KeycloakClient (keycloak-client 1.3.0-SNAPSHOT API)

All Known Implementing Classes:

AbstractPlugin, DefaultKeycloakClient
```
public interface KeycloakClient
```

Field Summary

Fields
Modifier and Type Field and Description

static String CATEGORY

static String DESCRIPTION

static org.slf4j.Logger logger

static String NAME

Fields
Modifier and Type	Field and Description
`static String`	`CATEGORY`
`static String`	`DESCRIPTION`
`static org.slf4j.Logger`	`logger`
`static String`	`NAME`

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`URL`	`computeIntrospectionEndpointURL()` Compute the keycloak `introspection` endpoint `URL` starting from the discovered token endpoint it in the current scope provided by `ScopeProvider`.
`URL`	`computeIntrospectionEndpointURL(URL tokenEndpointURL)` Compute the keycloak `introspection` endpoint `URL` starting from the provided token endpoint.
`URL`	`findTokenEndpointURL()` Finds the keycloak `token` endpoint `URL` discovering it in the current scope provided by `ScopeProvider`
`TokenIntrospectionResponse`	`introspectAccessToken(String clientId, String clientSecret, String accessTokenJWTString)` Introspects an access token against the Keycloak server discovered in the current scope.
`TokenIntrospectionResponse`	`introspectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)` Introspects an access token against the Keycloak server.
`boolean`	`isAccessTokenVerified(String clientId, String clientSecret, String accessTokenJWTString)` Verifies an access token against the Keycloak server discovered in the current scope.
`boolean`	`isAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)` Verifies an access token against the Keycloak server.
`TokenResponse`	`queryOIDCToken(String clientId, String clientSecret)` Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.
`TokenResponse`	`queryOIDCToken(URL tokenURL, String authorization)` Queries an OIDC token from the Keycloak server, by using provided authorization.
`TokenResponse`	`queryOIDCToken(URL tokenURL, String clientId, String clientSecret)` Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.
`TokenResponse`	`queryUMAToken(String clientId, String clientSecret, List<String> permissions)` Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`queryUMAToken(String clientId, String clientSecret, String audience, List<String> permissions)` Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`queryUMAToken(TokenResponse oidcTokenResponse, String audience, List<String> permissions)` Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the `TokenResponse` object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions)` Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions)` Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`queryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions)` Queries an UMA token from the Keycloak server, by using access-token provided by the `TokenResponse` object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
`TokenResponse`	`refreshToken(String refreshTokenJWTString)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response.
`TokenResponse`	`refreshToken(String clientId, String refreshTokenJWTString)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response.
`TokenResponse`	`refreshToken(String clientId, String clientSecret, String refreshTokenJWTString)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
`TokenResponse`	`refreshToken(String clientId, String clientSecret, TokenResponse tokenResponse)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
`TokenResponse`	`refreshToken(String clientId, TokenResponse tokenResponse)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id.
`TokenResponse`	`refreshToken(TokenResponse tokenResponse)` Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object.
`TokenResponse`	`refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString)` Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
`TokenResponse`	`refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse)` Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
`TokenResponse`	`refreshToken(URL tokenURL, TokenResponse tokenResponse)` Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.

- Field Detail
  - logger
```
static final org.slf4j.Logger logger
```
  - CATEGORY
```
static final String CATEGORY
```
    See Also:
    
    Constant Field Values
  - NAME
```
static final String NAME
```
    See Also:
    
    Constant Field Values
  - DESCRIPTION
```
static final String DESCRIPTION
```
    See Also:
    
    Constant Field Values
- Method Detail
  - findTokenEndpointURL
```
URL findTokenEndpointURL()
                  throws KeycloakClientException
```
    Finds the keycloak token endpoint URL discovering it in the current scope provided by ScopeProvider
    
    Returns:
    
    the keycloak token endpoint URL in the current scope
    
    Throws:
    
    KeycloakClientException - if something goes wrong discovering the endpoint URL
  - computeIntrospectionEndpointURL
```
URL computeIntrospectionEndpointURL()
                             throws KeycloakClientException
```
    Compute the keycloak introspection endpoint URL starting from the discovered token endpoint it in the current scope provided by ScopeProvider.
    
    Returns:
    
    the keycloak introspection endpoint URL in the current scope
    
    Throws:
    
    KeycloakClientException - if something goes wrong discovering the endpoint URL
  - computeIntrospectionEndpointURL
```
URL computeIntrospectionEndpointURL(URL tokenEndpointURL)
                             throws KeycloakClientException
```
    Compute the keycloak introspection endpoint URL starting from the provided token endpoint.
    
    Returns:
    
    the keycloak introspection endpoint URL in the current scope
    
    Throws:
    
    KeycloakClientException - if something goes wrong discovering the endpoint URL
  - queryOIDCToken
```
TokenResponse queryOIDCToken(String clientId,
                             String clientSecret)
                      throws KeycloakClientException
```
    Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.
    
    Parameters:
    
    clientId - the client id
    
    clientSecret - the client secret
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryOIDCToken
```
TokenResponse queryOIDCToken(URL tokenURL,
                             String clientId,
                             String clientSecret)
                      throws KeycloakClientException
```
    Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.
    
    Parameters:
    
    tokenURL - the token endpoint URL of the Keycloak server
    
    clientId - the client id
    
    clientSecret - the client secret
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryOIDCToken
```
TokenResponse queryOIDCToken(URL tokenURL,
                             String authorization)
                      throws KeycloakClientException
```
    Queries an OIDC token from the Keycloak server, by using provided authorization.
    
    Parameters:
    
    tokenUrl - the token endpoint URL of the OIDC server
    
    authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(URL tokenURL,
                            String authorization,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    tokenUrl - the token endpoint URL of the OIDC server
    
    authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
    
    audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(URL tokenURL,
                            TokenResponse oidcTokenResponse,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    clientId - the client id
    
    clientSecret - the client secret
    
    audience - the audience (context) where to request the issuing of the ticket
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(URL tokenURL,
                            String clientId,
                            String clientSecret,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    tokenURL - the token endpoint URL of the Keycloak server
    
    clientId - the client id
    
    clientSecret - the client secret
    
    audience - the audience (context) where to request the issuing of the ticket
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(TokenResponse oidcTokenResponse,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    clientId - the client id
    
    clientSecret - the client secret
    
    audience - the audience (context) where to request the issuing of the ticket
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(String clientId,
                            String clientSecret,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    clientId - the client id
    
    clientSecret - the client secret
    
    audience - the audience (context) where to request the issuing of the ticket
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - queryUMAToken
```
TokenResponse queryUMAToken(String clientId,
                            String clientSecret,
                            List<String> permissions)
                     throws KeycloakClientException
```
    Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.
    
    Parameters:
    
    clientId - the client id
    
    clientSecret - the client secret
    
    permissions - a list of permissions, can be null
    
    Returns:
    
    the issued token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the query
  - refreshToken
```
TokenResponse refreshToken(TokenResponse tokenResponse)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
    NOTE: For public clients types only.
    
    Parameters:
    
    tokenResponse - the previously issued token as TokenResponse object
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(URL tokenURL,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
    NOTE: For public clients types only.
    
    Parameters:
    
    tokenUrl - the token endpoint URL of the OIDC server
    
    tokenResponse - the previously issued token as TokenResponse object
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(String clientId,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id. Client secret will be not sent.
    NOTE: For public clients types only.
    
    Parameters:
    
    clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
    
    tokenResponse - the previously issued token as TokenResponse object
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(String clientId,
                           String clientSecret,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
    
    Parameters:
    
    clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
    
    clientSecret - the requestor client secret, may be null for non-confidential clients
    
    tokenResponse - the previously issued token as TokenResponse object
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(URL tokenURL,
                           String clientId,
                           String clientSecret,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
    
    Parameters:
    
    clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
    
    clientSecret - the requestor client secret, may be null for non-confidential clients
    
    tokenResponse - the previously issued token as TokenResponse object
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(String refreshTokenJWTString)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response. Client id will be read from "issued for" refresh token's claim and client secret will be not sent.
    NOTE: For public clients types only.
    
    Parameters:
    
    refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(String clientId,
                           String refreshTokenJWTString)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response. Client secret will be not used.
    NOTE: For public clients types only.
    
    Parameters:
    
    clientId - the requestor client id
    
    refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(String clientId,
                           String clientSecret,
                           String refreshTokenJWTString)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
    
    Parameters:
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret, may be null for non-confidential clients
    
    refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - refreshToken
```
TokenResponse refreshToken(URL tokenURL,
                           String clientId,
                           String clientSecret,
                           String refreshTokenJWTString)
                    throws KeycloakClientException
```
    Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
    
    Parameters:
    
    tokenUrl - the token endpoint URL of the OIDC server
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret, may be null for non-confidential clients
    
    refreshTokenJWTString - the previously issued refresh token JWT string
    
    Returns:
    
    the refreshed token as TokenResponse object
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the refresh query
  - introspectAccessToken
```
TokenIntrospectionResponse introspectAccessToken(String clientId,
                                                 String clientSecret,
                                                 String accessTokenJWTString)
                                          throws KeycloakClientException
```
    Introspects an access token against the Keycloak server discovered in the current scope.
    
    Parameters:
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret
    
    accessTokenJWTString - the access token to verify
    
    Returns:
    
    true if the token is valid, false otherwise
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the verification
  - introspectAccessToken
```
TokenIntrospectionResponse introspectAccessToken(URL introspectionURL,
                                                 String clientId,
                                                 String clientSecret,
                                                 String accessTokenJWTString)
                                          throws KeycloakClientException
```
    Introspects an access token against the Keycloak server.
    
    Parameters:
    
    introspectionURL - the introspection endpoint URL of the Keycloak server
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret
    
    accessTokenJWTString - the access token to verify
    
    Returns:
    
    a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the verification
  - isAccessTokenVerified
```
boolean isAccessTokenVerified(String clientId,
                              String clientSecret,
                              String accessTokenJWTString)
                       throws KeycloakClientException
```
    Verifies an access token against the Keycloak server discovered in the current scope.
    
    Parameters:
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret
    
    accessTokenJWTString - the access token to verify
    
    Returns:
    
    a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the verification
  - isAccessTokenVerified
```
boolean isAccessTokenVerified(URL introspectionURL,
                              String clientId,
                              String clientSecret,
                              String accessTokenJWTString)
                       throws KeycloakClientException
```
    Verifies an access token against the Keycloak server.
    
    Parameters:
    
    introspectionURL - the introspection endpoint URL of the Keycloak server
    
    clientId - the requestor client id
    
    clientSecret - the requestor client secret
    
    accessTokenJWTString - the access token to verify
    
    Returns:
    
    true if the token is active, false otherwise
    
    Throws:
    
    KeycloakClientException - if something goes wrong performing the verification

Interface KeycloakClient

Field Summary

Method Summary

Field Detail

logger

CATEGORY

NAME

DESCRIPTION

Method Detail

findTokenEndpointURL

computeIntrospectionEndpointURL

computeIntrospectionEndpointURL

queryOIDCToken

queryOIDCToken

queryOIDCToken

queryUMAToken

queryUMAToken

queryUMAToken

queryUMAToken

queryUMAToken

queryUMAToken

refreshToken

refreshToken

refreshToken

refreshToken

refreshToken

refreshToken

refreshToken

refreshToken

refreshToken

introspectAccessToken

introspectAccessToken

isAccessTokenVerified

isAccessTokenVerified