org.gcube.common.keycloak

Interface KeycloakClient

All Known Implementing Classes:

DefaultKeycloakClient

public interface KeycloakClient

Field Summary

Fields

Modifier and Type	Field and Description
static String	AVATAR_URI_PATH
static String	D4S_CONTEXT_HEADER_NAME
static String	D4S_DYNAMIC_SCOPE_NAME
static String	D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM
static String	D4S_EU_EXTENDED_PROFILE_SCOPE
static String	D4S_IDENTITY_SCOPE
static String	DEFAULT_DYNAMIC_SCOPE_SEPARATOR
static String	DEFAULT_REALM
static String	JWK_URI_PATH
static String	OPEN_ID_URI_PATH
static String	PROD_ROOT_SCOPE
static String	TOKEN_INTROSPECT_URI_PATH
static String	TOKEN_URI_PATH

Method Summary

Modifier and Type	Method and Description
KeycloakClient	addDynamicScope(String dynamicScope, String value) Adds the dynamic scope to the list of scopes to use for the next OIDC token requests
KeycloakClient	addScopes(List<String> scopes) Adds the provided OIDC scopes to the list of scopes to use for the next OIDC token requests
URL	computeIntrospectionEndpointURL(URL tokenEndpointURL) Compute the keycloak introspection endpoint URL starting from the provided token endpoint.
TokenResponse	exchangeTokenForAccessToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access token for a specific client and a specific audience
TokenResponse	exchangeTokenForAccessToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access token for a specific client and a specific audience
TokenResponse	exchangeTokenForOfflineToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the offline_access within its scopes
TokenResponse	exchangeTokenForOfflineToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the scope offline_access within its scopes
TokenResponse	exchangeTokenForRefreshToken(String context, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access and a refresh tokens for a specific client and a specific audience
TokenResponse	exchangeTokenForRefreshToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret, String audience) Exchanges a token for another access and a refresh tokens for a specific client and a specific audience
byte[]	getAvatarData(String context, TokenResponse tokenResponse) Retrieves the user's avatar image data from Keycloak server.
byte[]	getAvatarData(URL avatarURL, String authorization) Retrieves the user's avatar image data from Keycloak server.
byte[]	getAvatarData(URL avatarURL, TokenResponse tokenResponse) Retrieves the user's avatar image data from Keycloak server.
URL	getAvatarEndpointURL(URL realmBaseURL) Constructs the Keycloak avatar endpoint URL from the realm's base URL.
URL	getIntrospectionEndpointURL(URL realmBaseURL) Constructs the Keycloak introspection endpoint URL from the realm's base URL.
URL	getJWKEndpointURL(URL realmBaseURL) Constructs the Keycloak JWK endpoint URL from the realm's base URL.
URL	getRealmBaseURL(String context) Returns the Keycloak base URL for the given context and the default realm (d4science)
URL	getRealmBaseURL(String context, String realm) Returns the Keycloak base URL for the given context and in the given realm.
PublishedRealmRepresentation	getRealmInfo(URL realmURL) Gets the realm info setup (RSA public_key, token-service URL, account-service URL and tokens-not-before setting)
JSONWebKeySet	getRealmJSONWebKeySet(URL jwkURL) Loads the actual JWK from the Keycloak server
URL	getTokenEndpointURL(URL realmBaseURL) Constructs the Keycloak token endpoint URL from the realm's base URL.
TokenIntrospectionResponse	introspectAccessToken(String context, String clientId, String clientSecret, String accessTokenJWTString) Introspects an access token against the Keycloak server.
TokenIntrospectionResponse	introspectAccessToken(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) Introspects an access token against the Keycloak server.
boolean	isAccessTokenVerified(String context, String clientId, String clientSecret, String accessTokenJWTString) Verifies an access token against the Keycloak server.
boolean	isAccessTokenVerified(URL introspectionURL, String clientId, String clientSecret, String accessTokenJWTString) Verifies an access token against the Keycloak server.
TokenResponse	queryOIDCToken(String context, String authorization) Queries an OIDC token from the Keycloak server, by using provided authorization.
TokenResponse	queryOIDCToken(String context, String authorization, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided authorization.
TokenResponse	queryOIDCToken(String context, String clientId, String clientSecret) Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.
TokenResponse	queryOIDCToken(String context, String clientId, String clientSecret, Map<String,String> extraHeaders) Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.
TokenResponse	queryOIDCToken(URL tokenURL, String authorization) Queries an OIDC token from the Keycloak server, by using provided authorization.
TokenResponse	queryOIDCToken(URL tokenURL, String authorization, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided authorization.
TokenResponse	queryOIDCToken(URL tokenURL, String clientId, String clientSecret) Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.
TokenResponse	queryOIDCToken(URL tokenURL, String clientId, String clientSecret, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.
TokenResponse	queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUser(String context, String clientId, String clientSecret, String username, String password, Map<String,String> extraHeaders) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUserWithContext(String context, String authorization, String username, String password, String audience, Map<String,String> extraHeaders) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience) Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenOfUserWithContext(String context, String clientId, String clientSecret, String username, String password, String audience, Map<String,String> extraHeaders) Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUserWithContext(URL tokenURL, String authorization, String username, String password, String audience, Map<String,String> extraHeaders) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
TokenResponse	queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenOfUserWithContext(URL tokenURL, String clientId, String clientSecret, String username, String password, String audience, Map<String,String> extraHeaders) Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(String context, String authorization, String audience) Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(String context, String authorization, String audience, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience) Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(String context, String clientId, String clientSecret, String audience, Map<String,String> extraHeaders) Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience) Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(URL tokenURL, String authorization, String audience, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience) Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.
TokenResponse	queryOIDCTokenWithContext(URL tokenURL, String clientId, String clientSecret, String audience, Map<String,String> extraHeaders) Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one.
TokenResponse	queryUMAToken(String context, String authorization, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(String context, String clientId, String clientSecret, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(String context, TokenResponse oidcTokenResponse, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(URL tokenURL, String authorization, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(URL tokenURL, String clientId, String clientSecret, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	queryUMAToken(URL tokenURL, TokenResponse oidcTokenResponse, String audience, List<String> permissions) Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
TokenResponse	refreshToken(String context, String clientId, String clientSecret, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
TokenResponse	refreshToken(String context, String clientId, String clientSecret, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
TokenResponse	refreshToken(String context, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.
TokenResponse	refreshToken(URL tokenURL, String clientId, String clientSecret, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
TokenResponse	refreshToken(URL tokenURL, String clientId, String clientSecret, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
TokenResponse	refreshToken(URL tokenURL, TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object.
KeycloakClient	removeAllScopes() Removes all the custom OIDC scopes from the list of scopes to use the next OIDC token requests
KeycloakClient	removeScopes(List<String> scopes) Removes the provided OIDC scopes from the list of scopes to use for the next OIDC token requests
KeycloakClient	useDynamicScopeInsteadOfCustomHeaderForContextRestricion(boolean useDynamicScopeInsteadOfCustomHeaderForContextRestricion) Sets a flag to use dynamic scope (D4S_DYNAMIC_SCOPE_NAME = "d4s-context") instead of custom header (D4S_CONTEXT_HEADER_NAME = "x-d4science-context") when an OIDC token with context is used
KeycloakClient	useScopes(List<String> scopes) Replaces the list of the provided OIDC scopes for the next OIDC token requests

Field Detail

PROD_ROOT_SCOPE

static final String PROD_ROOT_SCOPE

See Also:

Constant Field Values

OPEN_ID_URI_PATH

static final String OPEN_ID_URI_PATH

See Also:

Constant Field Values

TOKEN_URI_PATH

static final String TOKEN_URI_PATH

See Also:

Constant Field Values

JWK_URI_PATH

static final String JWK_URI_PATH

See Also:

Constant Field Values

TOKEN_INTROSPECT_URI_PATH

static final String TOKEN_INTROSPECT_URI_PATH

See Also:

Constant Field Values

AVATAR_URI_PATH

static final String AVATAR_URI_PATH

See Also:

Constant Field Values

D4S_CONTEXT_HEADER_NAME

static final String D4S_CONTEXT_HEADER_NAME

See Also:

Constant Field Values

D4S_IDENTITY_SCOPE

static final String D4S_IDENTITY_SCOPE

See Also:

Constant Field Values

D4S_EU_EXTENDED_PROFILE_SCOPE

static final String D4S_EU_EXTENDED_PROFILE_SCOPE

See Also:

Constant Field Values

D4S_DYNAMIC_SCOPE_NAME

static final String D4S_DYNAMIC_SCOPE_NAME

See Also:

Constant Field Values

D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM

static final String D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM

See Also:

Constant Field Values

DEFAULT_DYNAMIC_SCOPE_SEPARATOR

static final String DEFAULT_DYNAMIC_SCOPE_SEPARATOR

See Also:

Constant Field Values

DEFAULT_REALM

static final String DEFAULT_REALM

See Also:

Constant Field Values

Method Detail

useScopes

KeycloakClient useScopes(List<String> scopes)

Replaces the list of the provided OIDC scopes for the next OIDC token requests

Parameters:

scopes - the list of scopes to use in the calls

Returns:

the client itself

addScopes

KeycloakClient addScopes(List<String> scopes)

Adds the provided OIDC scopes to the list of scopes to use for the next OIDC token requests

Parameters:

scopes - the list of scopes to add

Returns:

the client itself

addDynamicScope

KeycloakClient addDynamicScope(String dynamicScope,
                               String value)

Adds the dynamic scope to the list of scopes to use for the next OIDC token requests

Parameters:

dynamicScope - the dynamic scope that will be the prefix

value - the value of the dynamic scope

Returns:

the client itself

removeScopes

KeycloakClient removeScopes(List<String> scopes)

Removes the provided OIDC scopes from the list of scopes to use for the next OIDC token requests

Parameters:

scopes - the list of scopes to remove

Returns:

the client itself

removeAllScopes

KeycloakClient removeAllScopes()

Removes all the custom OIDC scopes from the list of scopes to use the next OIDC token requests

Returns:

the client itself

useDynamicScopeInsteadOfCustomHeaderForContextRestricion

KeycloakClient useDynamicScopeInsteadOfCustomHeaderForContextRestricion(boolean useDynamicScopeInsteadOfCustomHeaderForContextRestricion)

Sets a flag to use dynamic scope (D4S_DYNAMIC_SCOPE_NAME = "d4s-context") instead of custom header (D4S_CONTEXT_HEADER_NAME = "x-d4science-context") when an OIDC token with context is used

Parameters:

useDynamicScopeInsteadOfCustomHeaderForContextRestricion - use or not use dynamic scope

Returns:

the client itself

getRealmBaseURL

URL getRealmBaseURL(String context)
             throws KeycloakClientException

Returns the Keycloak base URL for the given context and the default realm (d4science)

Parameters:

context - the context where the endpoint is needed (e.g. /gcube for DEV)

Returns:

the Keycloak token endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getRealmBaseURL

URL getRealmBaseURL(String context,
                    String realm)
             throws KeycloakClientException

Returns the Keycloak base URL for the given context and in the given realm.

Parameters:

context - the context where the endpoint is needed (e.g. /gcube for DEV)

realm - the realm to use to construct the base URL

Returns:

the Keycloak token endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getTokenEndpointURL

URL getTokenEndpointURL(URL realmBaseURL)
                 throws KeycloakClientException

Constructs the Keycloak token endpoint URL from the realm's base URL.

Parameters:

realmBaseURL - the realm's base URL to use

Returns:

the Keycloak token endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getJWKEndpointURL

URL getJWKEndpointURL(URL realmBaseURL)
               throws KeycloakClientException

Constructs the Keycloak JWK endpoint URL from the realm's base URL.

Parameters:

realmBaseURL - the realm's base URL to use

Returns:

the Keycloak JWK endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getIntrospectionEndpointURL

URL getIntrospectionEndpointURL(URL realmBaseURL)
                         throws KeycloakClientException

Constructs the Keycloak introspection endpoint URL from the realm's base URL.

Parameters:

realmBaseURL - the realm's base URL to use

Returns:

the Keycloak introspection endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

computeIntrospectionEndpointURL

URL computeIntrospectionEndpointURL(URL tokenEndpointURL)
                             throws KeycloakClientException

Compute the keycloak introspection endpoint URL starting from the provided token endpoint.

Parameters:

tokenEndpointURL - the token endpoint to use in the compute

Returns:

the keycloak introspection endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getAvatarEndpointURL

URL getAvatarEndpointURL(URL realmBaseURL)
                  throws KeycloakClientException

Constructs the Keycloak avatar endpoint URL from the realm's base URL.

Parameters:

realmBaseURL - the realm's base URL to use

Returns:

the Keycloak avatar endpoint URL

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

getRealmInfo

PublishedRealmRepresentation getRealmInfo(URL realmURL)
                                   throws KeycloakClientException

Gets the realm info setup (RSA public_key, token-service URL, account-service URL and tokens-not-before setting)

Parameters:

realmURL - the realm URL

Returns:

the configured realm info

Throws:

KeycloakClientException - if something goes wrong getting realm info

getRealmJSONWebKeySet

JSONWebKeySet getRealmJSONWebKeySet(URL jwkURL)
                             throws KeycloakClientException

Loads the actual JWK from the Keycloak server

Parameters:

jwkURL - the server's jwk URL to use

Returns:

an object with JWK details

Throws:

KeycloakClientException - if something goes wrong getting JWK info

queryOIDCToken

TokenResponse queryOIDCToken(String context,
                             String clientId,
                             String clientSecret)
                      throws KeycloakClientException

Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(String context,
                             String clientId,
                             String clientSecret,
                             Map<String,String> extraHeaders)
                      throws KeycloakClientException

Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(URL tokenURL,
                             String clientId,
                             String clientSecret)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided clientId and client secret.

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(URL tokenURL,
                             String clientId,
                             String clientSecret,
                             Map<String,String> extraHeaders)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided clientId and client secret. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(String context,
                             String authorization)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(String context,
                             String authorization,
                             Map<String,String> extraHeaders)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(URL tokenURL,
                             String authorization)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCToken

TokenResponse queryOIDCToken(URL tokenURL,
                             String authorization,
                             Map<String,String> extraHeaders)
                      throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(String context,
                                        String clientId,
                                        String clientSecret,
                                        String audience)
                                 throws KeycloakClientException

Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(String context,
                                        String clientId,
                                        String clientSecret,
                                        String audience,
                                        Map<String,String> extraHeaders)
                                 throws KeycloakClientException

Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(URL tokenURL,
                                        String clientId,
                                        String clientSecret,
                                        String audience)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(URL tokenURL,
                                        String clientId,
                                        String clientSecret,
                                        String audience,
                                        Map<String,String> extraHeaders)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(String context,
                                        String authorization,
                                        String audience)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(String context,
                                        String authorization,
                                        String audience,
                                        Map<String,String> extraHeaders)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(URL tokenURL,
                                        String authorization,
                                        String audience)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenWithContext

TokenResponse queryOIDCTokenWithContext(URL tokenURL,
                                        String authorization,
                                        String audience,
                                        Map<String,String> extraHeaders)
                                 throws KeycloakClientException

Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUser

TokenResponse queryOIDCTokenOfUser(String context,
                                   String clientId,
                                   String clientSecret,
                                   String username,
                                   String password)
                            throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUser

TokenResponse queryOIDCTokenOfUser(String context,
                                   String clientId,
                                   String clientSecret,
                                   String username,
                                   String password,
                                   Map<String,String> extraHeaders)
                            throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(String context,
                                              String authorization,
                                              String username,
                                              String password,
                                              String audience)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(String context,
                                              String clientId,
                                              String clientSecret,
                                              String username,
                                              String password,
                                              String audience)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(String context,
                                              String clientId,
                                              String clientSecret,
                                              String username,
                                              String password,
                                              String audience,
                                              Map<String,String> extraHeaders)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL,
                                              String clientId,
                                              String clientSecret,
                                              String username,
                                              String password,
                                              String audience)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom x-d4science-context HTTP header that the proper mapper on Keycloak uses to reduce the audience

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL,
                                              String clientId,
                                              String clientSecret,
                                              String username,
                                              String password,
                                              String audience,
                                              Map<String,String> extraHeaders)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(String context,
                                              String authorization,
                                              String username,
                                              String password,
                                              String audience,
                                              Map<String,String> extraHeaders)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL,
                                              String authorization,
                                              String username,
                                              String password,
                                              String audience)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryOIDCTokenOfUserWithContext

TokenResponse queryOIDCTokenOfUserWithContext(URL tokenURL,
                                              String authorization,
                                              String username,
                                              String password,
                                              String audience,
                                              Map<String,String> extraHeaders)
                                       throws KeycloakClientException

Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

username - the user's username

password - the user's password

audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak

extraHeaders - extra HTTP headers to add to the request

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(String context,
                            String authorization,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - the audience (context) where to request the issuing of the ticket (URLEncoded)

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(URL tokenURL,
                            String authorization,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)

audience - the audience (context) where to request the issuing of the ticket (URLEncoded)

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(String context,
                            TokenResponse oidcTokenResponse,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

oidcTokenResponse - the previously issued token as TokenResponse object

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(URL tokenURL,
                            TokenResponse oidcTokenResponse,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

oidcTokenResponse - the previously issued token as TokenResponse object

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(String context,
                            String clientId,
                            String clientSecret,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the client id

clientSecret - the client secret

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

TokenResponse queryUMAToken(URL tokenURL,
                            String clientId,
                            String clientSecret,
                            String audience,
                            List<String> permissions)
                     throws KeycloakClientException

Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Parameters:

tokenURL - the token endpoint URL of the Keycloak server

clientId - the client id

clientSecret - the client secret

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

refreshToken

TokenResponse refreshToken(String context,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: For public clients types only.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

TokenResponse refreshToken(URL tokenURL,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: For public clients types only.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

TokenResponse refreshToken(String context,
                           String clientId,
                           String clientSecret,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

clientSecret - the requestor client secret, may be null for non-confidential clients

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

TokenResponse refreshToken(URL tokenURL,
                           String clientId,
                           String clientSecret,
                           TokenResponse tokenResponse)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

clientSecret - the requestor client secret, may be null for non-confidential clients

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

TokenResponse refreshToken(String context,
                           String clientId,
                           String clientSecret,
                           String refreshTokenJWTString)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the requestor client id

clientSecret - the requestor client secret, may be null for non-confidential clients

refreshTokenJWTString - the previously issued refresh token JWT string

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

TokenResponse refreshToken(URL tokenURL,
                           String clientId,
                           String clientSecret,
                           String refreshTokenJWTString)
                    throws KeycloakClientException

Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.

Parameters:

tokenURL - the token endpoint URL of the OIDC server

clientId - the requestor client id

clientSecret - the requestor client secret, may be null for non-confidential clients

refreshTokenJWTString - the previously issued refresh token JWT string

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

exchangeTokenForAccessToken

TokenResponse exchangeTokenForAccessToken(String context,
                                          String oidcAccessToken,
                                          String clientId,
                                          String clientSecret,
                                          String audience)
                                   throws KeycloakClientException

Exchanges a token for another access token for a specific client and a specific audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

KeycloakClientException - if an error occurs during the exchange

exchangeTokenForAccessToken

TokenResponse exchangeTokenForAccessToken(URL tokenURL,
                                          String oidcAccessToken,
                                          String clientId,
                                          String clientSecret,
                                          String audience)
                                   throws KeycloakClientException

Exchanges a token for another access token for a specific client and a specific audience

Parameters:

tokenURL - the token endpoint URL

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

KeycloakClientException - if an error occurs during the exchange

exchangeTokenForRefreshToken

TokenResponse exchangeTokenForRefreshToken(String context,
                                           String oidcAccessToken,
                                           String clientId,
                                           String clientSecret,
                                           String audience)
                                    throws KeycloakClientException

Exchanges a token for another access and a refresh tokens for a specific client and a specific audience

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

KeycloakClientException - if an error occurs during the exchange

exchangeTokenForRefreshToken

TokenResponse exchangeTokenForRefreshToken(URL tokenURL,
                                           String oidcAccessToken,
                                           String clientId,
                                           String clientSecret,
                                           String audience)
                                    throws KeycloakClientException

Exchanges a token for another access and a refresh tokens for a specific client and a specific audience

Parameters:

tokenURL - the token endpoint URL

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

KeycloakClientException - if an error occurs during the exchange

exchangeTokenForOfflineToken

TokenResponse exchangeTokenForOfflineToken(String context,
                                           String oidcAccessToken,
                                           String clientId,
                                           String clientSecret,
                                           String audience)
                                    throws IllegalArgumentException,
                                           KeycloakClientException

Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the offline_access within its scopes

Parameters:

context - the token endpoint URL

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

IllegalArgumentException - if the original token does'nt contains the offline_access scope within its scopes or if is impossible to parse the access token as JSON

KeycloakClientException - if an error occurs during the exchange

exchangeTokenForOfflineToken

TokenResponse exchangeTokenForOfflineToken(URL tokenURL,
                                           String oidcAccessToken,
                                           String clientId,
                                           String clientSecret,
                                           String audience)
                                    throws IllegalArgumentException,
                                           KeycloakClientException

Exchanges a token for another access and an offline refresh tokens for a specific client and a specific audience The refresh token will be of the offline type only if the original token has the scope offline_access within its scopes

Parameters:

tokenURL - the token endpoint URL

oidcAccessToken - the original access token to exchange

clientId - the authorized client's id

clientSecret - the authorized client's secret

audience - the requested token audience

Returns:

the exchanged token response

Throws:

IllegalArgumentException - if the original token does'nt contains the offline_access scope within its scopes or if is impossible to parse the access token as JSON

KeycloakClientException - if an error occurs during the exchange

introspectAccessToken

TokenIntrospectionResponse introspectAccessToken(String context,
                                                 String clientId,
                                                 String clientSecret,
                                                 String accessTokenJWTString)
                                          throws KeycloakClientException

Introspects an access token against the Keycloak server.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity

Throws:

KeycloakClientException - if something goes wrong performing the verification

introspectAccessToken

TokenIntrospectionResponse introspectAccessToken(URL introspectionURL,
                                                 String clientId,
                                                 String clientSecret,
                                                 String accessTokenJWTString)
                                          throws KeycloakClientException

Introspects an access token against the Keycloak server.

Parameters:

introspectionURL - the introspection endpoint URL of the Keycloak server

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity

Throws:

KeycloakClientException - if something goes wrong performing the verification

isAccessTokenVerified

boolean isAccessTokenVerified(String context,
                              String clientId,
                              String clientSecret,
                              String accessTokenJWTString)
                       throws KeycloakClientException

Verifies an access token against the Keycloak server.

Parameters:

context - the context where the Keycloak's is needed (e.g. /gcube for DEV)

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

true if the token is active, false otherwise

Throws:

KeycloakClientException - if something goes wrong performing the verification

isAccessTokenVerified

boolean isAccessTokenVerified(URL introspectionURL,
                              String clientId,
                              String clientSecret,
                              String accessTokenJWTString)
                       throws KeycloakClientException

Verifies an access token against the Keycloak server.

Parameters:

introspectionURL - the introspection endpoint URL of the Keycloak server

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

true if the token is active, false otherwise

Throws:

KeycloakClientException - if something goes wrong performing the verification

getAvatarData

byte[] getAvatarData(String context,
                     TokenResponse tokenResponse)
              throws KeycloakClientException

Retrieves the user's avatar image data from Keycloak server.

Parameters:

context - the context used to compute the server endpoint in the correct environment

tokenResponse - the token response where to get the bearer token for the authorization header.

Returns:

the avatar's data bytes

Throws:

KeycloakClientException - if something goes wrong in the request

getAvatarData

byte[] getAvatarData(URL avatarURL,
                     TokenResponse tokenResponse)
              throws KeycloakClientException

Retrieves the user's avatar image data from Keycloak server.

Parameters:

avatarURL - the server's avatar endpoint URL

tokenResponse - the token response where to get the bearer token for the authorization header.

Returns:

the avatar's data bytes

Throws:

KeycloakClientException - if something goes wrong in the request

getAvatarData

byte[] getAvatarData(URL avatarURL,
                     String authorization)
              throws KeycloakClientException

Retrieves the user's avatar image data from Keycloak server.

Parameters:

avatarURL - the server's avatar endpoint URL

authorization - the string to user as authorization header (e.g. 'bearer xxxx')

Returns:

the avatar's data bytes

Throws:

KeycloakClientException - if something goes wrong in the request