org.keycloak.authentication.authenticators.directgrant.ValidateOTP クラス

org.keycloak.authentication.authenticators.directgrant.ValidateOTP の継承関係図

org.keycloak.authentication.authenticators.directgrant.ValidateOTP 連携図

公開メンバ関数
void	authenticate (AuthenticationFlowContext context)
boolean	requiresUser ()
boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)
void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)
boolean	isUserSetupAllowed ()
String	getDisplayType ()
String	getReferenceCategory ()
boolean	isConfigurable ()
AuthenticationExecutionModel.Requirement []	getRequirementChoices ()
String	getHelpText ()
List< ProviderConfigProperty >	getConfigProperties ()
String	getId ()
Response	errorResponse (int status, String error, String errorDescription)
void	action (AuthenticationFlowContext context)
void	close ()
Authenticator	create (KeycloakSession session)
void	init (Config.Scope config)
void	postInit (KeycloakSessionFactory factory)

静的公開変数類
static final String	PROVIDER_ID = "direct-grant-validate-otp"
static final AuthenticationExecutionModel.Requirement []	REQUIREMENT_CHOICES

限定公開メンバ関数
String	retrieveOTP (AuthenticationFlowContext context)

非公開メンバ関数
boolean	isConfigured (KeycloakSession session, RealmModel realm, UserModel user)

詳解

著者

Bill Burke

バージョン

Revision

1

関数詳解

action()

void org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.action ( AuthenticationFlowContext  context )

inlineinherited

                                                          {

    }

authenticate()

void org.keycloak.authentication.authenticators.directgrant.ValidateOTP.authenticate ( AuthenticationFlowContext  context )

inline

                                                                {
        if (!isConfigured(context.getSession(), context.getRealm(), context.getUser())) {
            if (context.getExecution().isOptional()) {
                context.attempted();
            } else if (context.getExecution().isRequired()) {
                context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
                Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials");
                context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
            }
            return;
        }
        String otp = retrieveOTP(context);
        if (otp == null) {
            if (context.getUser() != null) {
                context.getEvent().user(context.getUser());
            }
            context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
            Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials");
            context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
            return;
        }
        boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(), UserCredentialModel.otp(context.getRealm().getOTPPolicy().getType(), otp));
        if (!valid) {
            context.getEvent().user(context.getUser());
            context.getEvent().error(Errors.INVALID_USER_CREDENTIALS);
            Response challengeResponse = errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials");
            context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
            return;
        }

        context.success();
    }

close()

void org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.close ( )

inlineinherited

                        {

    }

configuredFor()

boolean org.keycloak.authentication.authenticators.directgrant.ValidateOTP.configuredFor ( KeycloakSession  session, RealmModel  realm, UserModel  user  )

inline

                                                                                            {
        return true;
    }

create()

Authenticator org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.create ( KeycloakSession  session )

inlineinherited

                                                         {
        return this;
    }

errorResponse()

Response org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.errorResponse ( int  status, String  error, String  errorDescription  )

inlineinherited

                                                                                     {
        OAuth2ErrorRepresentation errorRep = new OAuth2ErrorRepresentation(error, errorDescription);
        return Response.status(status).entity(errorRep).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

getConfigProperties()

List<ProviderConfigProperty> org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getConfigProperties ( )

inline

                                                              {
        return new LinkedList<>();
    }

getDisplayType()

String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getDisplayType ( )

inline

                                   {
        return "OTP";
    }

getHelpText()

String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getHelpText ( )

inline

                                {
        return "Validates the one time password supplied as a 'totp' form parameter in direct grant request";
    }

getId()

String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getId ( )

inline

                          {
        return PROVIDER_ID;
    }

getReferenceCategory()

String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getReferenceCategory ( )

inline

                                         {
        return null;
    }

getRequirementChoices()

AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.directgrant.ValidateOTP.getRequirementChoices ( )

inline

                                                                              {
        return REQUIREMENT_CHOICES;
    }

init()

void org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.init ( Config.Scope  config )

inlineinherited

                                          {

    }

isConfigurable()

boolean org.keycloak.authentication.authenticators.directgrant.ValidateOTP.isConfigurable ( )

inline

                                    {
        return false;
    }

isConfigured()

boolean org.keycloak.authentication.authenticators.directgrant.ValidateOTP.isConfigured ( KeycloakSession  session, RealmModel  realm, UserModel  user  )

inlineprivate

                                                                                            {
        return session.userCredentialManager().isConfiguredFor(realm, user, realm.getOTPPolicy().getType());
    }

isUserSetupAllowed()

boolean org.keycloak.authentication.authenticators.directgrant.ValidateOTP.isUserSetupAllowed ( )

inline

                                        {
        return false;
    }

postInit()

void org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator.postInit ( KeycloakSessionFactory  factory )

inlineinherited

                                                         {

    }

requiresUser()

boolean org.keycloak.authentication.authenticators.directgrant.ValidateOTP.requiresUser ( )

inline

                                  {
        return true;
    }

retrieveOTP()

String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.retrieveOTP ( AuthenticationFlowContext  context )

inlineprotected

                                                                    {
        MultivaluedMap<String, String> inputData = context.getHttpRequest().getDecodedFormParameters();
        return inputData.getFirst(CredentialRepresentation.TOTP);
    }

setRequiredActions()

void org.keycloak.authentication.authenticators.directgrant.ValidateOTP.setRequiredActions ( KeycloakSession  session, RealmModel  realm, UserModel  user  )

inline

                                                                                              {

    }

メンバ詳解

PROVIDER_ID

final String org.keycloak.authentication.authenticators.directgrant.ValidateOTP.PROVIDER_ID = "direct-grant-validate-otp"

static

REQUIREMENT_CHOICES

final AuthenticationExecutionModel.Requirement [] org.keycloak.authentication.authenticators.directgrant.ValidateOTP.REQUIREMENT_CHOICES

static

初期値:

= {
            AuthenticationExecutionModel.Requirement.REQUIRED,
            AuthenticationExecutionModel.Requirement.OPTIONAL,
            AuthenticationExecutionModel.Requirement.DISABLED
    }

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/directgrant/ValidateOTP.java