Search in sources :

Example 1 with JWTClientCredentialsProvider

use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.

the class PreAuthActionsHandler method handleJwksRequest.

protected void handleJwksRequest() {
    try {
        JSONWebKeySet jwks = new JSONWebKeySet();
        ClientCredentialsProvider clientCredentialsProvider = deployment.getClientAuthenticator();
        // For now, just get signature key from JWT provider. We can add more if we support encryption etc.
        if (clientCredentialsProvider instanceof JWTClientCredentialsProvider) {
            PublicKey publicKey = ((JWTClientCredentialsProvider) clientCredentialsProvider).getPublicKey();
            JWK jwk = JWKBuilder.create().rs256(publicKey);
            jwks.setKeys(new JWK[] { jwk });
        } else {
            jwks.setKeys(new JWK[] {});
        }
        facade.getResponse().setStatus(200);
        facade.getResponse().setHeader("Content-Type", "application/json");
        JsonSerialization.writeValueToStream(facade.getResponse().getOutputStream(), jwks);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : JSONWebKeySet(org.keycloak.jose.jwk.JSONWebKeySet) PublicKey(java.security.PublicKey) JWTClientCredentialsProvider(org.keycloak.adapters.authentication.JWTClientCredentialsProvider) ClientCredentialsProvider(org.keycloak.adapters.authentication.ClientCredentialsProvider) VerificationException(org.keycloak.common.VerificationException) JWTClientCredentialsProvider(org.keycloak.adapters.authentication.JWTClientCredentialsProvider) JWK(org.keycloak.jose.jwk.JWK)

Example 2 with JWTClientCredentialsProvider

use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.

the class ClientAuthSignedJWTTest method getClientSignedJWT.

private String getClientSignedJWT(KeyPair keyPair, String clientId) {
    JWTClientCredentialsProvider jwtProvider = new JWTClientCredentialsProvider();
    jwtProvider.setupKeyPair(keyPair);
    jwtProvider.setTokenTimeout(10);
    return jwtProvider.createSignedRequestToken(clientId, getRealmInfoUrl());
}
Also used : JWTClientCredentialsProvider(org.keycloak.adapters.authentication.JWTClientCredentialsProvider)

Example 3 with JWTClientCredentialsProvider

use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.

the class OIDCJwksClientRegistrationTest method getClientSignedJWT.

private String getClientSignedJWT(String clientId, KeyPair keyPair, final String kid) {
    String realmInfoUrl = KeycloakUriBuilder.fromUri(getAuthServerRoot()).path(ServiceUrlConstants.REALM_INFO_PATH).build(REALM_NAME).toString();
    // Use token-endpoint as audience as OIDC conformance testsuite is using it too.
    JWTClientCredentialsProvider jwtProvider = new JWTClientCredentialsProvider() {

        @Override
        public String createSignedRequestToken(String clientId, String realmInfoUrl) {
            if (KEEP_GENERATED_KID.equals(kid)) {
                return super.createSignedRequestToken(clientId, realmInfoUrl);
            } else {
                JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl);
                return new JWSBuilder().kid(kid).jsonContent(jwt).rsa256(keyPair.getPrivate());
            }
        }

        @Override
        protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl) {
            JsonWebToken jwt = super.createRequestToken(clientId, realmInfoUrl);
            String tokenEndpointUrl = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString();
            jwt.audience(tokenEndpointUrl);
            return jwt;
        }
    };
    jwtProvider.setupKeyPair(keyPair);
    jwtProvider.setTokenTimeout(10);
    return jwtProvider.createSignedRequestToken(clientId, realmInfoUrl);
}
Also used : JsonWebToken(org.keycloak.representations.JsonWebToken) JWTClientCredentialsProvider(org.keycloak.adapters.authentication.JWTClientCredentialsProvider) JWSBuilder(org.keycloak.jose.jws.JWSBuilder)

Aggregations

JWTClientCredentialsProvider (org.keycloak.adapters.authentication.JWTClientCredentialsProvider)3 PublicKey (java.security.PublicKey)1 ClientCredentialsProvider (org.keycloak.adapters.authentication.ClientCredentialsProvider)1 VerificationException (org.keycloak.common.VerificationException)1 JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)1 JWK (org.keycloak.jose.jwk.JWK)1 JWSBuilder (org.keycloak.jose.jws.JWSBuilder)1 JsonWebToken (org.keycloak.representations.JsonWebToken)1