|
|
@ -92,7 +92,7 @@ public interface KeycloakClient {
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param realmURL the realm URL
|
|
|
|
* @param realmURL the realm URL
|
|
|
|
* @return the configured realm info
|
|
|
|
* @return the configured realm info
|
|
|
|
* @throws KeycloakClientException
|
|
|
|
* @throws KeycloakClientException if something goes wrong getting realm info
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
PublishedRealmRepresentation getRealmInfo(URL realmURL) throws KeycloakClientException;
|
|
|
|
PublishedRealmRepresentation getRealmInfo(URL realmURL) throws KeycloakClientException;
|
|
|
|
|
|
|
|
|
|
|
@ -149,7 +149,6 @@ public interface KeycloakClient {
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the query
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the query
|
|
|
@ -161,7 +160,6 @@ public interface KeycloakClient {
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -172,7 +170,7 @@ public interface KeycloakClient {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the query
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the query
|
|
|
@ -183,7 +181,7 @@ public interface KeycloakClient {
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -259,7 +257,6 @@ public interface KeycloakClient {
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -273,7 +270,6 @@ public interface KeycloakClient {
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
@ -286,7 +282,7 @@ public interface KeycloakClient {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -299,7 +295,7 @@ public interface KeycloakClient {
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
|
* @param extraHeaders extra HTTP headers to add to the request
|
|
|
@ -358,7 +354,7 @@ public interface KeycloakClient {
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
|
|
|
|
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the Keycloak server
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param clientId the client id
|
|
|
|
* @param clientId the client id
|
|
|
|
* @param clientSecret the client secret
|
|
|
|
* @param clientSecret the client secret
|
|
|
|
* @param username the user's username
|
|
|
|
* @param username the user's username
|
|
|
@ -376,7 +372,7 @@ public interface KeycloakClient {
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
|
|
|
|
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the Keycloak server
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param clientId the client id
|
|
|
|
* @param clientId the client id
|
|
|
|
* @param clientSecret the client secret
|
|
|
|
* @param clientSecret the client secret
|
|
|
|
* @param username the user's username
|
|
|
|
* @param username the user's username
|
|
|
@ -442,7 +438,7 @@ public interface KeycloakClient {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
|
|
|
|
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param username the user's username
|
|
|
|
* @param username the user's username
|
|
|
|
* @param password the user's password
|
|
|
|
* @param password the user's password
|
|
|
@ -457,7 +453,7 @@ public interface KeycloakClient {
|
|
|
|
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
|
|
|
|
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
* Optionally extra HTTP headers can be provided to be used in the call.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param username the user's username
|
|
|
|
* @param username the user's username
|
|
|
|
* @param password the user's password
|
|
|
|
* @param password the user's password
|
|
|
@ -487,7 +483,7 @@ public interface KeycloakClient {
|
|
|
|
* Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context),
|
|
|
|
* Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context),
|
|
|
|
* in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
* in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
@ -502,7 +498,7 @@ public interface KeycloakClient {
|
|
|
|
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param oidcTokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -515,8 +511,8 @@ public interface KeycloakClient {
|
|
|
|
* Queries an UMA token from the Keycloak server, by using access-token provided by the {@link TokenResponse} object
|
|
|
|
* Queries an UMA token from the Keycloak server, by using access-token provided by the {@link TokenResponse} object
|
|
|
|
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param oidcTokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket
|
|
|
|
* @param audience the audience (context) where to request the issuing of the ticket
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
|
* @param permissions a list of permissions, can be <code>null</code>
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
|
* @return the issued token as {@link TokenResponse} object
|
|
|
@ -576,7 +572,7 @@ public interface KeycloakClient {
|
|
|
|
* Client id will be read from "issued for" access token's claim and client secret will be not sent.
|
|
|
|
* Client id will be read from "issued for" access token's claim and client secret will be not sent.
|
|
|
|
* <br><b>NOTE</b>: For <code>public</code> clients types only.
|
|
|
|
* <br><b>NOTE</b>: For <code>public</code> clients types only.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @return the refreshed token as {@link TokenResponse} object
|
|
|
|
* @return the refreshed token as {@link TokenResponse} object
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the refresh query
|
|
|
|
* @throws KeycloakClientException if something goes wrong performing the refresh query
|
|
|
@ -601,7 +597,7 @@ public interface KeycloakClient {
|
|
|
|
* Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the
|
|
|
|
* Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the
|
|
|
|
* token response object and the provided client id and secret.
|
|
|
|
* token response object and the provided client id and secret.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param clientId the requestor client id, may be <code>null</code> and in this case will be take from the access token "issued for" claim
|
|
|
|
* @param clientId the requestor client id, may be <code>null</code> and in this case will be take from the access token "issued for" claim
|
|
|
|
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
|
|
|
|
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
|
* @param tokenResponse the previously issued token as {@link TokenResponse} object
|
|
|
@ -629,7 +625,7 @@ public interface KeycloakClient {
|
|
|
|
* Refreshes a previously issued token from the Keycloak server by using the client id and secret
|
|
|
|
* Refreshes a previously issued token from the Keycloak server by using the client id and secret
|
|
|
|
* and the refresh token JWT encoded string obtained with the access token in the previous token response.
|
|
|
|
* and the refresh token JWT encoded string obtained with the access token in the previous token response.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param tokenURL the token endpoint {@link URL} of the OIDC server
|
|
|
|
* @param clientId the requestor client id
|
|
|
|
* @param clientId the requestor client id
|
|
|
|
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
|
|
|
|
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
|
|
|
|
* @param refreshTokenJWTString the previously issued refresh token JWT string
|
|
|
|
* @param refreshTokenJWTString the previously issued refresh token JWT string
|
|
|
|