org.keycloak.protocol.oidc.OIDCWellKnownProvider の継承関係図

org.keycloak.protocol.oidc.OIDCWellKnownProvider 連携図

公開メンバ関数
	OIDCWellKnownProvider (KeycloakSession session)

Object	getConfig ()

void	close ()

静的公開変数類
static final List< String >	DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.none.toString(), Algorithm.RS256.toString())

static final List< String >	DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.IMPLICIT, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD, OAuth2Constants.CLIENT_CREDENTIALS)

static final List< String >	DEFAULT_RESPONSE_TYPES_SUPPORTED = list(OAuth2Constants.CODE, OIDCResponseType.NONE, OIDCResponseType.ID_TOKEN, OIDCResponseType.TOKEN, "id_token token", "code id_token", "code token", "code id_token token")

static final List< String >	DEFAULT_SUBJECT_TYPES_SUPPORTED = list("public", "pairwise")

static final List< String >	DEFAULT_RESPONSE_MODES_SUPPORTED = list("query", "fragment", "form_post")

static final List< String >	DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.RS256.toString())

static final List< String >	DEFAULT_CLAIMS_SUPPORTED = list("sub", "iss", IDToken.AUTH_TIME, IDToken.NAME, IDToken.GIVEN_NAME, IDToken.FAMILY_NAME, IDToken.PREFERRED_USERNAME, IDToken.EMAIL)

static final List< String >	DEFAULT_CLAIM_TYPES_SUPPORTED = list("normal")

static final List< String >	DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256)

非公開メンバ関数
List< String >	getClientAuthMethodsSupported ()

List< String >	getSupportedSigningAlgorithms (boolean includeNone)

静的非公開メンバ関数
static List< String >	list (String... values)

非公開変数類
KeycloakSession	session

詳解

著者: Stian Thorgersen

構築子と解体子

◆ OIDCWellKnownProvider()

org.keycloak.protocol.oidc.OIDCWellKnownProvider.OIDCWellKnownProvider ( KeycloakSession session )

inline

                                                           {
         this.session = session;
     }

関数詳解

◆ close()

void org.keycloak.protocol.oidc.OIDCWellKnownProvider.close ( )

inline

org.keycloak.provider.Providerを実装しています。

132 {

133 }

◆ getClientAuthMethodsSupported()

List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.getClientAuthMethodsSupported ( )

inlineprivate

                                                          {
         List<String> result = new LinkedList<>();
 
         List<ProviderFactory> providerFactories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class);
         for (ProviderFactory factory : providerFactories) {
             ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
             result.addAll(clientAuthFactory.getProtocolAuthenticatorMethods(OIDCLoginProtocol.LOGIN_PROTOCOL));
         }
 
         return result;
     }

◆ getConfig()

Object org.keycloak.protocol.oidc.OIDCWellKnownProvider.getConfig ( )

inline

org.keycloak.wellknown.WellKnownProviderを実装しています。

                               {
         UriInfo uriInfo = session.getContext().getUri();
         RealmModel realm = session.getContext().getRealm();
 
         UriBuilder uriBuilder = RealmsResource.protocolUrl(uriInfo);
 
         OIDCConfigurationRepresentation config = new OIDCConfigurationRepresentation();
         config.setIssuer(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
         config.setAuthorizationEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "auth").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setTokenEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "token").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setTokenIntrospectionEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "token").path(TokenEndpoint.class, "introspect").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setUserinfoEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "issueUserInfo").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setLogoutEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "logout").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setJwksUri(uriBuilder.clone().path(OIDCLoginProtocolService.class, "certs").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setCheckSessionIframe(uriBuilder.clone().path(OIDCLoginProtocolService.class, "getLoginStatusIframe").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setRegistrationEndpoint(RealmsResource.clientRegistrationUrl(uriInfo).path(ClientRegistrationService.class, "provider").build(realm.getName(), OIDCClientRegistrationProviderFactory.ID).toString());
 
         config.setIdTokenSigningAlgValuesSupported(getSupportedSigningAlgorithms(false));
         config.setUserInfoSigningAlgValuesSupported(getSupportedSigningAlgorithms(true));
         config.setRequestObjectSigningAlgValuesSupported(DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED);
         config.setResponseTypesSupported(DEFAULT_RESPONSE_TYPES_SUPPORTED);
         config.setSubjectTypesSupported(DEFAULT_SUBJECT_TYPES_SUPPORTED);
         config.setResponseModesSupported(DEFAULT_RESPONSE_MODES_SUPPORTED);
         config.setGrantTypesSupported(DEFAULT_GRANT_TYPES_SUPPORTED);
 
         config.setTokenEndpointAuthMethodsSupported(getClientAuthMethodsSupported());
         config.setTokenEndpointAuthSigningAlgValuesSupported(DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED);
 
         config.setClaimsSupported(DEFAULT_CLAIMS_SUPPORTED);
         config.setClaimTypesSupported(DEFAULT_CLAIM_TYPES_SUPPORTED);
         config.setClaimsParameterSupported(false);
 
         List<ClientScopeModel> scopes = realm.getClientScopes();
         List<String> scopeNames = new LinkedList<>();
         for (ClientScopeModel clientScope : scopes) {
             if (clientScope.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
                 scopeNames.add(clientScope.getName());
             }
         }
         scopeNames.add(0, OAuth2Constants.SCOPE_OPENID);
         config.setScopesSupported(scopeNames);
 
         config.setRequestParameterSupported(true);
         config.setRequestUriParameterSupported(true);
 
         // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
         config.setCodeChallengeMethodsSupported(DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED);
 
         // KEYCLOAK-6771 Certificate Bound Token
         // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-6.2
         config.setTlsClientCertificateBoundAccessTokens(true);
 
         return config;
     }

◆ getSupportedSigningAlgorithms()

List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.getSupportedSigningAlgorithms ( boolean includeNone )

inlineprivate

                                                                             {
         List<String> result = new LinkedList<>();
         for (ProviderFactory s : session.getKeycloakSessionFactory().getProviderFactories(SignatureProvider.class)) {
             result.add(s.getId());
         }
         if (includeNone) {
             result.add("none");
         }
         return result;
     }

◆ list()

static List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.list ( String... values )

inlinestaticprivate

                                                        {
         List<String> s = new LinkedList<>();
         for (String v : values) {
             s.add(v);
         }
         return s;
     }

メンバ詳解

◆ DEFAULT_CLAIM_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIM_TYPES_SUPPORTED = list("normal")

static

◆ DEFAULT_CLAIMS_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLAIMS_SUPPORTED = list("sub", "iss", IDToken.AUTH_TIME, IDToken.NAME, IDToken.GIVEN_NAME, IDToken.FAMILY_NAME, IDToken.PREFERRED_USERNAME, IDToken.EMAIL)

static

◆ DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.RS256.toString())

static

◆ DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256)

static

◆ DEFAULT_GRANT_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_GRANT_TYPES_SUPPORTED = list(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.IMPLICIT, OAuth2Constants.REFRESH_TOKEN, OAuth2Constants.PASSWORD, OAuth2Constants.CLIENT_CREDENTIALS)

static

◆ DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED = list(Algorithm.none.toString(), Algorithm.RS256.toString())

static

◆ DEFAULT_RESPONSE_MODES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_MODES_SUPPORTED = list("query", "fragment", "form_post")

static

◆ DEFAULT_RESPONSE_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_RESPONSE_TYPES_SUPPORTED = list(OAuth2Constants.CODE, OIDCResponseType.NONE, OIDCResponseType.ID_TOKEN, OIDCResponseType.TOKEN, "id_token token", "code id_token", "code token", "code id_token token")

static

◆ DEFAULT_SUBJECT_TYPES_SUPPORTED

final List<String> org.keycloak.protocol.oidc.OIDCWellKnownProvider.DEFAULT_SUBJECT_TYPES_SUPPORTED = list("public", "pairwise")

static

◆ session

KeycloakSession org.keycloak.protocol.oidc.OIDCWellKnownProvider.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java

公開メンバ関数

静的公開変数類

非公開メンバ関数

静的非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ OIDCWellKnownProvider()

関数詳解

◆ close()

◆ getClientAuthMethodsSupported()

◆ getConfig()

◆ getSupportedSigningAlgorithms()

◆ list()

メンバ詳解

◆ DEFAULT_CLAIM_TYPES_SUPPORTED

◆ DEFAULT_CLAIMS_SUPPORTED

◆ DEFAULT_CLIENT_AUTH_SIGNING_ALG_VALUES_SUPPORTED

◆ DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED

◆ DEFAULT_GRANT_TYPES_SUPPORTED

◆ DEFAULT_REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED

◆ DEFAULT_RESPONSE_MODES_SUPPORTED

◆ DEFAULT_RESPONSE_TYPES_SUPPORTED

◆ DEFAULT_SUBJECT_TYPES_SUPPORTED

◆ session