Package org.gcube.common.keycloak
Class DefaultKeycloakClient
- java.lang.Object
-
- org.gcube.common.keycloak.DefaultKeycloakClient
-
- All Implemented Interfaces:
KeycloakClient
public class DefaultKeycloakClient extends Object implements KeycloakClient
-
-
Field Summary
Fields Modifier and Type Field Description protected static StringAUTHORIZATION_HEADERstatic StringBASE_URLprotected static StringD4S_CONTEXT_HEADER_NAMEprotected static org.slf4j.Loggerlogger-
Fields inherited from interface org.gcube.common.keycloak.KeycloakClient
DEFAULT_REALM, OPEN_ID_URI_PATH, PROD_ROOT_SCOPE, TOKEN_INTROSPECT_URI_PATH, TOKEN_URI_PATH
-
-
Constructor Summary
Constructors Constructor Description DefaultKeycloakClient()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description URLcomputeIntrospectionEndpointURL(URL tokenEndpointURL)Compute the keycloakintrospectionendpointURLstarting from the provided token endpoint.protected StringconstructBasicAuthenticationHeader(String clientId, String clientSecret)protected StringconstructBeareAuthenticationHeader(TokenResponse oidcTokenResponse)URLgetIntrospectionEndpointURL(URL realmBaseURL)Constructs the KeycloakintrospectionendpointURLfrom the realm's base URL.URLgetRealmBaseURL(String context)Returns the Keycloak baseURLfor the given context and the default realm (d4science)URLgetRealmBaseURL(String context, String realm)Returns the Keycloak baseURLfor the given context and in the given realm.URLgetTokenEndpointURL(URL realmBaseURL)Constructs the KeycloaktokenendpointURLfrom the realm's base URL.TokenIntrospectionResponseintrospectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString)Introspects an access token against the Keycloak server.TokenIntrospectionResponseintrospectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)Introspects an access token against the Keycloak server.booleanisAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString)Verifies an access token against the Keycloak server.booleanisAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)Verifies an access token against the Keycloak server.protected TokenResponseperformRequest(URL tokenURL, Map<String,String> headers, Map<String,List<String>> params)TokenResponsequeryOIDCToken(String context, String authorization)Queries an OIDC token from the Keycloak server, by using provided authorization.TokenResponsequeryOIDCToken(String context, String clientId, String clientSecret)Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.TokenResponsequeryOIDCToken(URL tokenURL, String authorization)Queries an OIDC token from the Keycloak server, by using provided authorization.TokenResponsequeryOIDCToken(URL tokenURL, String clientId, String clientSecret)Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.TokenResponsequeryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience)Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.TokenResponsequeryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(String context, String authorization, String audience)Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience)Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(URL tokenURL, String authorization, String audience)Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience)Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.TokenResponsequeryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(String context, String authorization, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponserefreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString)Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.TokenResponserefreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.TokenResponserefreshToken(String context, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.TokenResponserefreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString)Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.TokenResponserefreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.TokenResponserefreshToken(URL tokenURL, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.protected voidsafeSetAsExternalCallForOldAPI(org.gcube.common.gxrest.request.GXHTTPStringRequest request)
-
-
-
Field Detail
-
logger
protected static org.slf4j.Logger logger
-
AUTHORIZATION_HEADER
protected static final String AUTHORIZATION_HEADER
- See Also:
- Constant Field Values
-
D4S_CONTEXT_HEADER_NAME
protected static final String D4S_CONTEXT_HEADER_NAME
- See Also:
- Constant Field Values
-
BASE_URL
public static final String BASE_URL
- See Also:
- Constant Field Values
-
-
Method Detail
-
getRealmBaseURL
public URL getRealmBaseURL(String context) throws KeycloakClientException
Description copied from interface:KeycloakClientReturns the Keycloak baseURLfor the given context and the default realm (d4science)- Specified by:
getRealmBaseURLin interfaceKeycloakClient- Parameters:
context- the context where the endpoint is needed (e.g./gcubefor DEV)- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getRealmBaseURL
public URL getRealmBaseURL(String context, String realm) throws KeycloakClientException
Description copied from interface:KeycloakClientReturns the Keycloak baseURLfor the given context and in the given realm.- Specified by:
getRealmBaseURLin interfaceKeycloakClient- Parameters:
context- the context where the endpoint is needed (e.g./gcubefor DEV)realm- the realm to use to construct the base URL- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getTokenEndpointURL
public URL getTokenEndpointURL(URL realmBaseURL) throws KeycloakClientException
Description copied from interface:KeycloakClientConstructs the KeycloaktokenendpointURLfrom the realm's base URL.- Specified by:
getTokenEndpointURLin interfaceKeycloakClient- Parameters:
realmBaseURL- the realm's base URL to use- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getIntrospectionEndpointURL
public URL getIntrospectionEndpointURL(URL realmBaseURL) throws KeycloakClientException
Description copied from interface:KeycloakClientConstructs the KeycloakintrospectionendpointURLfrom the realm's base URL.- Specified by:
getIntrospectionEndpointURLin interfaceKeycloakClient- Parameters:
realmBaseURL- the realm's base URL to use- Returns:
- the Keycloak
introspectionendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
computeIntrospectionEndpointURL
public URL computeIntrospectionEndpointURL(URL tokenEndpointURL) throws KeycloakClientException
Description copied from interface:KeycloakClientCompute the keycloakintrospectionendpointURLstarting from the provided token endpoint.- Specified by:
computeIntrospectionEndpointURLin interfaceKeycloakClient- Parameters:
tokenEndpointURL- the token endpoint to use in the compute- Returns:
- the keycloak
introspectionendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
queryOIDCToken
public TokenResponse queryOIDCToken(String context, String clientId, String clientSecret) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.- Specified by:
queryOIDCTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secret- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
public TokenResponse queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.- Specified by:
queryOIDCTokenWithContextin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUser
public TokenResponse queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Specified by:
queryOIDCTokenOfUserin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's password- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
public TokenResponse queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.- Specified by:
queryOIDCTokenOfUserWithContextin interfaceKeycloakClientclientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
public TokenResponse queryOIDCToken(URL tokenURL, String clientId, String clientSecret) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided clientId and client secret.- Specified by:
queryOIDCTokenin interfaceKeycloakClient- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secret- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.- Specified by:
queryOIDCTokenWithContextin interfaceKeycloakClient- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
constructBasicAuthenticationHeader
protected String constructBasicAuthenticationHeader(String clientId, String clientSecret)
-
queryOIDCTokenOfUserWithContext
public TokenResponse queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Specified by:
queryOIDCTokenOfUserWithContextin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)username- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
public TokenResponse queryOIDCToken(String context, String authorization) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided authorization.- Specified by:
queryOIDCTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
public TokenResponse queryOIDCTokenWithContext(String context, String authorization, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.- Specified by:
queryOIDCTokenWithContextin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one.- Specified by:
queryOIDCTokenOfUserWithContextin interfaceKeycloakClient- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's password- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Specified by:
queryOIDCTokenOfUserWithContextin interfaceKeycloakClientauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)username- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
public TokenResponse queryOIDCToken(URL tokenURL, String authorization) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided authorization.- Specified by:
queryOIDCTokenin interfaceKeycloakClientauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.- Specified by:
queryOIDCTokenWithContextin interfaceKeycloakClientauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
public TokenResponse queryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)audience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
public TokenResponse queryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClientaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
constructBeareAuthenticationHeader
protected String constructBeareAuthenticationHeader(TokenResponse oidcTokenResponse)
-
queryUMAToken
public TokenResponse queryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
public TokenResponse queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClient- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
public TokenResponse queryUMAToken(String context, String authorization, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- the audience (context) where to request the issuing of the ticket (URLEncoded)permissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
public TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions) throws KeycloakClientException
Description copied from interface:KeycloakClientQueries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Specified by:
queryUMATokenin interfaceKeycloakClientauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- the audience (context) where to request the issuing of the ticket (URLEncoded)permissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
performRequest
protected TokenResponse performRequest(URL tokenURL, Map<String,String> headers, Map<String,List<String>> params) throws KeycloakClientException
- Throws:
KeycloakClientException
-
refreshToken
public TokenResponse refreshToken(String context, TokenResponse tokenResponse) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: Forpublicclients types only.- Specified by:
refreshTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)tokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
public TokenResponse refreshToken(URL tokenURL, TokenResponse tokenResponse) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: Forpublicclients types only.- Specified by:
refreshTokenin interfaceKeycloakClienttokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
public TokenResponse refreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.- Specified by:
refreshTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client id, may benulland in this case will be take from the access token "issued for" claimclientSecret- the requestor client secret, may benullfor non-confidential clientstokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
public TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.- Specified by:
refreshTokenin interfaceKeycloakClientclientId- the requestor client id, may benulland in this case will be take from the access token "issued for" claimclientSecret- the requestor client secret, may benullfor non-confidential clientstokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
public TokenResponse refreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.- Specified by:
refreshTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secret, may benullfor non-confidential clientsrefreshTokenJWTString- the previously issued refresh token JWT string- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
public TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientRefreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.- Specified by:
refreshTokenin interfaceKeycloakClientclientId- the requestor client idclientSecret- the requestor client secret, may benullfor non-confidential clientsrefreshTokenJWTString- the previously issued refresh token JWT string- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
introspectAccessToken
public TokenIntrospectionResponse introspectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientIntrospects an access token against the Keycloak server.- Specified by:
introspectAccessTokenin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
- a
TokenIntrospectionResponseobject with the introspection results; in particular, theactivefield represents the token validity - Throws:
KeycloakClientException- if something goes wrong performing the verification
-
introspectAccessToken
public TokenIntrospectionResponse introspectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientIntrospects an access token against the Keycloak server.- Specified by:
introspectAccessTokenin interfaceKeycloakClient- Parameters:
introspectionURL- the introspection endpointURLof the Keycloak serverclientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
- a
TokenIntrospectionResponseobject with the introspection results; in particular, theactivefield represents the token validity - Throws:
KeycloakClientException- if something goes wrong performing the verification
-
isAccessTokenVerified
public boolean isAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientVerifies an access token against the Keycloak server.- Specified by:
isAccessTokenVerifiedin interfaceKeycloakClient- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
trueif the token is active,falseotherwise- Throws:
KeycloakClientException- if something goes wrong performing the verification
-
isAccessTokenVerified
public boolean isAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Description copied from interface:KeycloakClientVerifies an access token against the Keycloak server.- Specified by:
isAccessTokenVerifiedin interfaceKeycloakClient- Parameters:
introspectionURL- the introspection endpointURLof the Keycloak serverclientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
trueif the token is active,falseotherwise- Throws:
KeycloakClientException- if something goes wrong performing the verification
-
safeSetAsExternalCallForOldAPI
protected void safeSetAsExternalCallForOldAPI(org.gcube.common.gxrest.request.GXHTTPStringRequest request)
-
-