new OIDCClientRepresentation();
         response.setClientId(client.getClientId());
 
         ClientAuthenticatorFactory clientAuth = (ClientAuthenticatorFactory) session.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, client.getClientAuthenticatorType());
         Set<String> oidcClientAuthMethods = clientAuth.getProtocolAuthenticatorMethods(OIDCLoginProtocol.LOGIN_PROTOCOL);
         if (oidcClientAuthMethods != null && !oidcClientAuthMethods.isEmpty()) {
             response.setTokenEndpointAuthMethod(oidcClientAuthMethods.iterator().next());
         }
 
         if (client.getClientAuthenticatorType().equals(ClientIdAndSecretAuthenticator.PROVIDER_ID)) {
             response.setClientSecret(client.getSecret());
             response.setClientSecretExpiresAt(0);
         }
 
         response.setClientName(client.getName());
         response.setClientUri(client.getBaseUrl());
         response.setRedirectUris(client.getRedirectUris());
         response.setRegistrationAccessToken(client.getRegistrationAccessToken());
         response.setRegistrationClientUri(uri.toString());
         response.setResponseTypes(getOIDCResponseTypes(client));
         response.setGrantTypes(getOIDCGrantTypes(client));
 
         OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
         if (config.isUserInfoSignatureRequired()) {
             response.setUserinfoSignedResponseAlg(config.getUserInfoSignedResponseAlg().toString());
         }
         if (config.getRequestObjectSignatureAlg() != null) {
             response.setRequestObjectSigningAlg(config.getRequestObjectSignatureAlg().toString());
         }
         if (config.isUseJwksUrl()) {
             response.setJwksUri(config.getJwksUrl());
         }
         // KEYCLOAK-6771 Certificate Bound Token
         // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.5
         if (config.isUseMtlsHokToken()) {
             response.setTlsClientCertificateBoundAccessTokens(Boolean.TRUE);
         } else {
             response.setTlsClientCertificateBoundAccessTokens(Boolean.FALSE);
         }
         if (config.getIdTokenSignedResponseAlg() != null) {
             response.setIdTokenSignedResponseAlg(config.getIdTokenSignedResponseAlg());
         }
 
         List<ProtocolMapperRepresentation> foundPairwiseMappers = PairwiseSubMapperUtils.getPairwiseSubMappers(client);
         SubjectType subjectType = foundPairwiseMappers.isEmpty() ? SubjectType.PUBLIC : SubjectType.PAIRWISE;
         response.setSubjectType(subjectType.toString().toLowerCase());
         if (subjectType.equals(SubjectType.PAIRWISE)) {
             // Get sectorIdentifier from 1st found
             String sectorIdentifierUri = PairwiseSubMapperHelper.getSectorIdentifierUri(foundPairwiseMappers.get(0));
             response.setSectorIdentifierUri(sectorIdentifierUri);
         }
 
         return response;
     }

◆ toInternal()

static ClientRepresentation org.keycloak.services.clientregistration.oidc.DescriptionConverter.toInternal	(	KeycloakSession	session,
		OIDCClientRepresentation	clientOIDC
	)		throws ClientRegistrationException

inlinestatic

                                                                                                                                                    {
         ClientRepresentation client = new ClientRepresentation();
 
         client.setClientId(clientOIDC.getClientId());
         client.setName(clientOIDC.getClientName());
         client.setRedirectUris(clientOIDC.getRedirectUris());
         client.setBaseUrl(clientOIDC.getClientUri());
 
         List<String> oidcResponseTypes = clientOIDC.getResponseTypes();
         if (oidcResponseTypes == null || oidcResponseTypes.isEmpty()) {
             oidcResponseTypes = Collections.singletonList(OIDCResponseType.CODE);
         }
         List<String> oidcGrantTypes = clientOIDC.getGrantTypes();
 
         try {
             OIDCResponseType responseType = OIDCResponseType.parse(oidcResponseTypes);
             client.setStandardFlowEnabled(responseType.hasResponseType(OIDCResponseType.CODE));
             client.setImplicitFlowEnabled(responseType.isImplicitOrHybridFlow());
 
             client.setPublicClient(responseType.isImplicitFlow());
 
             if (oidcGrantTypes != null) {
                 client.setDirectAccessGrantsEnabled(oidcGrantTypes.contains(OAuth2Constants.PASSWORD));
                 client.setServiceAccountsEnabled(oidcGrantTypes.contains(OAuth2Constants.CLIENT_CREDENTIALS));
             }
         } catch (IllegalArgumentException iae) {
             throw new ClientRegistrationException(iae.getMessage(), iae);
         }
 
         String authMethod = clientOIDC.getTokenEndpointAuthMethod();
         ClientAuthenticatorFactory clientAuthFactory;
         if (authMethod == null) {
             clientAuthFactory = (ClientAuthenticatorFactory) session.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, KeycloakModelUtils.getDefaultClientAuthenticatorType());
         } else {
             clientAuthFactory = AuthorizeClientUtil.findClientAuthenticatorForOIDCAuthMethod(session, authMethod);
         }
 
         if (clientAuthFactory == null) {
             throw new ClientRegistrationException("Not found clientAuthenticator for requested token_endpoint_auth_method");
         }
         client.setClientAuthenticatorType(clientAuthFactory.getId());
 
         boolean publicKeySet = setPublicKey(clientOIDC, client);
         if (authMethod != null && authMethod.equals(OIDCLoginProtocol.PRIVATE_KEY_JWT) && !publicKeySet) {
             throw new ClientRegistrationException("Didn't find key of supported keyType for use " + JWK.Use.SIG.asString());
         }
 
         OIDCAdvancedConfigWrapper configWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
         if (clientOIDC.getUserinfoSignedResponseAlg() != null) {
             Algorithm algorithm = Enum.valueOf(Algorithm.class, clientOIDC.getUserinfoSignedResponseAlg());
             configWrapper.setUserInfoSignedResponseAlg(algorithm);
         }
 
         if (clientOIDC.getRequestObjectSigningAlg() != null) {
             Algorithm algorithm = Enum.valueOf(Algorithm.class, clientOIDC.getRequestObjectSigningAlg());
             configWrapper.setRequestObjectSignatureAlg(algorithm);
         }
 
         // KEYCLOAK-6771 Certificate Bound Token
         // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.5
         Boolean tlsClientCertificateBoundAccessTokens = clientOIDC.getTlsClientCertificateBoundAccessTokens();
         if (tlsClientCertificateBoundAccessTokens != null) {
             if (tlsClientCertificateBoundAccessTokens.booleanValue()) configWrapper.setUseMtlsHoKToken(true);
             else configWrapper.setUseMtlsHoKToken(false);
         }
 
         if (clientOIDC.getIdTokenSignedResponseAlg() != null) {
             configWrapper.setIdTokenSignedResponseAlg(clientOIDC.getIdTokenSignedResponseAlg());
         }
 
         return client;
     }

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/services/clientregistration/oidc/DescriptionConverter.java

静的公開メンバ関数

静的非公開メンバ関数

詳解

関数詳解

◆ getOIDCGrantTypes()

◆ getOIDCResponseTypes()

◆ setPublicKey()

◆ toExternalResponse()

◆ toInternal()