org.keycloak.services.clientregistration.ClientRegistrationTokenUtils 連携図

クラス
class	TokenVerification

静的公開メンバ関数
static String	updateTokenSignature (KeycloakSession session, ClientRegistrationAuth auth)

static String	updateRegistrationAccessToken (KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth)

static String	updateRegistrationAccessToken (KeycloakSession session, RealmModel realm, ClientModel client, RegistrationAuth registrationAuth)

static String	createInitialAccessToken (KeycloakSession session, RealmModel realm, ClientInitialAccessModel model)

static TokenVerification	verifyToken (KeycloakSession session, RealmModel realm, String token)

静的公開変数類
static final String	TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken"

static final String	TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken"

静的非公開メンバ関数
static String	setupToken (JsonWebToken jwt, KeycloakSession session, RealmModel realm, String id, String type, int expiration)

static String	getIssuer (KeycloakSession session, RealmModel realm)

詳解

著者: Stian Thorgersen

関数詳解

◆ createInitialAccessToken()

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.createInitialAccessToken	(	KeycloakSession	session,
		RealmModel	realm,
		ClientInitialAccessModel	model
	)

inlinestatic

                                                                                                                              {
         InitialAccessToken initialToken = new InitialAccessToken();
         return setupToken(initialToken, session, realm, model.getId(), TYPE_INITIAL_ACCESS_TOKEN, model.getExpiration() > 0 ? model.getTimestamp() + model.getExpiration() : 0);
     }

◆ getIssuer()

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.getIssuer	(	KeycloakSession	session,
		RealmModel	realm
	)

inlinestaticprivate

                                                                                {
         return Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());
     }

◆ setupToken()

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.setupToken	(	JsonWebToken	jwt,
		KeycloakSession	session,
		RealmModel	realm,
		String	id,
		String	type,
		int	expiration
	)

inlinestaticprivate

                                                                                                                                           {
         String issuer = getIssuer(session, realm);
 
         jwt.type(type);
         jwt.id(id);
         jwt.issuedAt(Time.currentTime());
         jwt.expiration(expiration);
         jwt.issuer(issuer);
         jwt.audience(issuer);
 
         return session.tokens().encode(jwt);
     }

◆ updateRegistrationAccessToken() [1/2]

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.updateRegistrationAccessToken	(	KeycloakSession	session,
		ClientModel	client,
		RegistrationAuth	registrationAuth
	)

inlinestatic

                                                                                                                                        {
         return updateRegistrationAccessToken(session, session.getContext().getRealm(), client, registrationAuth);
     }

◆ updateRegistrationAccessToken() [2/2]

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.updateRegistrationAccessToken	(	KeycloakSession	session,
		RealmModel	realm,
		ClientModel	client,
		RegistrationAuth	registrationAuth
	)

inlinestatic

                                                                                                                                                          {
         String id = KeycloakModelUtils.generateId();
         client.setRegistrationToken(id);
 
         RegistrationAccessToken regToken = new RegistrationAccessToken();
         regToken.setRegistrationAuth(registrationAuth.toString().toLowerCase());
 
         return setupToken(regToken, session, realm, id, TYPE_REGISTRATION_ACCESS_TOKEN, 0);
     }

◆ updateTokenSignature()

static String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.updateTokenSignature	(	KeycloakSession	session,
		ClientRegistrationAuth	auth
	)

inlinestatic

                                                                                                     {
         String algorithm = session.tokens().signatureAlgorithm(TokenCategory.INTERNAL);
         SignatureSignerContext signer = session.getProvider(SignatureProvider.class, algorithm).signer();
 
         if (signer.getKid().equals(auth.getKid())) {
             return auth.getToken();
         } else {
             RegistrationAccessToken regToken = new RegistrationAccessToken();
             regToken.setRegistrationAuth(auth.getRegistrationAuth().toString().toLowerCase());
 
             regToken.type(auth.getJwt().getType());
             regToken.id(auth.getJwt().getId());
             regToken.issuedAt(Time.currentTime());
             regToken.expiration(0);
             regToken.issuer(auth.getJwt().getIssuer());
             regToken.audience(auth.getJwt().getIssuer());
 
             String token = new JWSBuilder().jsonContent(regToken).sign(signer);
             return token;
         }
     }

◆ verifyToken()

static TokenVerification org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.verifyToken	(	KeycloakSession	session,
		RealmModel	realm,
		String	token
	)

inlinestatic

                                                                                                          {
         if (token == null) {
             return TokenVerification.error(new RuntimeException("Missing token"));
         }
 
         String kid;
         JsonWebToken jwt;
         try {
             TokenVerifier<JsonWebToken> verifier = TokenVerifier.create(token, JsonWebToken.class)
                     .withChecks(new TokenVerifier.RealmUrlCheck(getIssuer(session, realm)), TokenVerifier.IS_ACTIVE);
 
             SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
             verifier.verifierContext(verifierContext);
 
             kid = verifierContext.getKid();
 
             verifier.verify();
 
             jwt = verifier.getToken();
         } catch (VerificationException e) {
             return TokenVerification.error(new RuntimeException("Failed decode token", e));
         }
 
         if (!(TokenUtil.TOKEN_TYPE_BEARER.equals(jwt.getType()) ||
                 TYPE_INITIAL_ACCESS_TOKEN.equals(jwt.getType()) ||
                 TYPE_REGISTRATION_ACCESS_TOKEN.equals(jwt.getType()))) {
             return TokenVerification.error(new RuntimeException("Invalid type of token"));
         }
 
         return TokenVerification.success(kid, jwt);
     }

メンバ詳解

◆ TYPE_INITIAL_ACCESS_TOKEN

final String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken"

static

◆ TYPE_REGISTRATION_ACCESS_TOKEN

final String org.keycloak.services.clientregistration.ClientRegistrationTokenUtils.TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java

クラス

静的公開メンバ関数

静的公開変数類

静的非公開メンバ関数

詳解

関数詳解

◆ createInitialAccessToken()

◆ getIssuer()

◆ setupToken()

◆ updateRegistrationAccessToken() [1/2]

◆ updateRegistrationAccessToken() [2/2]

◆ updateTokenSignature()

◆ verifyToken()

メンバ詳解

◆ TYPE_INITIAL_ACCESS_TOKEN

◆ TYPE_REGISTRATION_ACCESS_TOKEN