org.keycloak.social.microsoft.MicrosoftIdentityProvider の継承関係図

org.keycloak.social.microsoft.MicrosoftIdentityProvider 連携図

公開メンバ関数
	MicrosoftIdentityProvider (KeycloakSession session, OAuth2IdentityProviderConfig config)

Object	callback (RealmModel realm, AuthenticationCallback callback, EventBuilder event)

Response	performLogin (AuthenticationRequest request)

Response	retrieveToken (KeycloakSession session, FederatedIdentityModel identity)

C	getConfig ()

Response	exchangeFromToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject, MultivaluedMap< String, String > params)

BrokeredIdentityContext	getFederatedIdentity (String response)

String	getJsonProperty (JsonNode jsonNode, String name)

JsonNode	asJsonNode (String json) throws IOException

void	authenticationFinished (AuthenticationSessionModel authSession, BrokeredIdentityContext context)

boolean	isIssuer (String issuer, MultivaluedMap< String, String > params)

final BrokeredIdentityContext	exchangeExternal (EventBuilder event, MultivaluedMap< String, String > params)

void	exchangeExternalComplete (UserSessionModel userSession, BrokeredIdentityContext context, MultivaluedMap< String, String > params)

静的公開変数類
static final String	AUTH_URL = "https://login.live.com/oauth20_authorize.srf"

static final String	TOKEN_URL = "https://login.live.com/oauth20_token.srf"

static final String	PROFILE_URL = "https://apis.live.net/v5.0/me"

static final String	DEFAULT_SCOPE = "wl.basic,wl.emails"

static final String	OAUTH2_GRANT_TYPE_REFRESH_TOKEN = "refresh_token"

static final String	OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"

static final String	FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN"

static final String	FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION"

static final String	ACCESS_DENIED = "access_denied"

static final String	OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token"

static final String	OAUTH2_PARAMETER_SCOPE = "scope"

static final String	OAUTH2_PARAMETER_STATE = "state"

static final String	OAUTH2_PARAMETER_RESPONSE_TYPE = "response_type"

static final String	OAUTH2_PARAMETER_REDIRECT_URI = "redirect_uri"

static final String	OAUTH2_PARAMETER_CODE = "code"

static final String	OAUTH2_PARAMETER_CLIENT_ID = "client_id"

static final String	OAUTH2_PARAMETER_CLIENT_SECRET = "client_secret"

static final String	OAUTH2_PARAMETER_GRANT_TYPE = "grant_type"

限定公開メンバ関数
boolean	supportsExternalExchange ()

String	getProfileEndpointForValidation (EventBuilder event)

SimpleHttp	buildUserInfoRequest (String subjectToken, String userInfoUrl)

BrokeredIdentityContext	doGetFederatedIdentity (String accessToken)

BrokeredIdentityContext	extractIdentityFromProfile (EventBuilder event, JsonNode profile)

String	getDefaultScopes ()

String	extractTokenFromResponse (String response, String tokenName)

Response	hasExternalExchangeToken (EventBuilder event, UserSessionModel tokenUserSession, MultivaluedMap< String, String > params)

Response	exchangeStoredToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

Response	exchangeSessionToken (UriInfo uriInfo, EventBuilder event, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)

String	getAccessTokenResponseParameter ()

UriBuilder	createAuthorizationUrl (AuthenticationRequest request)

BrokeredIdentityContext	validateExternalTokenThroughUserInfo (EventBuilder event, String subjectToken, String subjectTokenType)

BrokeredIdentityContext	exchangeExternalImpl (EventBuilder event, MultivaluedMap< String, String > params)

BrokeredIdentityContext	exchangeExternalUserInfoValidationOnly (EventBuilder event, MultivaluedMap< String, String > params)

静的限定公開変数類
static final Logger	logger = Logger.getLogger(AbstractOAuth2IdentityProvider.class)

static ObjectMapper	mapper = new ObjectMapper()

静的非公開変数類
static final Logger	log = Logger.getLogger(MicrosoftIdentityProvider.class)

詳解

Identity provider for Microsoft account. Uses OAuth 2 protocol of Windows Live Services as documented at https://msdn.microsoft.com/en-us/library/hh243647.aspx

著者: Vlastimil Elias (velias at redhat dot com)

構築子と解体子

◆ MicrosoftIdentityProvider()

org.keycloak.social.microsoft.MicrosoftIdentityProvider.MicrosoftIdentityProvider	(	KeycloakSession	session,
		OAuth2IdentityProviderConfig	config
	)

inline

                                                                                                    {
         super(session, config);
         config.setAuthorizationUrl(AUTH_URL);
         config.setTokenUrl(TOKEN_URL);
         config.setUserInfoUrl(PROFILE_URL);
     }

関数詳解

◆ asJsonNode()

JsonNode org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.asJsonNode ( String json ) throws IOException

inlineinherited

                                                                {
         return mapper.readTree(json);
     }

◆ authenticationFinished()

void org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.authenticationFinished	(	AuthenticationSessionModel	authSession,
		BrokeredIdentityContext	context
	)

inlineinherited

                                                                                                                 {
         String token = (String) context.getContextData().get(FEDERATED_ACCESS_TOKEN);
         if (token != null) authSession.setUserSessionNote(FEDERATED_ACCESS_TOKEN, token);
     }

◆ buildUserInfoRequest()

SimpleHttp org.keycloak.social.microsoft.MicrosoftIdentityProvider.buildUserInfoRequest	(	String	subjectToken,
		String	userInfoUrl
	)

inlineprotected

                                                                                        {
         String URL = null;
         try {
             URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(subjectToken, "UTF-8");
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e);
         }
         return SimpleHttp.doGet(URL, session);
     }

◆ callback()

Object org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.callback	(	RealmModel	realm,
		AuthenticationCallback	callback,
		EventBuilder	event
	)

inlineinherited

                                                                                                   {
         return new Endpoint(callback, realm, event);
     }

◆ createAuthorizationUrl()

UriBuilder org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.createAuthorizationUrl ( AuthenticationRequest request )

inlineprotectedinherited

                                                                                {
         final UriBuilder uriBuilder = UriBuilder.fromUri(getConfig().getAuthorizationUrl())
                 .queryParam(OAUTH2_PARAMETER_SCOPE, getConfig().getDefaultScope())
                 .queryParam(OAUTH2_PARAMETER_STATE, request.getState().getEncoded())
                 .queryParam(OAUTH2_PARAMETER_RESPONSE_TYPE, "code")
                 .queryParam(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
                 .queryParam(OAUTH2_PARAMETER_REDIRECT_URI, request.getRedirectUri());
 
         String loginHint = request.getAuthenticationSession().getClientNote(OIDCLoginProtocol.LOGIN_HINT_PARAM);
         if (getConfig().isLoginHint() && loginHint != null) {
             uriBuilder.queryParam(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
         }
 
         if (getConfig().isUiLocales()) {
             uriBuilder.queryParam(OIDCLoginProtocol.UI_LOCALES_PARAM, session.getContext().resolveLocale(null).toLanguageTag());
         }
 
         String prompt = getConfig().getPrompt();
         if (prompt == null || prompt.isEmpty()) {
             prompt = request.getAuthenticationSession().getClientNote(OAuth2Constants.PROMPT);
         }
         if (prompt != null) {
             uriBuilder.queryParam(OAuth2Constants.PROMPT, prompt);
         }
 
         String nonce = request.getAuthenticationSession().getClientNote(OIDCLoginProtocol.NONCE_PARAM);
         if (nonce == null || nonce.isEmpty()) {
             nonce = UUID.randomUUID().toString();
             request.getAuthenticationSession().setClientNote(OIDCLoginProtocol.NONCE_PARAM, nonce);
         }
         uriBuilder.queryParam(OIDCLoginProtocol.NONCE_PARAM, nonce);
 
         String acr = request.getAuthenticationSession().getClientNote(OAuth2Constants.ACR_VALUES);
         if (acr != null) {
             uriBuilder.queryParam(OAuth2Constants.ACR_VALUES, acr);
         }
         String forwardParameterConfig = getConfig().getForwardParameters() != null ? getConfig().getForwardParameters(): "";
         List<String> forwardParameters = Arrays.asList(forwardParameterConfig.split("\\s*,\\s*"));
         for(String forwardParameter: forwardParameters) {
             String name = AuthorizationEndpoint.LOGIN_SESSION_NOTE_ADDITIONAL_REQ_PARAMS_PREFIX + forwardParameter.trim();
             String parameter = request.getAuthenticationSession().getClientNote(name);
             if(parameter != null && !parameter.isEmpty()) {
                 uriBuilder.queryParam(forwardParameter, parameter);
             }
         }
         return uriBuilder;
     }

◆ doGetFederatedIdentity()

BrokeredIdentityContext org.keycloak.social.microsoft.MicrosoftIdentityProvider.doGetFederatedIdentity ( String accessToken )

inlineprotected

                                                                                  {
         try {
             String URL = PROFILE_URL + "?access_token=" + URLEncoder.encode(accessToken, "UTF-8");
             if (log.isDebugEnabled()) {
                 log.debug("Microsoft Live user profile request to: " + URL);
             }
             JsonNode profile = SimpleHttp.doGet(URL, session).asJson();
 
             return extractIdentityFromProfile(null, profile);
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not obtain user profile from Microsoft Live ID.", e);
         }
     }

◆ exchangeExternal()

final BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternal	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineinherited

                                                                                                                      {
         if (!supportsExternalExchange()) return null;
         BrokeredIdentityContext context = exchangeExternalImpl(event, params);
         if (context != null) {
             context.setIdp(this);
             context.setIdpConfig(getConfig());
         }
         return context;
     }

◆ exchangeExternalComplete()

void org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalComplete	(	UserSessionModel	userSession,
		BrokeredIdentityContext	context,
		MultivaluedMap< String, String >	params
	)

inlineinherited

                                                                                                                                                {
         if (context.getContextData().containsKey(OIDCIdentityProvider.VALIDATED_ID_TOKEN))
             userSession.setNote(FEDERATED_ACCESS_TOKEN, params.getFirst(OAuth2Constants.SUBJECT_TOKEN));
         if (context.getContextData().containsKey(OIDCIdentityProvider.VALIDATED_ID_TOKEN))
             userSession.setNote(OIDCIdentityProvider.FEDERATED_ID_TOKEN, params.getFirst(OAuth2Constants.SUBJECT_TOKEN));
         userSession.setNote(OIDCIdentityProvider.EXCHANGE_PROVIDER, getConfig().getAlias());
 
     }

◆ exchangeExternalImpl()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalImpl	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

                                                                                                                       {
         return exchangeExternalUserInfoValidationOnly(event, params);
 
     }

◆ exchangeExternalUserInfoValidationOnly()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeExternalUserInfoValidationOnly	(	EventBuilder	event,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

                                                                                                                                         {
         String subjectToken = params.getFirst(OAuth2Constants.SUBJECT_TOKEN);
         if (subjectToken == null) {
             event.detail(Details.REASON, OAuth2Constants.SUBJECT_TOKEN + " param unset");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "token not set", Response.Status.BAD_REQUEST);
         }
         String subjectTokenType = params.getFirst(OAuth2Constants.SUBJECT_TOKEN_TYPE);
         if (subjectTokenType == null) {
             subjectTokenType = OAuth2Constants.ACCESS_TOKEN_TYPE;
         }
         if (!OAuth2Constants.ACCESS_TOKEN_TYPE.equals(subjectTokenType)) {
             event.detail(Details.REASON, OAuth2Constants.SUBJECT_TOKEN_TYPE + " invalid");
             event.error(Errors.INVALID_TOKEN_TYPE);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token type", Response.Status.BAD_REQUEST);
         }
         return validateExternalTokenThroughUserInfo(event, subjectToken, subjectTokenType);
     }

◆ exchangeFromToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeFromToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject,
		MultivaluedMap< String, String >	params
	)

inlineinherited

                                                                                                                                                                                                            {
         // check to see if we have a token exchange in session
         // in other words check to see if this session was created by an external exchange
         Response tokenResponse = hasExternalExchangeToken(event, tokenUserSession, params);
         if (tokenResponse != null) return tokenResponse;
 
         // going further we only support access token type?  Why?
         String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE);
         if (requestedType != null && !requestedType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE)) {
             event.detail(Details.REASON, "requested_token_type unsupported");
             event.error(Errors.INVALID_REQUEST);
             return exchangeUnsupportedRequiredType();
         }
         if (!getConfig().isStoreToken()) {
             // if token isn't stored, we need to see if this session has been linked
             String brokerId = tokenUserSession.getNote(Details.IDENTITY_PROVIDER);
             brokerId = brokerId == null ? tokenUserSession.getNote(IdentityProvider.EXTERNAL_IDENTITY_PROVIDER) : brokerId;
             if (brokerId == null || !brokerId.equals(getConfig().getAlias())) {
                 event.detail(Details.REASON, "requested_issuer has not linked");
                 event.error(Errors.INVALID_REQUEST);
                 return exchangeNotLinkedNoStore(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
             }
             return exchangeSessionToken(uriInfo, event, authorizedClient, tokenUserSession, tokenSubject);
         } else {
             return exchangeStoredToken(uriInfo, event, authorizedClient, tokenUserSession, tokenSubject);
         }
     }

◆ exchangeSessionToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeSessionToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineprotectedinherited

                                                                                                                                                                           {
         String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN);
         if (accessToken == null) {
             event.detail(Details.REASON, "requested_issuer is not linked");
             event.error(Errors.INVALID_TOKEN);
             return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         AccessTokenResponse tokenResponse = new AccessTokenResponse();
         tokenResponse.setToken(accessToken);
         tokenResponse.setIdToken(null);
         tokenResponse.setRefreshToken(null);
         tokenResponse.setRefreshExpiresIn(0);
         tokenResponse.getOtherClaims().clear();
         tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
         tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession));
         event.success();
         return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ exchangeStoredToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.exchangeStoredToken	(	UriInfo	uriInfo,
		EventBuilder	event,
		ClientModel	authorizedClient,
		UserSessionModel	tokenUserSession,
		UserModel	tokenSubject
	)

inlineprotectedinherited

                                                                                                                                                                          {
         FederatedIdentityModel model = session.users().getFederatedIdentity(tokenSubject, getConfig().getAlias(), authorizedClient.getRealm());
         if (model == null || model.getToken() == null) {
             event.detail(Details.REASON, "requested_issuer is not linked");
             event.error(Errors.INVALID_TOKEN);
             return exchangeNotLinked(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         String accessToken = extractTokenFromResponse(model.getToken(), getAccessTokenResponseParameter());
         if (accessToken == null) {
             model.setToken(null);
             session.users().updateFederatedIdentity(authorizedClient.getRealm(), tokenSubject, model);
             event.detail(Details.REASON, "requested_issuer token expired");
             event.error(Errors.INVALID_TOKEN);
             return exchangeTokenExpired(uriInfo, authorizedClient, tokenUserSession, tokenSubject);
         }
         AccessTokenResponse tokenResponse = new AccessTokenResponse();
         tokenResponse.setToken(accessToken);
         tokenResponse.setIdToken(null);
         tokenResponse.setRefreshToken(null);
         tokenResponse.setRefreshExpiresIn(0);
         tokenResponse.getOtherClaims().clear();
         tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
         tokenResponse.getOtherClaims().put(ACCOUNT_LINK_URL, getLinkingUrl(uriInfo, authorizedClient, tokenUserSession));
         event.success();
         return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
     }

◆ extractIdentityFromProfile()

BrokeredIdentityContext org.keycloak.social.microsoft.MicrosoftIdentityProvider.extractIdentityFromProfile	(	EventBuilder	event,
		JsonNode	profile
	)

inlineprotected

                                                                                                        {
         String id = getJsonProperty(profile, "id");
 
         String email = null;
         if (profile.has("emails")) {
             email = getJsonProperty(profile.get("emails"), "preferred");
         }
 
         BrokeredIdentityContext user = new BrokeredIdentityContext(id);
 
         user.setUsername(email != null ? email : id);
         user.setFirstName(getJsonProperty(profile, "first_name"));
         user.setLastName(getJsonProperty(profile, "last_name"));
         if (email != null)
             user.setEmail(email);
         user.setIdpConfig(getConfig());
         user.setIdp(this);
 
         AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
 
         return user;
     }

◆ extractTokenFromResponse()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.extractTokenFromResponse	(	String	response,
		String	tokenName
	)

inlineprotectedinherited

                                                                                  {
           if(response == null)
                 return null;
           
         if (response.startsWith("{")) {
             try {
                         JsonNode node = mapper.readTree(response);
                         if(node.has(tokenName)){
                                 String s = node.get(tokenName).textValue();
                                 if(s == null || s.trim().isEmpty())
                                         return null;
                   return s;
                         } else {
                                 return null;
                         }
             } catch (IOException e) {
                 throw new IdentityBrokerException("Could not extract token [" + tokenName + "] from response [" + response + "] due: " + e.getMessage(), e);
             }
         } else {
             Matcher matcher = Pattern.compile(tokenName + "=([^&]+)").matcher(response);
 
             if (matcher.find()) {
                 return matcher.group(1);
             }
         }
 
         return null;
     }

◆ getAccessTokenResponseParameter()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getAccessTokenResponseParameter ( )

inlineprotectedinherited

                                                        {
         return OAUTH2_PARAMETER_ACCESS_TOKEN;
     }

◆ getConfig()

C org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getConfig ( )

inlineinherited

                          {
         return super.getConfig();
     }

◆ getDefaultScopes()

String org.keycloak.social.microsoft.MicrosoftIdentityProvider.getDefaultScopes ( )

inlineprotected

                                         {
         return DEFAULT_SCOPE;
     }

◆ getFederatedIdentity()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getFederatedIdentity ( String response )

inlineinherited

                                                                          {
         String accessToken = extractTokenFromResponse(response, getAccessTokenResponseParameter());
 
         if (accessToken == null) {
             throw new IdentityBrokerException("No access token available in OAuth server response: " + response);
         }
 
         BrokeredIdentityContext context = doGetFederatedIdentity(accessToken);
         context.getContextData().put(FEDERATED_ACCESS_TOKEN, accessToken);
         return context;
     }

◆ getJsonProperty()

String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.getJsonProperty	(	JsonNode	jsonNode,
		String	name
	)

inlineinherited

Get JSON property as text. JSON numbers and booleans are converted to text. Empty string is converted to null.

引数

jsonNode	to get property from
name	of property to get

戻り値: string value of the property or null.

                                                                   {
         if (jsonNode.has(name) && !jsonNode.get(name).isNull()) {
                   String s = jsonNode.get(name).asText();
                   if(s != null && !s.isEmpty())
                                 return s;
                   else
                                 return null;
         }
 
         return null;
     }

◆ getProfileEndpointForValidation()

String org.keycloak.social.microsoft.MicrosoftIdentityProvider.getProfileEndpointForValidation ( EventBuilder event )

inlineprotected

                                                                          {
         return PROFILE_URL;
     }

◆ hasExternalExchangeToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.hasExternalExchangeToken	(	EventBuilder	event,
		UserSessionModel	tokenUserSession,
		MultivaluedMap< String, String >	params
	)

inlineprotectedinherited

check to see if we have a token exchange in session in other words check to see if this session was created by an external exchange

引数

tokenUserSession
params

戻り値

                                                                                                                                               {
         if (getConfig().getAlias().equals(tokenUserSession.getNote(OIDCIdentityProvider.EXCHANGE_PROVIDER))) {
 
             String requestedType = params.getFirst(OAuth2Constants.REQUESTED_TOKEN_TYPE);
             if ((requestedType == null || requestedType.equals(OAuth2Constants.ACCESS_TOKEN_TYPE))) {
                 String accessToken = tokenUserSession.getNote(FEDERATED_ACCESS_TOKEN);
                 if (accessToken != null) {
                     AccessTokenResponse tokenResponse = new AccessTokenResponse();
                     tokenResponse.setToken(accessToken);
                     tokenResponse.setIdToken(null);
                     tokenResponse.setRefreshToken(null);
                     tokenResponse.setRefreshExpiresIn(0);
                     tokenResponse.setExpiresIn(0);
                     tokenResponse.getOtherClaims().clear();
                     tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE);
                     event.success();
                     return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
                 }
             } else if (OAuth2Constants.ID_TOKEN_TYPE.equals(requestedType)) {
                 String idToken = tokenUserSession.getNote(OIDCIdentityProvider.FEDERATED_ID_TOKEN);
                 if (idToken != null) {
                     AccessTokenResponse tokenResponse = new AccessTokenResponse();
                     tokenResponse.setToken(null);
                     tokenResponse.setIdToken(idToken);
                     tokenResponse.setRefreshToken(null);
                     tokenResponse.setRefreshExpiresIn(0);
                     tokenResponse.setExpiresIn(0);
                     tokenResponse.getOtherClaims().clear();
                     tokenResponse.getOtherClaims().put(OAuth2Constants.ISSUED_TOKEN_TYPE, OAuth2Constants.ID_TOKEN_TYPE);
                     event.success();
                     return Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE).build();
                 }
 
             }
 
         }
         return null;
     }

◆ isIssuer()

boolean org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.isIssuer	(	String	issuer,
		MultivaluedMap< String, String >	params
	)

inlineinherited

                                                                                   {
         if (!supportsExternalExchange()) return false;
         String requestedIssuer = params.getFirst(OAuth2Constants.SUBJECT_ISSUER);
         if (requestedIssuer == null) requestedIssuer = issuer;
         return requestedIssuer.equals(getConfig().getAlias());
     }

◆ performLogin()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.performLogin ( AuthenticationRequest request )

inlineinherited

                                                                 {
         try {
             URI authorizationUrl = createAuthorizationUrl(request).build();
 
             return Response.seeOther(authorizationUrl).build();
         } catch (Exception e) {
             throw new IdentityBrokerException("Could not create authentication request.", e);
         }
     }

◆ retrieveToken()

Response org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.retrieveToken	(	KeycloakSession	session,
		FederatedIdentityModel	identity
	)

inlineinherited

                                                                                             {
         return Response.ok(identity.getToken()).build();
     }

◆ supportsExternalExchange()

boolean org.keycloak.social.microsoft.MicrosoftIdentityProvider.supportsExternalExchange ( )

inlineprotected

                                                  {
         return true;
     }

◆ validateExternalTokenThroughUserInfo()

BrokeredIdentityContext org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.validateExternalTokenThroughUserInfo	(	EventBuilder	event,
		String	subjectToken,
		String	subjectTokenType
	)

inlineprotectedinherited

                                                                                                                                              {
         event.detail("validation_method", "user info");
         SimpleHttp.Response response = null;
         int status = 0;
         try {
             String userInfoUrl = getProfileEndpointForValidation(event);
             response = buildUserInfoRequest(subjectToken, userInfoUrl).asResponse();
             status = response.getStatus();
         } catch (IOException e) {
             logger.debug("Failed to invoke user info for external exchange", e);
         }
         if (status != 200) {
             logger.debug("Failed to invoke user info status: " + status);
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         JsonNode profile = null;
         try {
             profile = response.asJson();
         } catch (IOException e) {
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         BrokeredIdentityContext context = extractIdentityFromProfile(event, profile);
         if (context.getId() == null) {
             event.detail(Details.REASON, "user info call failure");
             event.error(Errors.INVALID_TOKEN);
             throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
         }
         return context;
     }

メンバ詳解

◆ ACCESS_DENIED

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.ACCESS_DENIED = "access_denied"

staticinherited

◆ AUTH_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.AUTH_URL = "https://login.live.com/oauth20_authorize.srf"

static

◆ DEFAULT_SCOPE

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.DEFAULT_SCOPE = "wl.basic,wl.emails"

static

◆ FEDERATED_REFRESH_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN"

staticinherited

◆ FEDERATED_TOKEN_EXPIRATION

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION"

staticinherited

◆ log

final Logger org.keycloak.social.microsoft.MicrosoftIdentityProvider.log = Logger.getLogger(MicrosoftIdentityProvider.class)

staticprivate

◆ logger

final Logger org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.logger = Logger.getLogger(AbstractOAuth2IdentityProvider.class)

staticprotectedinherited

◆ mapper

ObjectMapper org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.mapper = new ObjectMapper()

staticprotectedinherited

◆ OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"

staticinherited

◆ OAUTH2_GRANT_TYPE_REFRESH_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_GRANT_TYPE_REFRESH_TOKEN = "refresh_token"

staticinherited

◆ OAUTH2_PARAMETER_ACCESS_TOKEN

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token"

staticinherited

◆ OAUTH2_PARAMETER_CLIENT_ID

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CLIENT_ID = "client_id"

staticinherited

◆ OAUTH2_PARAMETER_CLIENT_SECRET

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CLIENT_SECRET = "client_secret"

staticinherited

◆ OAUTH2_PARAMETER_CODE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_CODE = "code"

staticinherited

◆ OAUTH2_PARAMETER_GRANT_TYPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_GRANT_TYPE = "grant_type"

staticinherited

◆ OAUTH2_PARAMETER_REDIRECT_URI

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_REDIRECT_URI = "redirect_uri"

staticinherited

◆ OAUTH2_PARAMETER_RESPONSE_TYPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_RESPONSE_TYPE = "response_type"

staticinherited

◆ OAUTH2_PARAMETER_SCOPE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_SCOPE = "scope"

staticinherited

◆ OAUTH2_PARAMETER_STATE

final String org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< C extends OAuth2IdentityProviderConfig >.OAUTH2_PARAMETER_STATE = "state"

staticinherited

◆ PROFILE_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.PROFILE_URL = "https://apis.live.net/v5.0/me"

static

◆ TOKEN_URL

final String org.keycloak.social.microsoft.MicrosoftIdentityProvider.TOKEN_URL = "https://login.live.com/oauth20_token.srf"

static

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

静的限定公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ MicrosoftIdentityProvider()

関数詳解

◆ asJsonNode()

◆ authenticationFinished()

◆ buildUserInfoRequest()

◆ callback()

◆ createAuthorizationUrl()

◆ doGetFederatedIdentity()

◆ exchangeExternal()

◆ exchangeExternalComplete()

◆ exchangeExternalImpl()

◆ exchangeExternalUserInfoValidationOnly()

◆ exchangeFromToken()

◆ exchangeSessionToken()

◆ exchangeStoredToken()

◆ extractIdentityFromProfile()

◆ extractTokenFromResponse()

◆ getAccessTokenResponseParameter()

◆ getConfig()

◆ getDefaultScopes()

◆ getFederatedIdentity()

◆ getJsonProperty()

◆ getProfileEndpointForValidation()

◆ hasExternalExchangeToken()

◆ isIssuer()

◆ performLogin()

◆ retrieveToken()

◆ supportsExternalExchange()

◆ validateExternalTokenThroughUserInfo()

メンバ詳解

◆ ACCESS_DENIED

◆ AUTH_URL

◆ DEFAULT_SCOPE

◆ FEDERATED_REFRESH_TOKEN

◆ FEDERATED_TOKEN_EXPIRATION

◆ log

◆ logger

◆ mapper

◆ OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE

◆ OAUTH2_GRANT_TYPE_REFRESH_TOKEN

◆ OAUTH2_PARAMETER_ACCESS_TOKEN

◆ OAUTH2_PARAMETER_CLIENT_ID

◆ OAUTH2_PARAMETER_CLIENT_SECRET

◆ OAUTH2_PARAMETER_CODE

◆ OAUTH2_PARAMETER_GRANT_TYPE

◆ OAUTH2_PARAMETER_REDIRECT_URI

◆ OAUTH2_PARAMETER_RESPONSE_TYPE

◆ OAUTH2_PARAMETER_SCOPE

◆ OAUTH2_PARAMETER_STATE

◆ PROFILE_URL

◆ TOKEN_URL