org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder クラス

org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder 連携図

公開メンバ関数
	AccessTokenResponseBuilder (RealmModel realm, ClientModel client, EventBuilder event, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
AccessToken	getAccessToken ()
RefreshToken	getRefreshToken ()
IDToken	getIdToken ()
AccessTokenResponseBuilder	accessToken (AccessToken accessToken)
AccessTokenResponseBuilder	refreshToken (RefreshToken refreshToken)
AccessTokenResponseBuilder	generateAccessToken ()
AccessTokenResponseBuilder	generateRefreshToken ()
AccessTokenResponseBuilder	generateIDToken ()
AccessTokenResponseBuilder	generateAccessTokenHash ()
AccessTokenResponseBuilder	generateCodeHash (String code)
AccessTokenResponseBuilder	generateStateHash (String state)
AccessTokenResponse	build ()

変数
RealmModel	realm
ClientModel	client
EventBuilder	event
KeycloakSession	session
UserSessionModel	userSession
ClientSessionContext	clientSessionCtx
AccessToken	accessToken
RefreshToken	refreshToken
IDToken	idToken
boolean	generateAccessTokenHash = false
String	codeHash
String	stateHash

非公開メンバ関数
int	getRefreshExpiration ()

詳解

構築子と解体子

AccessTokenResponseBuilder()

org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.AccessTokenResponseBuilder ( RealmModel  realm, ClientModel  client, EventBuilder  event, KeycloakSession  session, UserSessionModel  userSession, ClientSessionContext  clientSessionCtx  )

inline

                                                                                                               {
            this.realm = realm;
            this.client = client;
            this.event = event;
            this.session = session;
            this.userSession = userSession;
            this.clientSessionCtx = clientSessionCtx;
        }

関数詳解

accessToken()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.accessToken ( AccessToken  accessToken )

inline

                                                                               {
            this.accessToken = accessToken;
            return this;
        }

build()

AccessTokenResponse org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.build ( )

inline

                                           {
            if (accessToken != null) {
                event.detail(Details.TOKEN_ID, accessToken.getId());
            }

            if (refreshToken != null) {
                if (event.getEvent().getDetails().containsKey(Details.REFRESH_TOKEN_ID)) {
                    event.detail(Details.UPDATED_REFRESH_TOKEN_ID, refreshToken.getId());
                } else {
                    event.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId());
                }
                event.detail(Details.REFRESH_TOKEN_TYPE, refreshToken.getType());
            }

            AccessTokenResponse res = new AccessTokenResponse();

            if (accessToken != null) {
                String encodedToken = session.tokens().encode(accessToken);
                res.setToken(encodedToken);
                res.setTokenType("bearer");
                res.setSessionState(accessToken.getSessionState());
                if (accessToken.getExpiration() != 0) {
                    res.setExpiresIn(accessToken.getExpiration() - Time.currentTime());
                }
            }

            if (generateAccessTokenHash) {
                String atHash = HashProvider.oidcHash(session.tokens().signatureAlgorithm(TokenCategory.ID), res.getToken());
                idToken.setAccessTokenHash(atHash);
            }
            if (codeHash != null) {
                idToken.setCodeHash(codeHash);
            }
            // Financial API - Part 2: Read and Write API Security Profile
            // http://openid.net/specs/openid-financial-api-part-2.html#authorization-server
            if (stateHash != null) {
                idToken.setStateHash(stateHash);
            }
            if (idToken != null) {
                String encodedToken = session.tokens().encode(idToken);
                res.setIdToken(encodedToken);
            }
            if (refreshToken != null) {
                String encodedToken = session.tokens().encode(refreshToken);
                res.setRefreshToken(encodedToken);
                if (refreshToken.getExpiration() != 0) {
                    res.setRefreshExpiresIn(refreshToken.getExpiration() - Time.currentTime());
                }
            }

            int notBefore = realm.getNotBefore();
            if (client.getNotBefore() > notBefore) notBefore = client.getNotBefore();
            int userNotBefore = session.users().getNotBeforeOfUser(realm, userSession.getUser());
            if (userNotBefore > notBefore) notBefore = userNotBefore;
            res.setNotBeforePolicy(notBefore);

            // OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint
            String responseScope = clientSessionCtx.getScopeString();
            res.setScope(responseScope);
            event.detail(Details.SCOPE, responseScope);

            return res;
        }

generateAccessToken()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateAccessToken ( )

inline

                                                                {
            UserModel user = userSession.getUser();
            accessToken = createClientAccessToken(session, realm, client, user, userSession, clientSessionCtx);
            return this;
        }

generateAccessTokenHash()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateAccessTokenHash ( )

inline

                                                                    {
            generateAccessTokenHash = true;
            return this;
        }

generateCodeHash()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateCodeHash ( String  code )

inline

                                                                        {
            codeHash = HashProvider.oidcHash(session.tokens().signatureAlgorithm(TokenCategory.ID), code);
            return this;
        }

generateIDToken()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateIDToken ( )

inline

                                                            {
            if (accessToken == null) {
                throw new IllegalStateException("accessToken not set");
            }
            idToken = new IDToken();
            idToken.id(KeycloakModelUtils.generateId());
            idToken.type(TokenUtil.TOKEN_TYPE_ID);
            idToken.subject(accessToken.getSubject());
            idToken.audience(client.getClientId());
            idToken.issuedNow();
            idToken.issuedFor(accessToken.getIssuedFor());
            idToken.issuer(accessToken.getIssuer());
            idToken.setNonce(accessToken.getNonce());
            idToken.setAuthTime(accessToken.getAuthTime());
            idToken.setSessionState(accessToken.getSessionState());
            idToken.expiration(accessToken.getExpiration());
            idToken.setAcr(accessToken.getAcr());
            transformIDToken(session, idToken, userSession, clientSessionCtx);
            return this;
        }

generateRefreshToken()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateRefreshToken ( )

inline

                                                                 {
            if (accessToken == null) {
                throw new IllegalStateException("accessToken not set");
            }

            ClientScopeModel offlineAccessScope = KeycloakModelUtils.getClientScopeByName(realm, OAuth2Constants.OFFLINE_ACCESS);
            boolean offlineTokenRequested = offlineAccessScope==null ? false : clientSessionCtx.getClientScopeIds().contains(offlineAccessScope.getId());
            if (offlineTokenRequested) {
                UserSessionManager sessionManager = new UserSessionManager(session);
                if (!sessionManager.isOfflineTokenAllowed(clientSessionCtx)) {
                    event.error(Errors.NOT_ALLOWED);
                    throw new ErrorResponseException("not_allowed", "Offline tokens not allowed for the user or client", Response.Status.BAD_REQUEST);
                }

                refreshToken = new RefreshToken(accessToken);
                refreshToken.type(TokenUtil.TOKEN_TYPE_OFFLINE);
                sessionManager.createOrUpdateOfflineSession(clientSessionCtx.getClientSession(), userSession);
            } else {
                refreshToken = new RefreshToken(accessToken);
                refreshToken.expiration(getRefreshExpiration());
            }
            refreshToken.id(KeycloakModelUtils.generateId());
            refreshToken.issuedNow();
            return this;
        }

generateStateHash()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateStateHash ( String  state )

inline

                                                                          {
            stateHash = HashProvider.oidcHash(session.tokens().signatureAlgorithm(TokenCategory.ID), state);
            return this;
        }

getAccessToken()

AccessToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.getAccessToken ( )

inline

                                            {
            return accessToken;
        }

getIdToken()

IDToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.getIdToken ( )

inline

                                    {
            return idToken;
        }

getRefreshExpiration()

int org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.getRefreshExpiration ( )

inlineprivate

                                           {
            int sessionExpires = userSession.getStarted() + realm.getSsoSessionMaxLifespan();
            int expiration = Time.currentTime() + realm.getSsoSessionIdleTimeout();
            return expiration <= sessionExpires ? expiration : sessionExpires;
        }

getRefreshToken()

RefreshToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.getRefreshToken ( )

inline

                                              {
            return refreshToken;
        }

refreshToken()

AccessTokenResponseBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.refreshToken ( RefreshToken  refreshToken )

inline

                                                                                  {
            this.refreshToken = refreshToken;
            return this;
        }

メンバ詳解

accessToken

AccessToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.accessToken

package

client

ClientModel org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.client

package

clientSessionCtx

ClientSessionContext org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.clientSessionCtx

package

codeHash

String org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.codeHash

package

event

EventBuilder org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.event

package

generateAccessTokenHash

boolean org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.generateAccessTokenHash = false

package

idToken

IDToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.idToken

package

realm

RealmModel org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.realm

package

refreshToken

RefreshToken org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.refreshToken

package

session

KeycloakSession org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.session

package

stateHash

String org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.stateHash

package

userSession

UserSessionModel org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder.userSession

package

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/protocol/oidc/TokenManager.java