Package org.gcube.common.keycloak

Class DefaultKeycloakClient

java.lang.Object
org.gcube.common.keycloak.DefaultKeycloakClient
All Implemented Interfaces:
KeycloakClient
public class DefaultKeycloakClient extends Object implements KeycloakClient

  • Field Details

  • Constructor Details

    • DefaultKeycloakClient

      public DefaultKeycloakClient()

  • Method Details

    • setCustomBaseURL

      public void setCustomBaseURL(String customBaseURL)

    • useScopes

      public KeycloakClient useScopes(List<String> scopes)
      Description copied from interface: KeycloakClient
      Replaces the list of the provided OIDC scopes for the next OIDC token requests
      Specified by:
      useScopes in interface KeycloakClient
      Parameters:
      scopes - the list of scopes to use in the calls
      Returns:
      the client itself

    • addScopes

      public KeycloakClient addScopes(List<String> scopes)
      Description copied from interface: KeycloakClient
      Adds the provided OIDC scopes to the list of scopes to use for the next OIDC token requests
      Specified by:
      addScopes in interface KeycloakClient
      Parameters:
      scopes - the list of scopes to add
      Returns:
      the client itself

    • removeScopes

      public KeycloakClient removeScopes(List<String> scopes)
      Description copied from interface: KeycloakClient
      Removes the provided OIDC scopes from the list of scopes to use for the next OIDC token requests
      Specified by:
      removeScopes in interface KeycloakClient
      Parameters:
      scopes - the list of scopes to remove
      Returns:
      the client itself

    • addDynamicScope

      public KeycloakClient addDynamicScope(String dynamicScope, String value)
      Description copied from interface: KeycloakClient
      Adds the dynamic scope to the list of scopes to use for the next OIDC token requests
      Specified by:
      addDynamicScope in interface KeycloakClient
      Parameters:
      dynamicScope - the dynamic scope that will be the prefix
      value - the value of the dynamic scope
      Returns:
      the client itself

    • constructDynamicScope

      protected static String constructDynamicScope(String dynamicScope, String value)

    • removeAllScopes

      public KeycloakClient removeAllScopes()
      Description copied from interface: KeycloakClient
      Removes all the custom OIDC scopes from the list of scopes to use the next OIDC token requests
      Specified by:
      removeAllScopes in interface KeycloakClient
      Returns:
      the client itself

    • useDynamicScopeInsteadOfCustomHeaderForContextRestricion

      public KeycloakClient useDynamicScopeInsteadOfCustomHeaderForContextRestricion(boolean useDynamicScopeInsteadOfCustomHeaderForContextRestricion)
      Description copied from interface: KeycloakClient
      Sets a flag to use dynamic scope (KeycloakClient.D4S_DYNAMIC_SCOPE_NAME = "d4s-context") instead of custom header (KeycloakClient.D4S_CONTEXT_HEADER_NAME = "x-d4science-context") when an OIDC token with context is used
      Specified by:
      useDynamicScopeInsteadOfCustomHeaderForContextRestricion in interface KeycloakClient
      Parameters:
      useDynamicScopeInsteadOfCustomHeaderForContextRestricion - use or not use dynamic scope
      Returns:
      the client itself

    • getCustomBaseURL

      public String getCustomBaseURL()

    • getRealmBaseURL

      public URL getRealmBaseURL(String context) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Returns the Keycloak base URL for the given context and the default realm (d4science)
      Specified by:
      getRealmBaseURL in interface KeycloakClient
      Parameters:
      context - the context where the endpoint is needed (e.g. /gcube for DEV)
      Returns:
      the Keycloak token endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getRealmBaseURL

      public URL getRealmBaseURL(String context, String realm) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Returns the Keycloak base URL for the given context and in the given realm.
      Specified by:
      getRealmBaseURL in interface KeycloakClient
      Parameters:
      context - the context where the endpoint is needed (e.g. /gcube for DEV)
      realm - the realm to use to construct the base URL
      Returns:
      the Keycloak token endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getTokenEndpointURL

      public URL getTokenEndpointURL(URL realmBaseURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Constructs the Keycloak token endpoint URL from the realm's base URL.
      Specified by:
      getTokenEndpointURL in interface KeycloakClient
      Parameters:
      realmBaseURL - the realm's base URL to use
      Returns:
      the Keycloak token endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getJWKEndpointURL

      public URL getJWKEndpointURL(URL realmBaseURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Constructs the Keycloak JWK endpoint URL from the realm's base URL.
      Specified by:
      getJWKEndpointURL in interface KeycloakClient
      Parameters:
      realmBaseURL - the realm's base URL to use
      Returns:
      the Keycloak JWK endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getIntrospectionEndpointURL

      public URL getIntrospectionEndpointURL(URL realmBaseURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Constructs the Keycloak introspection endpoint URL from the realm's base URL.
      Specified by:
      getIntrospectionEndpointURL in interface KeycloakClient
      Parameters:
      realmBaseURL - the realm's base URL to use
      Returns:
      the Keycloak introspection endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getAvatarEndpointURL

      public URL getAvatarEndpointURL(URL realmBaseURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Constructs the Keycloak avatar endpoint URL from the realm's base URL.
      Specified by:
      getAvatarEndpointURL in interface KeycloakClient
      Parameters:
      realmBaseURL - the realm's base URL to use
      Returns:
      the Keycloak avatar endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • computeIntrospectionEndpointURL

      public URL computeIntrospectionEndpointURL(URL tokenEndpointURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Compute the keycloak introspection endpoint URL starting from the provided token endpoint.
      Specified by:
      computeIntrospectionEndpointURL in interface KeycloakClient
      Parameters:
      tokenEndpointURL - the token endpoint to use in the compute
      Returns:
      the keycloak introspection endpoint URL
      Throws:
      KeycloakClientException - if something goes wrong discovering the endpoint URL

    • getRealmInfo

      public PublishedRealmRepresentation getRealmInfo(URL realmURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Gets the realm info setup (RSA public_key, token-service URL, account-service URL and tokens-not-before setting)
      Specified by:
      getRealmInfo in interface KeycloakClient
      Parameters:
      realmURL - the realm URL
      Returns:
      the configured realm info
      Throws:
      KeycloakClientException - if something goes wrong getting realm info

    • getRealmJSONWebKeySet

      public JSONWebKeySet getRealmJSONWebKeySet(URL jwkURL) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Loads the actual JWK from the Keycloak server
      Specified by:
      getRealmJSONWebKeySet in interface KeycloakClient
      Parameters:
      jwkURL - the server's jwk URL to use
      Returns:
      an object with JWK details
      Throws:
      KeycloakClientException - if something goes wrong getting JWK info

    • queryOIDCToken

      public TokenResponse queryOIDCToken(String context, String clientId, String clientSecret) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(String context, String clientId, String clientSecret, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(URL tokenURL, String clientId, String clientSecret) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(URL tokenURL, String clientId, String clientSecret, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided clientId and client secret. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(String context, String authorization) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(URL tokenURL, String authorization) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(String context, String authorization, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCToken

      public TokenResponse queryOIDCToken(URL tokenURL, String authorization, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUser

      public TokenResponse queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
      Specified by:
      queryOIDCTokenOfUser in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUser

      public TokenResponse queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenOfUser in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(String context, String authorization, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(String context, String authorization, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • constructBasicAuthenticationHeader

      protected static String constructBasicAuthenticationHeader(String clientId, String clientSecret)

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenOfUserWithContext

      public TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenOfUserWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      username - the user's username
      password - the user's password
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryOIDCTokenWithContext

      public TokenResponse queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience, Map<String,String> extraHeaders) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
      Specified by:
      queryOIDCTokenWithContext in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
      extraHeaders - extra HTTP headers to add to the request
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryUMAToken

      public TokenResponse queryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      oidcTokenResponse - the previously issued token as TokenResponse object
      audience - the audience (context) where to request the issuing of the ticket
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryUMAToken

      public TokenResponse queryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      oidcTokenResponse - the previously issued token as TokenResponse object
      audience - the audience (context) where to request the issuing of the ticket
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • constructBeareAuthenticationHeader

      protected static String constructBeareAuthenticationHeader(TokenResponse oidcTokenResponse)

    • queryUMAToken

      public TokenResponse queryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the client id
      clientSecret - the client secret
      audience - the audience (context) where to request the issuing of the ticket
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryUMAToken

      public TokenResponse queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the Keycloak server
      clientId - the client id
      clientSecret - the client secret
      audience - the audience (context) where to request the issuing of the ticket
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryUMAToken

      public TokenResponse queryUMAToken(String context, String authorization, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • queryUMAToken

      public TokenResponse queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      Specified by:
      queryUMAToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
      audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
      permissions - a list of permissions, can be null
      Returns:
      the issued token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the query

    • performRequest

      protected TokenResponse performRequest(URL tokenURL, Map<String,String> headers, Map<String,List<String>> params) throws KeycloakClientException
      Throws:
      KeycloakClientException

    • performRequest

      protected <T> T performRequest(Class<T> returnObjectClass, URL url, Map<String,String> headers, Map<String,List<String>> params) throws KeycloakClientException
      Throws:
      KeycloakClientException

    • refreshToken

      public TokenResponse refreshToken(String context, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
      NOTE: For public clients types only.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      tokenResponse - the previously issued token as TokenResponse object
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • refreshToken

      public TokenResponse refreshToken(URL tokenURL, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
      NOTE: For public clients types only.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      tokenResponse - the previously issued token as TokenResponse object
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • refreshToken

      public TokenResponse refreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
      clientSecret - the requestor client secret, may be null for non-confidential clients
      tokenResponse - the previously issued token as TokenResponse object
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • refreshToken

      public TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
      clientSecret - the requestor client secret, may be null for non-confidential clients
      tokenResponse - the previously issued token as TokenResponse object
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • refreshToken

      public TokenResponse refreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the requestor client id
      clientSecret - the requestor client secret, may be null for non-confidential clients
      refreshTokenJWTString - the previously issued refresh token JWT string
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • refreshToken

      public TokenResponse refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
      Specified by:
      refreshToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      clientId - the requestor client id
      clientSecret - the requestor client secret, may be null for non-confidential clients
      refreshTokenJWTString - the previously issued refresh token JWT string
      Returns:
      the refreshed token as TokenResponse object
      Throws:
      KeycloakClientException - if something goes wrong performing the refresh query

    • exchangeTokenForAccessToken

      public TokenResponse exchangeTokenForAccessToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access token for a specific client and a specific audience
      Specified by:
      exchangeTokenForAccessToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      KeycloakClientException - if an error occurs during the exchange

    • exchangeTokenForAccessToken

      public TokenResponse exchangeTokenForAccessToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access token for a specific client and a specific audience
      Specified by:
      exchangeTokenForAccessToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      KeycloakClientException - if an error occurs during the exchange

    • exchangeTokenForRefreshToken

      public TokenResponse exchangeTokenForRefreshToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access and a refresh tokens for a specific client and a specific audience
      Specified by:
      exchangeTokenForRefreshToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      KeycloakClientException - if an error occurs during the exchange

    • exchangeTokenForRefreshToken

      public TokenResponse exchangeTokenForRefreshToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access and a refresh tokens for a specific client and a specific audience
      Specified by:
      exchangeTokenForRefreshToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      KeycloakClientException - if an error occurs during the exchange

    • exchangeTokenForOfflineToken

      public TokenResponse exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the offline_access within its scopes
      Specified by:
      exchangeTokenForOfflineToken in interface KeycloakClient
      Parameters:
      context - the token endpoint URL
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      IllegalArgumentException - if the original token does'nt contains the offline_access scope within its scopes or if is impossible to parse the access token as JSON
      KeycloakClientException - if an error occurs during the exchange

    • exchangeTokenForOfflineToken

      public TokenResponse exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) throws IllegalArgumentException, KeycloakClientException
      Description copied from interface: KeycloakClient
      Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the scope offline_access within its scopes
      Specified by:
      exchangeTokenForOfflineToken in interface KeycloakClient
      Parameters:
      tokenURL - the token endpoint URL
      oidcAccessToken - the original access token to exchange
      clientId - the authorized client's id
      clientSecret - the authorized client's secret
      audience - the requested token audience
      Returns:
      the exchanged token response
      Throws:
      IllegalArgumentException - if the original token does'nt contains the offline_access scope within its scopes or if is impossible to parse the access token as JSON
      KeycloakClientException - if an error occurs during the exchange

    • exchangeToken

      protected TokenResponse exchangeToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience, String requestedTokenType, String scope) throws KeycloakClientException
      Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context), in URLEncoded form or not,
      Parameters:
      tokenURL - the token endpoint URL of the OIDC server
      oidcAccessToken - the auth token (the access token URLEncoded by the "Bearer " string)
      clientId - the client id
      clientSecret - the client secret
      audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
      requestedTokenType - the token type (e.g. refresh)
      scope - the scope, optional can be null
      Returns:
      the issued exchanged token
      Throws:
      KeycloakClientException - if an error occurs, inspect the exception for details

    • introspectAccessToken

      public TokenIntrospectionResponse introspectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Introspects an access token against the Keycloak server.
      Specified by:
      introspectAccessToken in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the requestor client id
      clientSecret - the requestor client secret
      accessTokenJWTString - the access token to verify
      Returns:
      a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity
      Throws:
      KeycloakClientException - if something goes wrong performing the verification

    • introspectAccessToken

      public TokenIntrospectionResponse introspectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Introspects an access token against the Keycloak server.
      Specified by:
      introspectAccessToken in interface KeycloakClient
      Parameters:
      introspectionURL - the introspection endpoint URL of the Keycloak server
      clientId - the requestor client id
      clientSecret - the requestor client secret
      accessTokenJWTString - the access token to verify
      Returns:
      a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity
      Throws:
      KeycloakClientException - if something goes wrong performing the verification

    • isAccessTokenVerified

      public boolean isAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Verifies an access token against the Keycloak server.
      Specified by:
      isAccessTokenVerified in interface KeycloakClient
      Parameters:
      context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
      clientId - the requestor client id
      clientSecret - the requestor client secret
      accessTokenJWTString - the access token to verify
      Returns:
      true if the token is active, false otherwise
      Throws:
      KeycloakClientException - if something goes wrong performing the verification

    • isAccessTokenVerified

      public boolean isAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Verifies an access token against the Keycloak server.
      Specified by:
      isAccessTokenVerified in interface KeycloakClient
      Parameters:
      introspectionURL - the introspection endpoint URL of the Keycloak server
      clientId - the requestor client id
      clientSecret - the requestor client secret
      accessTokenJWTString - the access token to verify
      Returns:
      true if the token is active, false otherwise
      Throws:
      KeycloakClientException - if something goes wrong performing the verification

    • safeSetAsExternalCallForOldAPI

      protected void safeSetAsExternalCallForOldAPI(org.gcube.common.gxhttp.request.GXHTTPStringRequest request)

    • getAvatarData

      public byte[] getAvatarData(String context, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Retrieves the user's avatar image data from Keycloak server.
      Specified by:
      getAvatarData in interface KeycloakClient
      Parameters:
      context - the context used to compute the server endpoint in the correct environment
      tokenResponse - the token response where to get the bearer token for the authorization header.
      Returns:
      the avatar's data bytes
      Throws:
      KeycloakClientException - if something goes wrong in the request

    • getAvatarData

      public byte[] getAvatarData(URL avatarURL, TokenResponse tokenResponse) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Retrieves the user's avatar image data from Keycloak server.
      Specified by:
      getAvatarData in interface KeycloakClient
      Parameters:
      avatarURL - the server's avatar endpoint URL
      tokenResponse - the token response where to get the bearer token for the authorization header.
      Returns:
      the avatar's data bytes
      Throws:
      KeycloakClientException - if something goes wrong in the request

    • getAvatarData

      public byte[] getAvatarData(URL avatarURL, String authorization) throws KeycloakClientException
      Description copied from interface: KeycloakClient
      Retrieves the user's avatar image data from Keycloak server.
      Specified by:
      getAvatarData in interface KeycloakClient
      Parameters:
      avatarURL - the server's avatar endpoint URL
      authorization - the string to user as authorization header (e.g. 'bearer xxxx')
      Returns:
      the avatar's data bytes
      Throws:
      KeycloakClientException - if something goes wrong in the request