org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider の継承関係図

org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider 連携図

公開メンバ関数
	OIDCClientRegistrationProvider (KeycloakSession session)

Response	createOIDC (OIDCClientRepresentation clientOIDC)

Response	getOIDC (@PathParam("clientId") String clientId)

Response	updateOIDC (@PathParam("clientId") String clientId, OIDCClientRepresentation clientOIDC)

void	deleteOIDC (@PathParam("clientId") String clientId)

ClientRepresentation	create (ClientRegistrationContext context)

ClientRepresentation	get (String clientId)

ClientRepresentation	update (String clientId, ClientRegistrationContext context)

void	delete (String clientId)

void	setAuth (ClientRegistrationAuth auth)

ClientRegistrationAuth	getAuth ()

void	setEvent (EventBuilder event)

EventBuilder	getEvent ()

void	close ()

限定公開変数類
KeycloakSession	session

EventBuilder	event

ClientRegistrationAuth	auth

非公開メンバ関数
void	updatePairwiseSubMappers (ClientModel clientModel, SubjectType subjectType, String sectorIdentifierUri)

void	updateClientRepWithProtocolMappers (ClientModel clientModel, ClientRepresentation rep)

静的非公開変数類
static final Logger	logger = Logger.getLogger(OIDCClientRegistrationProvider.class)

詳解

著者: Stian Thorgersen

構築子と解体子

◆ OIDCClientRegistrationProvider()

org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.OIDCClientRegistrationProvider ( KeycloakSession session )

inline

                                                                    {
         super(session);
     }

関数詳解

◆ close()

void org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.close ( )

inlineinherited

194 {

195 }

◆ create()

ClientRepresentation org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.create ( ClientRegistrationContext context )

inlineinherited

                                                                           {
         ClientRepresentation client = context.getClient();
 
         event.event(EventType.CLIENT_REGISTER);
 
         RegistrationAuth registrationAuth = auth.requireCreate(context);
 
         ValidationMessages validationMessages = new ValidationMessages();
         if (!context.validateClient(validationMessages)) {
             String errorCode = validationMessages.fieldHasError("redirectUris") ? ErrorCodes.INVALID_REDIRECT_URI : ErrorCodes.INVALID_CLIENT_METADATA;
             throw new ErrorResponseException(
                     errorCode,
                     validationMessages.getStringMessages(),
                     Response.Status.BAD_REQUEST
             );
         }
 
         try {
             RealmModel realm = session.getContext().getRealm();
             ClientModel clientModel = new ClientManager(new RealmManager(session)).createClient(session, realm, client, true);
 
             if (clientModel.isServiceAccountsEnabled()) {
                 new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
             }
 
             if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
                 RepresentationToModel.createResourceServer(clientModel, session, true);
             }
 
             ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel);
 
             client = ModelToRepresentation.toRepresentation(clientModel, session);
 
             client.setSecret(clientModel.getSecret());
 
             String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, clientModel, registrationAuth);
             client.setRegistrationAccessToken(registrationAccessToken);
 
             if (auth.isInitialAccessToken()) {
                 ClientInitialAccessModel initialAccessModel = auth.getInitialAccessModel();
                 session.realms().decreaseRemainingCount(realm, initialAccessModel);
             }
 
             event.client(client.getClientId()).success();
             return client;
         } catch (ModelDuplicateException e) {
             throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier in use", Response.Status.BAD_REQUEST);
         }
     }

◆ createOIDC()

Response org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.createOIDC ( OIDCClientRepresentation clientOIDC )

inline

                                                                     {
         if (clientOIDC.getClientId() != null) {
             throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier included", Response.Status.BAD_REQUEST);
         }
 
         try {
             ClientRepresentation client = DescriptionConverter.toInternal(session, clientOIDC);
             List<String> grantTypes = clientOIDC.getGrantTypes();
 
             if (grantTypes != null && grantTypes.contains(OAuth2Constants.UMA_GRANT_TYPE)) {
                 client.setAuthorizationServicesEnabled(true);
             }
 
             OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC);
             client = create(oidcContext);
 
             ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId());
             updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri());
             updateClientRepWithProtocolMappers(clientModel, client);
 
             URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build();
             clientOIDC = DescriptionConverter.toExternalResponse(session, client, uri);
             clientOIDC.setClientIdIssuedAt(Time.currentTime());
             return Response.created(uri).entity(clientOIDC).build();
         } catch (ClientRegistrationException cre) {
             ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage());
             throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
         }
     }

◆ delete()

void org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.delete ( String clientId )

inlineinherited

                                         {
         event.event(EventType.CLIENT_DELETE).client(clientId);
 
         ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
         auth.requireDelete(client);
 
         if (new ClientManager(new RealmManager(session)).removeClient(session.getContext().getRealm(), client)) {
             event.client(client.getClientId()).success();
         } else {
             throw new ForbiddenException();
         }
     }

◆ deleteOIDC()

void org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.deleteOIDC ( @PathParam("clientId") String clientId )

inline

                                                                    {
         delete(clientId);
     }

◆ get()

ClientRepresentation org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.get ( String clientId )

inlineinherited

                                                      {
         event.event(EventType.CLIENT_INFO);
 
         ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
         auth.requireView(client);
 
         ClientRepresentation rep = ModelToRepresentation.toRepresentation(client, session);
         if (client.getSecret() != null) {
             rep.setSecret(client.getSecret());
         }
 
         if (auth.isRegistrationAccessToken()) {
             String registrationAccessToken = ClientRegistrationTokenUtils.updateTokenSignature(session, auth);
             rep.setRegistrationAccessToken(registrationAccessToken);
         }
 
         event.client(client.getClientId()).success();
         return rep;
     }

◆ getAuth()

ClientRegistrationAuth org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.getAuth ( )

inlineinherited

org.keycloak.services.clientregistration.ClientRegistrationProviderを実装しています。

                                             {
         return this.auth;
     }

◆ getEvent()

EventBuilder org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.getEvent ( )

inlineinherited

org.keycloak.services.clientregistration.ClientRegistrationProviderを実装しています。

                                    {
         return event;
     }

◆ getOIDC()

Response org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.getOIDC ( @PathParam("clientId") String clientId )

inline

                                                                     {
         ClientRepresentation client = get(clientId);
         OIDCClientRepresentation clientOIDC = DescriptionConverter.toExternalResponse(session, client, session.getContext().getUri().getRequestUri());
         return Response.ok(clientOIDC).build();
     }

◆ setAuth()

void org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.setAuth ( ClientRegistrationAuth auth )

inlineinherited

org.keycloak.services.clientregistration.ClientRegistrationProviderを実装しています。

                                                      {
         this.auth = auth;
     }

◆ setEvent()

void org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.setEvent ( EventBuilder event )

inlineinherited

org.keycloak.services.clientregistration.ClientRegistrationProviderを実装しています。

                                              {
         this.event = event;
     }

◆ update()

ClientRepresentation org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.update	(	String	clientId,
		ClientRegistrationContext	context
	)

inlineinherited

                                                                                            {
         ClientRepresentation rep = context.getClient();
 
         event.event(EventType.CLIENT_UPDATE).client(clientId);
 
         ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
         RegistrationAuth registrationAuth = auth.requireUpdate(context, client);
 
         if (!client.getClientId().equals(rep.getClientId())) {
             throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier modified", Response.Status.BAD_REQUEST);
         }
 
         ValidationMessages validationMessages = new ValidationMessages();
         if (!context.validateClient(validationMessages)) {
             String errorCode = validationMessages.fieldHasError("redirectUris") ? ErrorCodes.INVALID_REDIRECT_URI : ErrorCodes.INVALID_CLIENT_METADATA;
             throw new ErrorResponseException(
                     errorCode,
                     validationMessages.getStringMessages(),
                     Response.Status.BAD_REQUEST
             );
         }
 
         RepresentationToModel.updateClient(rep, client);
         rep = ModelToRepresentation.toRepresentation(client, session);
 
         if (auth.isRegistrationAccessToken()) {
             String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, client, auth.getRegistrationAuth());
             rep.setRegistrationAccessToken(registrationAccessToken);
         }
 
         ClientRegistrationPolicyManager.triggerAfterUpdate(context, registrationAuth, client);
 
         event.client(client.getClientId()).success();
         return rep;
     }

◆ updateClientRepWithProtocolMappers()

void org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.updateClientRepWithProtocolMappers	(	ClientModel	clientModel,
		ClientRepresentation	rep
	)

inlineprivate

                                                                                                        {
         List<ProtocolMapperRepresentation> mappings = new LinkedList<>();
         for (ProtocolMapperModel model : clientModel.getProtocolMappers()) {
             mappings.add(ModelToRepresentation.toRepresentation(model));
         }
         rep.setProtocolMappers(mappings);
     }

◆ updateOIDC()

Response org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.updateOIDC	(	@PathParam("clientId") String	clientId,
		OIDCClientRepresentation	clientOIDC
	)

inline

                                                                                                             {
         try {
             ClientRepresentation client = DescriptionConverter.toInternal(session, clientOIDC);
             OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC);
             client = update(clientId, oidcContext);
 
             ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId());
             updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri());
             updateClientRepWithProtocolMappers(clientModel, client);
 
             URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build();
             clientOIDC = DescriptionConverter.toExternalResponse(session, client, uri);
             return Response.ok(clientOIDC).build();
         } catch (ClientRegistrationException cre) {
             ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage());
             throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
         }
     }

◆ updatePairwiseSubMappers()

void org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.updatePairwiseSubMappers	(	ClientModel	clientModel,
		SubjectType	subjectType,
		String	sectorIdentifierUri
	)

inlineprivate

                                                                                                                         {
         if (subjectType == SubjectType.PAIRWISE) {
 
             // See if we have existing pairwise mapper and update it. Otherwise create new
             AtomicBoolean foundPairwise = new AtomicBoolean(false);
 
             clientModel.getProtocolMappers().stream().filter((ProtocolMapperModel mapping) -> {
                 if (mapping.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX)) {
                     foundPairwise.set(true);
                     return true;
                 } else {
                     return false;
                 }
             }).forEach((ProtocolMapperModel mapping) -> {
                 PairwiseSubMapperHelper.setSectorIdentifierUri(mapping, sectorIdentifierUri);
                 clientModel.updateProtocolMapper(mapping);
             });
 
             // We don't have existing pairwise mapper. So create new
             if (!foundPairwise.get()) {
                 ProtocolMapperRepresentation newPairwise = SHA256PairwiseSubMapper.createPairwiseMapper(sectorIdentifierUri, null);
                 clientModel.addProtocolMapper(RepresentationToModel.toModel(newPairwise));
             }
 
         } else {
             // Rather find and remove all pairwise mappers
             clientModel.getProtocolMappers().stream().filter((ProtocolMapperModel mapperRep) -> {
                 return mapperRep.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX);
             }).forEach((ProtocolMapperModel mapping) -> {
                 clientModel.getProtocolMappers().remove(mapping);
             });
         }
     }

メンバ詳解

◆ auth

ClientRegistrationAuth org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.auth

protectedinherited

◆ event

EventBuilder org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.event

protectedinherited

◆ logger

final Logger org.keycloak.services.clientregistration.oidc.OIDCClientRegistrationProvider.logger = Logger.getLogger(OIDCClientRegistrationProvider.class)

staticprivate

◆ session

KeycloakSession org.keycloak.services.clientregistration.AbstractClientRegistrationProvider.session

protectedinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/clientregistration/oidc/OIDCClientRegistrationProvider.java

公開メンバ関数

限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ OIDCClientRegistrationProvider()

関数詳解

◆ close()

◆ create()

◆ createOIDC()

◆ delete()

◆ deleteOIDC()

◆ get()

◆ getAuth()

◆ getEvent()

◆ getOIDC()

◆ setAuth()

◆ setEvent()

◆ update()

◆ updateClientRepWithProtocolMappers()

◆ updateOIDC()

◆ updatePairwiseSubMappers()

メンバ詳解

◆ auth

◆ event

◆ logger

◆ session