org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler クラス

org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler の継承関係図

org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler 連携図

公開メンバ関数
	IdpVerifyAccountLinkActionTokenHandler ()
Predicate<? super IdpVerifyAccountLinkActionToken > []	getVerifiers (ActionTokenContext< IdpVerifyAccountLinkActionToken > tokenContext)
Response	handleToken (IdpVerifyAccountLinkActionToken token, ActionTokenContext< IdpVerifyAccountLinkActionToken > tokenContext)
ActionTokenHandler< T >	create (KeycloakSession session)
void	init (Scope config)
void	postInit (KeycloakSessionFactory factory)
String	getId ()
void	close ()
Class< T >	getTokenClass ()
EventType	eventType ()
String	getDefaultErrorMessage ()
String	getDefaultEventError ()
String	getAuthenticationSessionIdFromToken (T token, ActionTokenContext< T > tokenContext, AuthenticationSessionModel currentAuthSession)
AuthenticationSessionModel	startFreshAuthenticationSession (T token, ActionTokenContext< T > tokenContext)
boolean	canUseTokenRepeatedly (T token, ActionTokenContext< T > tokenContext)
Response	handleToken (T token, ActionTokenContext< T > tokenContext)
default Predicate<? super T > []	getVerifiers (ActionTokenContext< T > tokenContext)

詳解

Action token handler for verification of e-mail address.

著者

hmlnarik

構築子と解体子

IdpVerifyAccountLinkActionTokenHandler()

org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler.IdpVerifyAccountLinkActionTokenHandler ( )

inline

                                                    {
        super(
          IdpVerifyAccountLinkActionToken.TOKEN_TYPE,
          IdpVerifyAccountLinkActionToken.class,
          Messages.STALE_CODE,
          EventType.IDENTITY_PROVIDER_LINK_ACCOUNT,
          Errors.INVALID_TOKEN
        );
    }

関数詳解

canUseTokenRepeatedly()

boolean org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.canUseTokenRepeatedly ( T  token, ActionTokenContext< T >  tokenContext  )

inlineinherited

                                                                                      {
        return true;
    }

close()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.close ( )

inlineinherited

                        {
    }

create()

ActionTokenHandler<T> org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.create ( KeycloakSession  session )

inlineinherited

                                                                 {
        return this;
    }

eventType()

EventType org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.eventType ( )

inlineinherited

                                 {
        return this.defaultEventType;
    }

getAuthenticationSessionIdFromToken()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getAuthenticationSessionIdFromToken ( T  token, ActionTokenContext< T >  tokenContext, AuthenticationSessionModel  currentAuthSession  )

inlineinherited

                                                                                                                                                  {
        return token instanceof DefaultActionToken ? ((DefaultActionToken) token).getCompoundAuthenticationSessionId() : null;
    }

getDefaultErrorMessage()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getDefaultErrorMessage ( )

inlineinherited

                                           {
        return this.defaultErrorMessage;
    }

getDefaultEventError()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getDefaultEventError ( )

inlineinherited

                                         {
        return this.defaultEventError;
    }

getId()

String org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getId ( )

inlineinherited

                          {
        return this.id;
    }

getTokenClass()

Class<T> org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.getTokenClass ( )

inlineinherited

                                    {
        return this.tokenClass;
    }

getVerifiers() [1/2]

Predicate<? super IdpVerifyAccountLinkActionToken> [] org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler.getVerifiers ( ActionTokenContext< IdpVerifyAccountLinkActionToken >  tokenContext )

inline

                                                                                                                                               {
        return TokenUtils.predicates(
        );
    }

getVerifiers() [2/2]

default Predicate<? super T> [] org.keycloak.authentication.actiontoken.ActionTokenHandler< T extends JsonWebToken >.getVerifiers ( ActionTokenContext< T >  tokenContext )

inlineinherited

Returns an array of verifiers that are tested prior to handling the token. All verifiers have to pass successfully for token to be handled. The returned array must not be

null 

.

引数

tokenContext

戻り値

Verifiers or an empty array. The returned array must not be

null 

.

                                                                                    {
        return new Predicate[] {};
    }

handleToken() [1/2]

Response org.keycloak.authentication.actiontoken.ActionTokenHandler< T extends JsonWebToken >.handleToken ( T  token, ActionTokenContext< T >  tokenContext  )

inherited

Performs the action as per the token details. This method is only called if all verifiers returned in handleToken succeed.

引数

token
tokenContext

戻り値

handleToken() [2/2]

Response org.keycloak.authentication.actiontoken.idpverifyemail.IdpVerifyAccountLinkActionTokenHandler.handleToken ( IdpVerifyAccountLinkActionToken  token, ActionTokenContext< IdpVerifyAccountLinkActionToken >  tokenContext  )

inline

                                                                                                                                         {
        UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser();
        EventBuilder event = tokenContext.getEvent();
        final UriInfo uriInfo = tokenContext.getUriInfo();
        final RealmModel realm = tokenContext.getRealm();
        final KeycloakSession session = tokenContext.getSession();

        event.event(EventType.IDENTITY_PROVIDER_LINK_ACCOUNT)
          .detail(Details.EMAIL, user.getEmail())
          .detail(Details.IDENTITY_PROVIDER, token.getIdentityProviderAlias())
          .detail(Details.IDENTITY_PROVIDER_USERNAME, token.getIdentityProviderUsername())
          .success();

        AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession();
        if (tokenContext.isAuthenticationSessionFresh()) {
            token.setOriginalCompoundAuthenticationSessionId(token.getCompoundAuthenticationSessionId());

            String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authSession).getEncodedId();
            token.setCompoundAuthenticationSessionId(authSessionEncodedId);
            UriBuilder builder = Urls.actionTokenBuilder(uriInfo.getBaseUri(), token.serialize(session, realm, uriInfo),
                    authSession.getClient().getClientId(), authSession.getTabId());
            String confirmUri = builder.build(realm.getName()).toString();

            return session.getProvider(LoginFormsProvider.class)
                    .setAuthenticationSession(authSession)
                    .setSuccess(Messages.CONFIRM_ACCOUNT_LINKING, token.getIdentityProviderUsername(), token.getIdentityProviderAlias())
                    .setAttribute(Constants.TEMPLATE_ATTR_ACTION_URI, confirmUri)
                    .createInfoPage();
        }

        // verify user email as we know it is valid as this entry point would never have gotten here.
        user.setEmailVerified(true);

        if (token.getOriginalCompoundAuthenticationSessionId() != null) {
            AuthenticationSessionManager asm = new AuthenticationSessionManager(session);
            asm.removeAuthenticationSession(realm, authSession, true);

            AuthenticationSessionCompoundId compoundId = AuthenticationSessionCompoundId.encoded(token.getOriginalCompoundAuthenticationSessionId());
            ClientModel originalClient = realm.getClientById(compoundId.getClientUUID());
            authSession = asm.getAuthenticationSessionByIdAndClient(realm, compoundId.getRootSessionId(), originalClient, compoundId.getTabId());

            if (authSession != null) {
                authSession.setAuthNote(IdpEmailVerificationAuthenticator.VERIFY_ACCOUNT_IDP_USERNAME, token.getIdentityProviderUsername());
            } else {

                session.authenticationSessions().updateNonlocalSessionAuthNotes(
                        compoundId,
                  Collections.singletonMap(IdpEmailVerificationAuthenticator.VERIFY_ACCOUNT_IDP_USERNAME, token.getIdentityProviderUsername())
                );
            }

            return session.getProvider(LoginFormsProvider.class)
                    .setAuthenticationSession(authSession)
                    .setSuccess(Messages.IDENTITY_PROVIDER_LINK_SUCCESS, token.getIdentityProviderAlias(), token.getIdentityProviderUsername())
                    .setAttribute(Constants.SKIP_LINK, true)
                    .createInfoPage();
        }

        authSession.setAuthNote(IdpEmailVerificationAuthenticator.VERIFY_ACCOUNT_IDP_USERNAME, token.getIdentityProviderUsername());

        return tokenContext.brokerFlow(null, null, authSession.getAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH));
    }

init()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.init ( Scope  config )

inlineinherited

                                   {
    }

postInit()

void org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.postInit ( KeycloakSessionFactory  factory )

inlineinherited

                                                         {
    }

startFreshAuthenticationSession()

AuthenticationSessionModel org.keycloak.authentication.actiontoken.AbstractActionTokenHander< T extends JsonWebToken >.startFreshAuthenticationSession ( T  token, ActionTokenContext< T >  tokenContext  )

inlineinherited

                                                                                                                   {
        AuthenticationSessionModel authSession = tokenContext.createAuthenticationSessionForClient(token.getIssuedFor());
        authSession.setAuthNote(AuthenticationManager.END_AFTER_REQUIRED_ACTIONS, "true");
        return authSession;
    }

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/authentication/actiontoken/idpverifyemail/IdpVerifyAccountLinkActionTokenHandler.java