org.keycloak.social.microsoft.MicrosoftIdentityProvider の継承関係図

org.keycloak.social.microsoft.MicrosoftIdentityProvider 連携図

公開メンバ関数
	MicrosoftIdentityProvider (KeycloakSession session, OAuth2IdentityProviderConfig config)

Object	callback (RealmModel realm, AuthenticationCallback callback, EventBuilder event)

Response	performLogin (AuthenticationRequest request)

Response	retrieveToken (KeycloakSession session, FederatedIdentityModel identity)

C	getConfig ()

Response	exchangeFromToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, MultivaluedMap< String, String > params)

BrokeredIdentityContext	getFederatedIdentity (String response)

String	getJsonProperty (JsonNode jsonNode, String name)

JsonNode	asJsonNode (String json) throws IOException

void	authenticationFinished (AuthenticationSessionModel authSession, BrokeredIdentityContext context)

boolean	isIssuer (String issuer, MultivaluedMap< String, String > params)

final BrokeredIdentityContext	exchangeExternal (EventBuilder event, MultivaluedMap< String, String > params)

void	exchangeExternalComplete (UserSessionModel userSession, BrokeredIdentityContext context, MultivaluedMap< String, String > params)

Response	export (UriInfo uriInfo, RealmModel realm, String format)

void	close ()

Response	keycloakInitiatedBrowserLogout (KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm)

void	backchannelLogout (KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm)

Response	exchangeNotSupported ()

Response	exchangeNotLinked (UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

Response	exchangeNotLinkedNoStore (UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

Response	exchangeTokenExpired (UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

Response	exchangeUnsupportedRequiredType ()

void	preprocessFederatedIdentity (KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)

void	importNewUser (KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

void	updateBrokeredUser (KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

IdentityProviderDataMarshaller	getMarshaller ()

void	preprocessFederatedIdentity (KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)

void	authenticationFinished (AuthenticationSessionModel authSession, BrokeredIdentityContext context)

void	importNewUser (KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

void	updateBrokeredUser (KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

Object	callback (RealmModel realm, AuthenticationCallback callback, EventBuilder event)

Response	performLogin (AuthenticationRequest request)

Response	retrieveToken (KeycloakSession session, FederatedIdentityModel identity)

void	backchannelLogout (KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm)

Response	keycloakInitiatedBrowserLogout (KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm)

Response	export (UriInfo uriInfo, RealmModel realm, String format)

IdentityProviderDataMarshaller	getMarshaller ()

void	close ()

公開変数類
String	EXTERNAL_IDENTITY_PROVIDER

String	FEDERATED_ACCESS_TOKEN

String	EXTERNAL_IDENTITY_PROVIDER = "EXTERNAL_IDENTITY_PROVIDER"

String	FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN"

静的公開変数類
static final String	AUTH_URL = "https://login.live.com/oauth20_authorize.srf"

static final String	TOKEN_URL = "https://login.live.com/oauth20_token.srf"

static final String	PROFILE_URL = "https://apis.live.net/v5.0/me"

static final String	DEFAULT_SCOPE = "wl.basic,wl.emails"

static final String	OAUTH2_GRANT_TYPE_REFRESH_TOKEN = "refresh_token"

static final String	OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"

static final String	FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN"

static final String	FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION"

static final String	ACCESS_DENIED = "access_denied"

static final String	OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token"

static final String	OAUTH2_PARAMETER_SCOPE = "scope"

static final String	OAUTH2_PARAMETER_STATE = "state"

static final String	OAUTH2_PARAMETER_RESPONSE_TYPE = "response_type"

static final String	OAUTH2_PARAMETER_REDIRECT_URI = "redirect_uri"

static final String	OAUTH2_PARAMETER_CODE = "code"

static final String	OAUTH2_PARAMETER_CLIENT_ID = "client_id"

static final String	OAUTH2_PARAMETER_CLIENT_SECRET = "client_secret"

static final String	OAUTH2_PARAMETER_GRANT_TYPE = "grant_type"

static final String	ACCOUNT_LINK_URL = "account-link-url"

限定公開メンバ関数
boolean	supportsExternalExchange ()

String	getProfileEndpointForValidation (EventBuilder event)

SimpleHttp	buildUserInfoRequest (String subjectToken, String userInfoUrl)

BrokeredIdentityContext	doGetFederatedIdentity (String accessToken)

BrokeredIdentityContext	extractIdentityFromProfile (EventBuilder event, JsonNode profile)

String	getDefaultScopes ()

String	extractTokenFromResponse (String response, String tokenName)

Response	hasExternalExchangeToken (EventBuilder event, UserSessionModel tokenUserSession, MultivaluedMap< String, String > params)

Response	exchangeStoredToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

Response	exchangeSessionToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

String	getAccessTokenResponseParameter ()

UriBuilder	createAuthorizationUrl (AuthenticationRequest request)

BrokeredIdentityContext	validateExternalTokenThroughUserInfo (EventBuilder event, String subjectToken, String subjectTokenType)

BrokeredIdentityContext	exchangeExternalImpl (EventBuilder event, MultivaluedMap< String, String > params)

BrokeredIdentityContext	exchangeExternalUserInfoValidationOnly (EventBuilder event, MultivaluedMap< String, String > params)

Response	exchangeErrorResponse (UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, String errorCode, String reason)

String	getLinkingUrl (UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession)

限定公開変数類
final KeycloakSession	session

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AbstractOAuth2IdentityProvider.class)

static ObjectMapper	mapper = new ObjectMapper()

静的非公開変数類
static final Logger	log = Logger.getLogger(MicrosoftIdentityProvider.class)

詳解

Identity provider for Microsoft account. Uses OAuth 2 protocol of Windows Live Services as documented at https://msdn.microsoft.com/en-us/library/hh243647.aspx

著者: Vlastimil Elias (velias at redhat dot com)

構築子と解体子

◆ MicrosoftIdentityProvider()

org.keycloak.social.microsoft.MicrosoftIdentityProvider.MicrosoftIdentityProvider	(	KeycloakSession	session,
		OAuth2IdentityProviderConfig	config
	)

inline

                                                                                                    {
         super(session, config);
         config.setAuthorizationUrl(AUTH_URL);
         config.setTokenUrl(TOKEN_URL);
         config.setUserInfoUrl(PROFILE_URL);
     }

関数詳解

◆ asJsonNode()

JsonNode org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.asJsonNode ( String json ) throws IOException

inlineinherited

                                                                {
         return mapper.readTree(json);
     }

◆ authenticationFinished() [1/2]

void org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.authenticationFinished	(	AuthenticationSessionModel	authSession,
		BrokeredIdentityContext	context
	)

inherited

org.keycloak.social.twitter.TwitterIdentityProviderで実装されています。

◆ authenticationFinished() [2/2]

void org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.authenticationFinished	(	AuthenticationSessionModel	authSession,
		BrokeredIdentityContext	context
	)

inlineinherited

                                                                                                                 {
         String token = (String) context.getContextData().get(FEDERATED_ACCESS_TOKEN);
         if (token != null) authSession.setUserSessionNote(FEDERATED_ACCESS_TOKEN, token);
     }

◆ backchannelLogout() [1/2]

void org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.backchannelLogout	(	KeycloakSession	session,
		UserSessionModel	userSession,
		UriInfo	uriInfo,
		RealmModel	realm
	)

inlineinherited

                                                                                                                             {
 
     }

◆ backchannelLogout() [2/2]

void org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.backchannelLogout	(	KeycloakSession	session,
		UserSessionModel	userSession,
		UriInfo	uriInfo,
		RealmModel	realm
	)

inherited

◆ buildUserInfoRequest()

SimpleHttp org.keycloak.social.microsoft.MicrosoftIdentityProvider.buildUserInfoRequest	(	String	subjectToken,
		String	userInfoUrl
	)

inlineprotected

                                                                                        {
         String URL = null;
         try {
             URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(subjectToken, "UTF-8");
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
         return SimpleHttp.doGet(URL, session);
     }

◆ callback() [1/2]

Object org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.callback	(	RealmModel	realm,
		AuthenticationCallback	callback,
		EventBuilder	event
	)

inherited

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

戻り値

org.keycloak.social.twitter.TwitterIdentityProviderで実装されています。

◆ callback() [2/2]

Object org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.callback	(	RealmModel	realm,
		AuthenticationCallback	callback,
		EventBuilder	event
	)

inlineinherited

                                                                                                   {
         return new Endpoint(callback, realm, event);
     }

◆ close() [1/2]

void org.keycloak.provider.Provider.close ( )

inherited

◆ close() [2/2]

void org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.close ( )

inlineinherited

                         {
         // no-op
     }

◆ createAuthorizationUrl()

UriBuilder org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.createAuthorizationUrl ( AuthenticationRequest request )

inlineprotectedinherited

                                                                                {
         final UriBuilder uriBuilder = UriBuilder.fromUri(getConfig().getAuthorizationUrl())
                 .queryParam(OAUTH2_PARAMETER_SCOPE, getConfig().getDefaultScope())
                 .queryParam(OAUTH2_PARAMETER_STATE, request.getState().getEncoded())
                 .queryParam(OAUTH2_PARAMETER_RESPONSE_TYPE, "code")
                 .queryParam(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
                 .queryParam(OAUTH2_PARAMETER_REDIRECT_URI, request.getRedirectUri());
 
         String loginHint = request.getAuthenticationSession().getClientNote(OIDCLoginProtocol.LOGIN_HINT_PARAM);
         if (getConfig().isLoginHint() && loginHint != null) {
             uriBuilder.queryParam(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
         }
 
         if (getConfig().isUiLocales()) {
             uriBuilder.queryParam(OIDCLoginProtocol.UI_LOCALES_PARAM, session.getContext().resolveLocale(null).toLanguageTag());
         }
 
         String prompt = getConfig().getPrompt();
         if (prompt == null || prompt.isEmpty()) {
             prompt = request.getAuthenticationSession().getClientNote(OAuth2Constants.PROMPT);
         }
         if (prompt != null) {
             uriBuilder.queryParam(OAuth2Constants.PROMPT, prompt);
         }
 
         String nonce = request.getAuthenticationSession().getClientNote(OIDCLoginProtocol.NONCE_PARAM);
         if (nonce == null || nonce.isEmpty()) {
             nonce = UUID.randomUUID().toString();
             request.getAuthenticationSession().setClientNote(OIDCLoginProtocol.NONCE_PARAM, nonce);
         }
         uriBuilder.queryParam(OIDCLoginProtocol.NONCE_PARAM, nonce);
 
         String acr = request.getAuthenticationSession().getClientNote(OAuth2Constants.ACR_VALUES);
         if (acr != null) {
             uriBuilder.queryParam(OAuth2Constants.ACR_VALUES, acr);
         }
         String forwardParameterConfig = getConfig().getForwardParameters() != null ? getConfig().getForwardParameters(): "";
         List<String> forwardParameters = Arrays.asList(forwardParameterConfig.split("\\s*,\\s*"));
         for(String forwardParameter: forwardParameters) {
             String name = AuthorizationEndpoint.LOGIN_SESSION_NOTE_ADDITIONAL_REQ_PARAMS_PREFIX + forwardParameter.trim();
             String parameter = request.getAuthenticationSession().getClientNote(name);
             if(parameter != null && !parameter.isEmpty()) {
                 uriBuilder.queryParam(forwardParameter, parameter);
             }
         }
         return uriBuilder;
     }

◆ doGetFederatedIdentity()

BrokeredIdentityContext org.keycloak.social.microsoft.MicrosoftIdentityProvider.doGetFederatedIdentity ( String accessToken )

inlineprotected

                                                                                  {
         try {
             String URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(accessToken, "UTF-8");
             if (log.isDebugEnabled()) {
                 log.debug("Microsoft Live user profile request to: " + URL);
             }
             JsonNode profile = SimpleHttp.doGet(URL, session).asJson();
 
             return extractIdentityFromProfile(null, profile);
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not obtain user profile from Microsoft Live ID.", e);
         }
     }

◆ exchangeErrorResponse()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeErrorResponse	(	UriInfo	uriInfo,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		String	errorCode,
		String	reason
	)

inlineprotectedinherited

                                                                                                                                                                 {
         Map<String, String> error = new HashMap<>();
         error.put("error", errorCode);
         error.put("error_description", reason);
         String accountLinkUrl = getLinkingUrl(uriInfo, authorizedClient, tokenUserSession);
         if (accountLinkUrl != null) error.put(ACCOUNT_LINK_URL, accountLinkUrl);
         return Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ exchangeExternal()

final BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternal	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineinherited

org.keycloak.broker.provider.ExchangeExternalTokenを実装しています。

                                                                                                                      {
         if (!supportsExternalExchange()) return null;
         BrokeredIdentityContext context = exchangeExternalImpl(event, params);
         if (context != null) {
             context.setIdp(this);
             context.setIdpConfig(getConfig());
         }
         return context;
     }

◆ exchangeExternalComplete()

void org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalComplete	(	UserSessionModel	userSession,
		BrokeredIdentityContext	context,
		MultivaluedMap< String, String >	params
	)

inlineinherited

org.keycloak.broker.provider.ExchangeExternalTokenを実装しています。

                                                                                                                                                {
         if (context.getContextData().containsKey(OIDCIdentityProvider.VALIDATED_ID_TOKEN))
             userSession.setNote(FEDERATED_ACCESS_TOKEN, params.getFirst(OAuth2Constants.SUBJECT_TOKEN));
         if (context.getContextData().containsKey(OIDCIdentityProvider.VALIDATED_ID_TOKEN))
             userSession.setNote(OIDCIdentityProvider.FEDERATED_ID_TOKEN, params.getFirst(OAuth2Constants.SUBJECT_TOKEN));
         userSession.setNote(OIDCIdentityProvider.EXCHANGE_PROVIDER, getConfig().getAlias());
 
     }

◆ exchangeExternalImpl()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalImpl	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

                                                                                                                       {
         return exchangeExternalUserInfoValidationOnly(event, params);
 
     }

◆ exchangeExternalUserInfoValidationOnly()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalUserInfoValidationOnly	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

                                                                                                                                         {
         String subjectToken = params.getFirst(OAuth2Constants.SUBJECT_TOKEN);
         if (subjectToken == null) {
             event.detail(Details.REASON, OAuth2Constants.SUBJECT_TOKEN + " param unset");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "token not set", Response.Status.BAD_REQUEST);
         }
         String subjectTokenType = params.getFirst(OAuth2Constants.SUBJECT_TOKEN_TYPE);
         if (subjectTokenType == null) {
             subjectTokenType = OAuth2Constants.ACCESS_TOKEN_TYPE;
         }
         if (!OAuth2Constants.ACCESS_TOKEN_TYPE.equals(subjectTokenType)) {
             event.detail(Details.REASON, OAuth2Constants.SUBJECT_TOKEN_TYPE + " invalid");
             event.error(Errors.INVALID_TOKEN_TYPE);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token type", Response.Status.BAD_REQUEST);
         }
         return validateExternalTokenThroughUserInfo(event, subjectToken, subjectTokenType);
     }

◆ exchangeFromToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeFromToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject,
		MultivaluedMap< String, String >	params
	)

inlineinherited

org.keycloak.broker.provider.ExchangeTokenToIdentityProviderTokenを実装しています。

                                                                                                                                                                                                            {
         // check to see if we have a token exchange in session
         // in other words check to see if this session was created by an external exchange
         Response tokenResponse = hasExternalExchangeToken(event, tokenUserSession, params);
         if (tokenResponse != null) return tokenResponse;
 
         // going further we only support access token type?  Why?
         String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE);
         if (requestedType != null && !requestedType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE)) {
             event.detail(Details.REASON, "requested_token_type unsupported");
             event.error(Errors.INVALID_REQUEST);
             return exchangeUnsupportedRequiredType();
         }
         if (!getConfig().isStoreToken()) {
             // if token isn't stored, we need to see if this session has been linked
             String brokerId = tokenUserSession.getNote(Details.IDENTITY_PROVIDER);
             brokerId = brokerId == null ? tokenUserSession.getNote(IdentityProvider.EXTERNAL_IDENTITY_PROVIDER) : brokerId;
             if (brokerId == null || !brokerId.equals(getConfig().getAlias())) {
                 event.detail(Details.REASON, "requested_issuer has not linked");
                 event.error(Errors.INVALID_REQUEST);
                 return exchangeNotLinkedNoStore(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
             }
             return exchangeSessionToken(uriInfo, event, authorizedClient, tokenUserSession, tokenSubject);
         } else {
             return exchangeStoredToken(uriInfo, event, authorizedClient, tokenUserSession, tokenSubject);
         }
     }

◆ exchangeNotLinked()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeNotLinked	(	UriInfo	uriInfo,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineinherited

                                                                                                                                                 {
         return exchangeErrorResponse(uriInfo, authorizedClient, tokenUserSession, "not_linked", "identity provider is not linked");
     }

◆ exchangeNotLinkedNoStore()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeNotLinkedNoStore	(	UriInfo	uriInfo,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineinherited

                                                                                                                                                        {
         return exchangeErrorResponse(uriInfo, authorizedClient, tokenUserSession, "not_linked", "identity provider is not linked, can only link to current user session");
     }

◆ exchangeNotSupported()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeNotSupported ( )

inlineinherited

                                            {
         Map<String, String> error = new HashMap<>();
         error.put("error", "invalid_target");
         error.put("error_description", "target_exchange_unsupported");
         return  Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ exchangeSessionToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeSessionToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineprotectedinherited

                                                                                                                                                                           {
         String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN);
         if (accessToken == null) {
             event.detail(Details.REASON, "requested_issuer is not linked");
             event.error(Errors.INVALID_TOKEN);
             return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         AccessTokenResponse tokenResponse = new AccessTokenResponse();
         tokenResponse.setToken(accessToken);
         tokenResponse.setIdToken(null);
         tokenResponse.setRefreshToken(null);
         tokenResponse.setRefreshExpiresIn(0);
         tokenResponse.getOtherClaims().clear();
         tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
         tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession));
         event.success();
         return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ exchangeStoredToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeStoredToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineprotectedinherited

                                                                                                                                                                          {
         FederatedIdentityModel model = session.users().getFederatedIdentity(tokenSubject, getConfig().getAlias(), authorizedClient.getRealm());
         if (model == null || model.getToken() == null) {
             event.detail(Details.REASON, "requested_issuer is not linked");
             event.error(Errors.INVALID_TOKEN);
             return exchangeNotLinked(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         String accessToken = extractTokenFromResponse(model.getToken(), getAccessTokenResponseParameter());
         if (accessToken == null) {
             model.setToken(null);
             session.users().updateFederatedIdentity(authorizedClient.getRealm(), tokenSubject, model);
             event.detail(Details.REASON, "requested_issuer token expired");
             event.error(Errors.INVALID_TOKEN);
             return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         AccessTokenResponse tokenResponse = new AccessTokenResponse();
         tokenResponse.setToken(accessToken);
         tokenResponse.setIdToken(null);
         tokenResponse.setRefreshToken(null);
         tokenResponse.setRefreshExpiresIn(0);
         tokenResponse.getOtherClaims().clear();
         tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
         tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession));
         event.success();
         return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ exchangeTokenExpired()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeTokenExpired	(	UriInfo	uriInfo,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineinherited

                                                                                                                                                    {
         return exchangeErrorResponse(uriInfo, authorizedClient, tokenUserSession, "token_expired", "linked token is expired");
     }

◆ exchangeUnsupportedRequiredType()

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.exchangeUnsupportedRequiredType ( )

inlineinherited

                                                       {
         Map<String, String> error = new HashMap<>();
         error.put("error", "invalid_target");
         error.put("error_description", "response_token_type_unsupported");
         return Response.status(400).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ export() [1/2]

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.export	(	UriInfo	uriInfo,
		RealmModel	realm,
		String	format
	)

inlineinherited

                                                                              {
         return Response.noContent().build();
     }

◆ export() [2/2]

Response org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.export	(	UriInfo	uriInfo,
		RealmModel	realm,
		String	format
	)

inherited

Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor

戻り値

◆ extractIdentityFromProfile()

BrokeredIdentityContext org.keycloak.social.microsoft.MicrosoftIdentityProvider.extractIdentityFromProfile	(	EventBuilder	event,
		JsonNode	profile
	)

inlineprotected

                                                                                                        {
         String id = getJsonProperty(profile, "id");
 
         String email = null;
         if (profile.has("emails")) {
             email = getJsonProperty(profile.get("emails"), "preferred");
         }
 
         BrokeredIdentityContext user = new BrokeredIdentityContext(id);
 
         user.setUsername(email != null ? email : id);
         user.setFirstName(getJsonProperty(profile, "first_name"));
         user.setLastName(getJsonProperty(profile, "last_name"));
         if (email != null)
             user.setEmail(email);
         user.setIdpConfig(getConfig());
         user.setIdp(this);
 
         AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
 
         return user;
     }

◆ extractTokenFromResponse()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.extractTokenFromResponse	(	String	response,
		String	tokenName
	)

inlineprotectedinherited

                                                                                  {
           if(response == null)
                 return null;
           
         if (response.startsWith("{")) {
             try {
                         JsonNode node = mapper.readTree(response);
                         if(node.has(tokenName)){
                                 String s = node.get(tokenName).textValue();
                                 if(s == null || s.trim().isEmpty())
                                         return null;
                   return s;
                         } else {
                                 return null;
                         }
             } catch (IOException e) {
                 throw new IdentityBrokerException("Could not extract token [" + tokenName + "] from response [" + response + "] due: " + e.getMessage(), e);
             }
         } else {
             Matcher matcher = Pattern.compile(tokenName + "=([^&]+)").matcher(response);
 
             if (matcher.find()) {
                 return matcher.group(1);
             }
         }
 
         return null;
     }

◆ getAccessTokenResponseParameter()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getAccessTokenResponseParameter ( )

inlineprotectedinherited

                                                        {
         return OAUTH2_PARAMETER_ACCESS_TOKEN;
     }

◆ getConfig()

C org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getConfig ( )

inlineinherited

                          {
         return super.getConfig();
     }

◆ getDefaultScopes()

String org.keycloak.social.microsoft.MicrosoftIdentityProvider.getDefaultScopes ( )

inlineprotected

                                         {
         return DEFAULT_SCOPE;
     }

◆ getFederatedIdentity()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getFederatedIdentity ( String response )

inlineinherited

                                                                          {
         String accessToken = extractTokenFromResponse(response, getAccessTokenResponseParameter());
 
         if (accessToken == null) {
             throw new IdentityBrokerException("No access token available in OAuth server response: " + response);
         }
 
         BrokeredIdentityContext context = doGetFederatedIdentity(accessToken);
         context.getContextData().put(FEDERATED_ACCESS_TOKEN, accessToken);
         return context;
     }

◆ getJsonProperty()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getJsonProperty	(	JsonNode	jsonNode,
		String	name
	)

inlineinherited

Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.

引数

jsonNode	to get property from
name	of property to get

戻り値: string value of the property or null.

                                                                   {
         if (jsonNode.has(name) && !jsonNode.get(name).isNull()) {
                   String s = jsonNode.get(name).asText();
                   if(s != null && !s.isEmpty())
                                 return s;
                   else
                                 return null;
         }
 
         return null;
     }

◆ getLinkingUrl()

String org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.getLinkingUrl	(	UriInfo	uriInfo,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession
	)

inlineprotectedinherited

                                                                                                                      {
         String provider = getConfig().getAlias();
         String clientId = authorizedClient.getClientId();
         String nonce = UUID.randomUUID().toString();
         MessageDigest md = null;
         try {
             md = MessageDigest.getInstance("SHA-256");
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e);
         }
         String input = nonce + tokenUserSession.getId() + clientId + provider;
         byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
         String hash = Base64Url.encode(check);
         return KeycloakUriBuilder.fromUri(uriInfo.getBaseUri())
                 .path("/realms/{realm}/broker/{provider}/link")
                 .queryParam("nonce", nonce)
                 .queryParam("hash", hash)
                 .queryParam("client_id", clientId)
                 .build(authorizedClient.getRealm().getName(), provider)
                 .toString();
     }

◆ getMarshaller() [1/2]

IdentityProviderDataMarshaller org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.getMarshaller ( )

inherited

Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession

戻り値

◆ getMarshaller() [2/2]

IdentityProviderDataMarshaller org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.getMarshaller ( )

inlineinherited

                                                           {
         return new DefaultDataMarshaller();
     }

◆ getProfileEndpointForValidation()

String org.keycloak.social.microsoft.MicrosoftIdentityProvider.getProfileEndpointForValidation ( EventBuilder event )

inlineprotected

                                                                          {
         return PROFILE_URL;
     }

◆ hasExternalExchangeToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.hasExternalExchangeToken	(	EventBuilder	event,
		UserSessionModel	tokenUserSession,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange

引数

tokenUserSession
params

戻り値

                                                                                                                                               {
         if (getConfig().getAlias().equals(tokenUserSession.getNote(OIDCIdentityProvider.EXCHANGE_PROVIDER))) {
 
             String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE);
             if ((requestedType == null || requestedType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE))) {
                 String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN);
                 if (accessToken != null) {
                     AccessTokenResponse tokenResponse = new AccessTokenResponse();
                     tokenResponse.setToken(accessToken);
                     tokenResponse.setIdToken(null);
                     tokenResponse.setRefreshToken(null);
                     tokenResponse.setRefreshExpiresIn(0);
                     tokenResponse.setExpiresIn(0);
                     tokenResponse.getOtherClaims().clear();
                     tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
                     event.success();
                     return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
                 }
             } else if (OAuth2Constants.ID_TOKEN_TYPE.equals(requestedType)) {
                 String idToken = tokenUserSession.getNote(OIDCIdentityProvider.FEDERATED_ID_TOKEN);
                 if (idToken != null) {
                     AccessTokenResponse tokenResponse = new AccessTokenResponse();
                     tokenResponse.setToken(null);
                     tokenResponse.setIdToken(idToken);
                     tokenResponse.setRefreshToken(null);
                     tokenResponse.setRefreshExpiresIn(0);
                     tokenResponse.setExpiresIn(0);
                     tokenResponse.getOtherClaims().clear();
                     tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ID_TOKEN_TYPE);
                     event.success();
                     return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
                 }
 
             }
 
         }
         return null;
     }

◆ importNewUser() [1/2]

void org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.importNewUser	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user,
		BrokeredIdentityContext	context
	)

inherited

◆ importNewUser() [2/2]

void org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.importNewUser	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user,
		BrokeredIdentityContext	context
	)

inlineinherited

                                                                                                                           {
 
     }

◆ isIssuer()

boolean org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.isIssuer	(	String	issuer,
		MultivaluedMap< String, String >	params
	)

inlineinherited

org.keycloak.broker.provider.ExchangeExternalTokenを実装しています。

                                                                                   {
         if (!supportsExternalExchange()) return false;
         String requestedIssuer = params.getFirst(OAuth2Constants.SUBJECT_ISSUER);
         if (requestedIssuer == null) requestedIssuer = issuer;
         return requestedIssuer.equals(getConfig().getAlias());
     }

◆ keycloakInitiatedBrowserLogout() [1/2]

Response org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.keycloakInitiatedBrowserLogout	(	KeycloakSession	session,
		UserSessionModel	userSession,
		UriInfo	uriInfo,
		RealmModel	realm
	)

inlineinherited

                                                                                                                                              {
         return null;
     }

◆ keycloakInitiatedBrowserLogout() [2/2]

Response org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.keycloakInitiatedBrowserLogout	(	KeycloakSession	session,
		UserSessionModel	userSession,
		UriInfo	uriInfo,
		RealmModel	realm
	)

inherited

Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP

引数

userSession
uriInfo
realm

戻り値: null if this is not supported by this provider

◆ performLogin() [1/2]

Response org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.performLogin ( AuthenticationRequest request )

inherited

Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

引数

request The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.

戻り値

org.keycloak.social.twitter.TwitterIdentityProviderで実装されています。

◆ performLogin() [2/2]

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.performLogin ( AuthenticationRequest request )

inlineinherited

                                                                 {
         try {
             URI authorizationUrl = createAuthorizationUrl(request).build();
 
             return Response.seeOther(authorizationUrl).build();
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not create authentication request.", e);
         }
     }

◆ preprocessFederatedIdentity() [1/2]

void org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.preprocessFederatedIdentity	(	KeycloakSession	session,
		RealmModel	realm,
		BrokeredIdentityContext	context
	)

inherited

◆ preprocessFederatedIdentity() [2/2]

void org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.preprocessFederatedIdentity	(	KeycloakSession	session,
		RealmModel	realm,
		BrokeredIdentityContext	context
	)

inlineinherited

                                                                                                                         {
 
     }

◆ retrieveToken() [1/2]

Response org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.retrieveToken	(	KeycloakSession	session,
		FederatedIdentityModel	identity
	)

inherited

Returns a javax.ws.rs.core.Response containing the token previously stored during the authentication process for a specific user.

引数

identity

戻り値

org.keycloak.social.twitter.TwitterIdentityProviderで実装されています。

◆ retrieveToken() [2/2]

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.retrieveToken	(	KeycloakSession	session,
		FederatedIdentityModel	identity
	)

inlineinherited

                                                                                             {
         return Response.ok(identity.getToken()).build();
     }

◆ supportsExternalExchange()

boolean org.keycloak.social.microsoft.MicrosoftIdentityProvider.supportsExternalExchange ( )

inlineprotected

                                                  {
         return true;
     }

◆ updateBrokeredUser() [1/2]

void org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.updateBrokeredUser	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user,
		BrokeredIdentityContext	context
	)

inherited

◆ updateBrokeredUser() [2/2]

void org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.updateBrokeredUser	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user,
		BrokeredIdentityContext	context
	)

inlineinherited

                                                                                                                                {
 
     }

◆ validateExternalTokenThroughUserInfo()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.validateExternalTokenThroughUserInfo	(	EventBuilder	event,
		String	subjectToken,
		String	subjectTokenType
	)

inlineprotectedinherited

                                                                                                                                              {
         event.detail("validation_method", "user info");
         SimpleHttp.Response response = null;
         int status = 0;
         try {
             String userInfoUrl = getProfileEndpointForValidation(event);
             response = buildUserInfoRequest(subjectToken, userInfoUrl).asResponse();
             status = response.getStatus();
         } catch (IOException e) {
             logger.debug("Failed to invoke user info for external exchange", e);
         }
         if (status != 200) {
             logger.debug("Failed to invoke user info status: " + status);
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         JsonNode profile = null;
         try {
             profile = response.asJson();
         } catch (IOException e) {
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         BrokeredIdentityContext context = extractIdentityFromProfile(event, profile);
         if (context.getId() == null) {
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         return context;
     }

メンバ詳解

◆ ACCESS_DENIED

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.ACCESS_DENIED = "access_denied"

staticinherited

◆ ACCOUNT_LINK_URL

final String org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.ACCOUNT_LINK_URL = "account-link-url"

staticinherited

◆ AUTH_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.AUTH_URL = "https://login.live.com/oauth20_authorize.srf"

static

◆ DEFAULT_SCOPE

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.DEFAULT_SCOPE = "wl.basic,wl.emails"

static

◆ EXTERNAL_IDENTITY_PROVIDER [1/2]

String org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.EXTERNAL_IDENTITY_PROVIDER

inherited

◆ EXTERNAL_IDENTITY_PROVIDER [2/2]

String org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.EXTERNAL_IDENTITY_PROVIDER = "EXTERNAL_IDENTITY_PROVIDER"

inherited

◆ FEDERATED_ACCESS_TOKEN [1/2]

String org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN"

inherited

◆ FEDERATED_ACCESS_TOKEN [2/2]

String org.keycloak.broker.provider.IdentityProvider< C extends IdentityProviderModel >.FEDERATED_ACCESS_TOKEN

inherited

◆ FEDERATED_REFRESH_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN"

staticinherited

◆ FEDERATED_TOKEN_EXPIRATION

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION"

staticinherited

◆ log

final Logger org.keycloak.social.microsoft.MicrosoftIdentityProvider.log = Logger.getLogger(MicrosoftIdentityProvider.class)

staticprivate

◆ logger

final Logger org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.logger = Logger.getLogger(AbstractOAuth2IdentityProvider.class)

staticprotectedinherited

◆ mapper

ObjectMapper org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.mapper = new ObjectMapper()

staticprotectedinherited

◆ OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"

staticinherited

◆ OAUTH2_GRANT_TYPE_REFRESH_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_GRANT_TYPE_REFRESH_TOKEN = "refresh_token"

staticinherited

◆ OAUTH2_PARAMETER_ACCESS_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token"

staticinherited

◆ OAUTH2_PARAMETER_CLIENT_ID

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CLIENT_ID = "client_id"

staticinherited

◆ OAUTH2_PARAMETER_CLIENT_SECRET

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CLIENT_SECRET = "client_secret"

staticinherited

◆ OAUTH2_PARAMETER_CODE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CODE = "code"

staticinherited

◆ OAUTH2_PARAMETER_GRANT_TYPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_GRANT_TYPE = "grant_type"

staticinherited

◆ OAUTH2_PARAMETER_REDIRECT_URI

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_REDIRECT_URI = "redirect_uri"

staticinherited

◆ OAUTH2_PARAMETER_RESPONSE_TYPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_RESPONSE_TYPE = "response_type"

staticinherited

◆ OAUTH2_PARAMETER_SCOPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_SCOPE = "scope"

staticinherited

◆ OAUTH2_PARAMETER_STATE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_STATE = "state"

staticinherited

◆ PROFILE_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.PROFILE_URL = "https://apis.live.net/v5.0/me"

static

◆ session

final KeycloakSession org.keycloak.broker.provider.AbstractIdentityProvider< C extends IdentityProviderModel >.session

protectedinherited

◆ TOKEN_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.TOKEN_URL = "https://login.live.com/oauth20_token.srf"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java

公開メンバ関数

公開変数類

静的公開変数類

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ MicrosoftIdentityProvider()

関数詳解

◆ asJsonNode()

◆ authenticationFinished() [1/2]

◆ authenticationFinished() [2/2]

◆ backchannelLogout() [1/2]

◆ backchannelLogout() [2/2]

◆ buildUserInfoRequest()

◆ callback() [1/2]

◆ callback() [2/2]

◆ close() [1/2]

◆ close() [2/2]

◆ createAuthorizationUrl()

◆ doGetFederatedIdentity()

◆ exchangeErrorResponse()

◆ exchangeExternal()

◆ exchangeExternalComplete()

◆ exchangeExternalImpl()

◆ exchangeExternalUserInfoValidationOnly()

◆ exchangeFromToken()

◆ exchangeNotLinked()

◆ exchangeNotLinkedNoStore()

◆ exchangeNotSupported()

◆ exchangeSessionToken()

◆ exchangeStoredToken()

◆ exchangeTokenExpired()

◆ exchangeUnsupportedRequiredType()

◆ export() [1/2]

◆ export() [2/2]

◆ extractIdentityFromProfile()

◆ extractTokenFromResponse()

◆ getAccessTokenResponseParameter()

◆ getConfig()

◆ getDefaultScopes()

◆ getFederatedIdentity()

◆ getJsonProperty()

◆ getLinkingUrl()

◆ getMarshaller() [1/2]

◆ getMarshaller() [2/2]

◆ getProfileEndpointForValidation()

◆ hasExternalExchangeToken()

◆ importNewUser() [1/2]

◆ importNewUser() [2/2]

◆ isIssuer()

◆ keycloakInitiatedBrowserLogout() [1/2]

◆ keycloakInitiatedBrowserLogout() [2/2]

◆ performLogin() [1/2]

◆ performLogin() [2/2]

◆ preprocessFederatedIdentity() [1/2]

◆ preprocessFederatedIdentity() [2/2]

◆ retrieveToken() [1/2]

◆ retrieveToken() [2/2]

◆ supportsExternalExchange()

◆ updateBrokeredUser() [1/2]

◆ updateBrokeredUser() [2/2]

◆ validateExternalTokenThroughUserInfo()

メンバ詳解

◆ ACCESS_DENIED

◆ ACCOUNT_LINK_URL

◆ AUTH_URL

◆ DEFAULT_SCOPE

◆ EXTERNAL_IDENTITY_PROVIDER [1/2]

◆ EXTERNAL_IDENTITY_PROVIDER [2/2]

◆ FEDERATED_ACCESS_TOKEN [1/2]

◆ FEDERATED_ACCESS_TOKEN [2/2]

◆ FEDERATED_REFRESH_TOKEN

◆ FEDERATED_TOKEN_EXPIRATION

◆ log

◆ logger

◆ mapper

◆ OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE