org.gcube.common.keycloak

Class DefaultKeycloakClient

java.lang.Object

org.gcube.common.keycloak.DefaultKeycloakClient

All Implemented Interfaces:

KeycloakClient

public class DefaultKeycloakClient
extends Object
implements KeycloakClient

Field Summary

Fields inherited from interface org.gcube.common.keycloak.KeycloakClient

CATEGORY, DESCRIPTION, logger, NAME

Constructor Summary

Constructors

Constructor and Description
DefaultKeycloakClient()

Method Summary

Modifier and Type	Method and Description
URL	findTokenEndpointURL() Finds the keycloak endpoint URL discovering it in the current scope provided by ScopeProvider
TokenResponse	queryUMAToken(String clientId, String clientSecret, List<String> permissions) Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(String clientId, String clientSecret, String audience, List<String> permissions) Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	refreshToken(String clientId, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response.
TokenResponse	refreshToken(String clientId, String clientSecret, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
TokenResponse	refreshToken(String clientId, String clientSecret, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
TokenResponse	refreshToken(String clientId, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id.
TokenResponse	refreshToken(TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object.
TokenResponse	refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
TokenResponse	refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
TokenResponse	refreshToken(URL tokenURL, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultKeycloakClient

public DefaultKeycloakClient()

Method Detail

findTokenEndpointURL

public URL findTokenEndpointURL()
                         throws KeycloakClientException

Description copied from interface: KeycloakClient

Finds the keycloak endpoint URL discovering it in the current scope provided by ScopeProvider

Specified by:

findTokenEndpointURL in interface KeycloakClient

Returns:

the keycloak endpoint URL in the current scope

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

queryUMAToken

public TokenResponse queryUMAToken(String clientId,
                                   String clientSecret,
                                   List<String> permissions)
                            throws KeycloakClientException

Description copied from interface: KeycloakClient

Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClient

Parameters:

clientId - the client id

clientSecret - the client secret

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public TokenResponse queryUMAToken(String clientId,
                                   String clientSecret,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException

Description copied from interface: KeycloakClient

Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClient

Parameters:

clientId - the client id

clientSecret - the client secret

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public TokenResponse queryUMAToken(URL tokenURL,
                                   String clientId,
                                   String clientSecret,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException

Description copied from interface: KeycloakClient

Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClient

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public TokenResponse queryUMAToken(URL tokenURL,
                                   String authorization,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException

Description copied from interface: KeycloakClient

Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClient

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - the audience (context) where to request the issuing of the ticket (URLEncoded)

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

refreshToken

public TokenResponse refreshToken(TokenResponse tokenResponse)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClient

Parameters:

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(URL tokenURL,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClient

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(String clientId,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id. Client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClient

Parameters:

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(String clientId,
                                  String clientSecret,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.

Specified by:

refreshToken in interface KeycloakClient

Parameters:

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

clientSecret - the requestor client secret, may be null for non-confidential clients

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(URL tokenURL,
                                  String clientId,
                                  String clientSecret,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.

Specified by:

refreshToken in interface KeycloakClient

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

clientSecret - the requestor client secret, may be null for non-confidential clients

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(String clientId,
                                  String refreshTokenJWTString)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response. Client secret will be not used.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClient

Parameters:

clientId - the requestor client id

refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(String clientId,
                                  String clientSecret,
                                  String refreshTokenJWTString)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.

Specified by:

refreshToken in interface KeycloakClient

Parameters:

clientId - the requestor client id

clientSecret - the requestor client secret, may be null for non-confidential clients

refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public TokenResponse refreshToken(URL tokenURL,
                                  String clientId,
                                  String clientSecret,
                                  String refreshTokenJWTString)
                           throws KeycloakClientException

Description copied from interface: KeycloakClient

Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.

Specified by:

refreshToken in interface KeycloakClient

clientId - the requestor client id

clientSecret - the requestor client secret, may be null for non-confidential clients

refreshTokenJWTString - the previously issued refresh token JWT string

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query