Package org.gcube.common.keycloak
Interface KeycloakClient
-
- All Known Implementing Classes:
DefaultKeycloakClient
public interface KeycloakClient
-
-
Field Summary
Fields Modifier and Type Field Description static StringDEFAULT_REALMstatic StringOPEN_ID_URI_PATHstatic StringPROD_ROOT_SCOPEstatic StringTOKEN_INTROSPECT_URI_PATHstatic StringTOKEN_URI_PATH
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description URLcomputeIntrospectionEndpointURL(URL tokenEndpointURL)Compute the keycloakintrospectionendpointURLstarting from the provided token endpoint.URLgetIntrospectionEndpointURL(URL realmBaseURL)Constructs the KeycloakintrospectionendpointURLfrom the realm's base URL.URLgetRealmBaseURL(String context)Returns the Keycloak baseURLfor the given context and the default realm (d4science)URLgetRealmBaseURL(String context, String realm)Returns the Keycloak baseURLfor the given context and in the given realm.URLgetTokenEndpointURL(URL realmBaseURL)Constructs the KeycloaktokenendpointURLfrom the realm's base URL.TokenIntrospectionResponseintrospectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString)Introspects an access token against the Keycloak server.TokenIntrospectionResponseintrospectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)Introspects an access token against the Keycloak server.booleanisAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString)Verifies an access token against the Keycloak server.booleanisAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString)Verifies an access token against the Keycloak server.TokenResponsequeryOIDCToken(String context, String authorization)Queries an OIDC token from the Keycloak server, by using provided authorization.TokenResponsequeryOIDCToken(String context, String clientId, String clientSecret)Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.TokenResponsequeryOIDCToken(URL tokenURL, String authorization)Queries an OIDC token from the Keycloak server, by using provided authorization.TokenResponsequeryOIDCToken(URL tokenURL, String clientId, String clientSecret)Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.TokenResponsequeryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience)Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.TokenResponsequeryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.TokenResponsequeryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience)Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(String context, String authorization, String audience)Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience)Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(URL tokenURL, String authorization, String audience)Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.TokenResponsequeryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience)Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.TokenResponsequeryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(String context, String authorization, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponsequeryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions)Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.TokenResponserefreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString)Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.TokenResponserefreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.TokenResponserefreshToken(String context, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.TokenResponserefreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString)Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.TokenResponserefreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.TokenResponserefreshToken(URL tokenURL, TokenResponse tokenResponse)Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.
-
-
-
Field Detail
-
PROD_ROOT_SCOPE
static final String PROD_ROOT_SCOPE
- See Also:
- Constant Field Values
-
OPEN_ID_URI_PATH
static final String OPEN_ID_URI_PATH
- See Also:
- Constant Field Values
-
TOKEN_URI_PATH
static final String TOKEN_URI_PATH
- See Also:
- Constant Field Values
-
TOKEN_INTROSPECT_URI_PATH
static final String TOKEN_INTROSPECT_URI_PATH
- See Also:
- Constant Field Values
-
DEFAULT_REALM
static final String DEFAULT_REALM
- See Also:
- Constant Field Values
-
-
Method Detail
-
getRealmBaseURL
URL getRealmBaseURL(String context) throws KeycloakClientException
Returns the Keycloak baseURLfor the given context and the default realm (d4science)- Parameters:
context- the context where the endpoint is needed (e.g./gcubefor DEV)- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getRealmBaseURL
URL getRealmBaseURL(String context, String realm) throws KeycloakClientException
Returns the Keycloak baseURLfor the given context and in the given realm.- Parameters:
context- the context where the endpoint is needed (e.g./gcubefor DEV)realm- the realm to use to construct the base URL- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getTokenEndpointURL
URL getTokenEndpointURL(URL realmBaseURL) throws KeycloakClientException
Constructs the KeycloaktokenendpointURLfrom the realm's base URL.- Parameters:
realmBaseURL- the realm's base URL to use- Returns:
- the Keycloak
tokenendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
getIntrospectionEndpointURL
URL getIntrospectionEndpointURL(URL realmBaseURL) throws KeycloakClientException
Constructs the KeycloakintrospectionendpointURLfrom the realm's base URL.- Parameters:
realmBaseURL- the realm's base URL to use- Returns:
- the Keycloak
introspectionendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
computeIntrospectionEndpointURL
URL computeIntrospectionEndpointURL(URL tokenEndpointURL) throws KeycloakClientException
Compute the keycloakintrospectionendpointURLstarting from the provided token endpoint.- Parameters:
tokenEndpointURL- the token endpoint to use in the compute- Returns:
- the keycloak
introspectionendpoint URL - Throws:
KeycloakClientException- if something goes wrong discovering the endpoint URL
-
queryOIDCToken
TokenResponse queryOIDCToken(String context, String clientId, String clientSecret) throws KeycloakClientException
Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secret- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
TokenResponse queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience) throws KeycloakClientException
Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUser
TokenResponse queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password) throws KeycloakClientException
Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's password- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
TokenResponse queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
TokenResponse queryOIDCToken(URL tokenURL, String clientId, String clientSecret) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secret- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
TokenResponse queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one.- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretusername- the user's usernamepassword- the user's password- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
TokenResponse queryOIDCToken(String context, String authorization) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided authorization.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
TokenResponse queryOIDCTokenWithContext(String context, String authorization, String audience) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
TokenResponse queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience) throws KeycloakClientException
Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)username- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCToken
TokenResponse queryOIDCToken(URL tokenURL, String authorization) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided authorization.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenWithContext
TokenResponse queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience) throws KeycloakClientException
Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryOIDCTokenOfUserWithContext
TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience) throws KeycloakClientException
Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)username- the user's usernamepassword- the user's passwordaudience- an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(String context, String authorization, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)authorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- the audience (context) where to request the issuing of the ticket (URLEncoded)permissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverauthorization- the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)audience- the audience (context) where to request the issuing of the ticket (URLEncoded)permissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)tokenResponse- the previously issued token asTokenResponseobjectaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using access-token provided by theTokenResponseobject for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
tokenUrl- the token endpointURLof the OIDC servertokenResponse- the previously issued token asTokenResponseobjectaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the client idclientSecret- the client secretaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
queryUMAToken
TokenResponse queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.- Parameters:
tokenURL- the token endpointURLof the Keycloak serverclientId- the client idclientSecret- the client secretaudience- the audience (context) where to request the issuing of the ticketpermissions- a list of permissions, can benull- Returns:
- the issued token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the query
-
refreshToken
TokenResponse refreshToken(String context, TokenResponse tokenResponse) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: Forpublicclients types only.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)tokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
TokenResponse refreshToken(URL tokenURL, TokenResponse tokenResponse) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: Forpublicclients types only.- Parameters:
tokenUrl- the token endpointURLof the OIDC servertokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
TokenResponse refreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client id, may benulland in this case will be take from the access token "issued for" claimclientSecret- the requestor client secret, may benullfor non-confidential clientstokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverclientId- the requestor client id, may benulland in this case will be take from the access token "issued for" claimclientSecret- the requestor client secret, may benullfor non-confidential clientstokenResponse- the previously issued token asTokenResponseobject- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
TokenResponse refreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secret, may benullfor non-confidential clientsrefreshTokenJWTString- the previously issued refresh token JWT string- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
refreshToken
TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.- Parameters:
tokenUrl- the token endpointURLof the OIDC serverclientId- the requestor client idclientSecret- the requestor client secret, may benullfor non-confidential clientsrefreshTokenJWTString- the previously issued refresh token JWT string- Returns:
- the refreshed token as
TokenResponseobject - Throws:
KeycloakClientException- if something goes wrong performing the refresh query
-
introspectAccessToken
TokenIntrospectionResponse introspectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Introspects an access token against the Keycloak server.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
- a
TokenIntrospectionResponseobject with the introspection results; in particular, theactivefield represents the token validity - Throws:
KeycloakClientException- if something goes wrong performing the verification
-
introspectAccessToken
TokenIntrospectionResponse introspectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Introspects an access token against the Keycloak server.- Parameters:
introspectionURL- the introspection endpointURLof the Keycloak serverclientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
- a
TokenIntrospectionResponseobject with the introspection results; in particular, theactivefield represents the token validity - Throws:
KeycloakClientException- if something goes wrong performing the verification
-
isAccessTokenVerified
boolean isAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Verifies an access token against the Keycloak server.- Parameters:
context- the context where the Keycloak's is needed (e.g./gcubefor DEV)clientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
trueif the token is active,falseotherwise- Throws:
KeycloakClientException- if something goes wrong performing the verification
-
isAccessTokenVerified
boolean isAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
Verifies an access token against the Keycloak server.- Parameters:
introspectionURL- the introspection endpointURLof the Keycloak serverclientId- the requestor client idclientSecret- the requestor client secretaccessTokenJWTString- the access token to verify- Returns:
trueif the token is active,falseotherwise- Throws:
KeycloakClientException- if something goes wrong performing the verification
-
-