org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint 連携図

公開メンバ関数
	TokenIntrospectionEndpoint (RealmModel realm, EventBuilder event)

Response	introspect ()

非公開メンバ関数
void	authorizeClient ()

void	checkSsl ()

void	checkRealm ()

ErrorResponseException	throwErrorResponseException (String error, String detail, Status status)

非公開変数類
KeycloakSession	session

HttpRequest	request

HttpHeaders	headers

ClientConnection	clientConnection

final RealmModel	realm

final EventBuilder	event

静的非公開変数類
static final String	PARAM_TOKEN_TYPE_HINT = "token_type_hint"

static final String	PARAM_TOKEN = "token"

詳解

A token introspection endpoint based on RFC-7662.

著者: Pedro Igor

構築子と解体子

◆ TokenIntrospectionEndpoint()

org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.TokenIntrospectionEndpoint	(	RealmModel	realm,
		EventBuilder	event
	)

inline

                                                                             {
         this.realm = realm;
         this.event = event;
     }

関数詳解

◆ authorizeClient()

void org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.authorizeClient ( )

inlineprivate

                                    {
         try {
             ClientModel client = AuthorizeClientUtil.authorizeClient(session, event).getClient();
 
             this.event.client(client);
 
             if (client == null || client.isPublicClient()) {
                 throw throwErrorResponseException(Errors.INVALID_REQUEST, "Client not allowed.", Status.FORBIDDEN);
             }
 
         } catch (ErrorResponseException ere) {
             throw ere;
         } catch (Exception e) {
             throw throwErrorResponseException(Errors.INVALID_REQUEST, "Authentication failed.", Status.UNAUTHORIZED);
         }
     }

◆ checkRealm()

void org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.checkRealm ( )

inlineprivate

                               {
         if (!realm.isEnabled()) {
             throw new ErrorResponseException("access_denied", "Realm not enabled", Status.FORBIDDEN);
         }
     }

◆ checkSsl()

void org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.checkSsl ( )

inlineprivate

                             {
         if (!session.getContext().getUri().getBaseUri().getScheme().equals("https") && realm.getSslRequired().isRequired(clientConnection)) {
             throw new ErrorResponseException("invalid_request", "HTTPS required", Status.FORBIDDEN);
         }
     }

◆ introspect()

Response org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.introspect ( )

inline

                                  {
         event.event(EventType.INTROSPECT_TOKEN);
 
         checkSsl();
         checkRealm();
         authorizeClient();
 
         MultivaluedMap<String, String> formParams = request.getDecodedFormParameters();
         String tokenTypeHint = formParams.getFirst(PARAM_TOKEN_TYPE_HINT);
 
         if (tokenTypeHint == null) {
             tokenTypeHint = AccessTokenIntrospectionProviderFactory.ACCESS_TOKEN_TYPE;
         }
 
         String token = formParams.getFirst(PARAM_TOKEN);
 
         if (token == null) {
             throw throwErrorResponseException(Errors.INVALID_REQUEST, "Token not provided.", Status.BAD_REQUEST);
         }
 
         TokenIntrospectionProvider provider = this.session.getProvider(TokenIntrospectionProvider.class, tokenTypeHint);
 
         if (provider == null) {
             throw throwErrorResponseException(Errors.INVALID_REQUEST, "Unsupported token type [" + tokenTypeHint + "].", Status.BAD_REQUEST);
         }
 
         try {
 
             Response response = provider.introspect(token);
 
             this.event.success();
 
             return response;
         } catch (ErrorResponseException ere) {
             throw ere;
         } catch (Exception e) {
             throw throwErrorResponseException(Errors.INVALID_REQUEST, "Failed to introspect token.", Status.BAD_REQUEST);
         }
     }

◆ throwErrorResponseException()

ErrorResponseException org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.throwErrorResponseException	(	String	error,
		String	detail,
		Status	status
	)

inlineprivate

                                                                                                            {
         this.event.detail("detail", detail).error(error);
         return new ErrorResponseException(error, detail, status);
     }

メンバ詳解

◆ clientConnection

ClientConnection org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.clientConnection

private

◆ event

final EventBuilder org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.event

private

◆ headers

HttpHeaders org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.headers

private

◆ PARAM_TOKEN

final String org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.PARAM_TOKEN = "token"

staticprivate

◆ PARAM_TOKEN_TYPE_HINT

final String org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.PARAM_TOKEN_TYPE_HINT = "token_type_hint"

staticprivate

◆ realm

final RealmModel org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.realm

private

◆ request

HttpRequest org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.request

private

◆ session

KeycloakSession org.keycloak.protocol.oidc.endpoints.TokenIntrospectionEndpoint.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenIntrospectionEndpoint.java

公開メンバ関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ TokenIntrospectionEndpoint()

関数詳解

◆ authorizeClient()

◆ checkRealm()

◆ checkSsl()

◆ introspect()

◆ throwErrorResponseException()

メンバ詳解

◆ clientConnection

◆ event

◆ headers

◆ PARAM_TOKEN

◆ PARAM_TOKEN_TYPE_HINT

◆ realm

◆ request

◆ session