use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.
the class PreAuthActionsHandler method handleJwksRequest.
protected void handleJwksRequest() {
try {
JSONWebKeySet jwks = new JSONWebKeySet();
ClientCredentialsProvider clientCredentialsProvider = deployment.getClientAuthenticator();
// For now, just get signature key from JWT provider. We can add more if we support encryption etc.
if (clientCredentialsProvider instanceof JWTClientCredentialsProvider) {
PublicKey publicKey = ((JWTClientCredentialsProvider) clientCredentialsProvider).getPublicKey();
JWK jwk = JWKBuilder.create().rs256(publicKey);
jwks.setKeys(new JWK[] { jwk });
} else {
jwks.setKeys(new JWK[] {});
}
facade.getResponse().setStatus(200);
facade.getResponse().setHeader("Content-Type", "application/json");
JsonSerialization.writeValueToStream(facade.getResponse().getOutputStream(), jwks);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.
the class ClientAuthSignedJWTTest method getClientSignedJWT.
private String getClientSignedJWT(KeyPair keyPair, String clientId) {
JWTClientCredentialsProvider jwtProvider = new JWTClientCredentialsProvider();
jwtProvider.setupKeyPair(keyPair);
jwtProvider.setTokenTimeout(10);
return jwtProvider.createSignedRequestToken(clientId, getRealmInfoUrl());
}
use of org.keycloak.adapters.authentication.JWTClientCredentialsProvider in project keycloak by keycloak.
the class OIDCJwksClientRegistrationTest method getClientSignedJWT.
private String getClientSignedJWT(String clientId, KeyPair keyPair, final String kid) {
String realmInfoUrl = KeycloakUriBuilder.fromUri(getAuthServerRoot()).path(ServiceUrlConstants.REALM_INFO_PATH).build(REALM_NAME).toString();
// Use token-endpoint as audience as OIDC conformance testsuite is using it too.
JWTClientCredentialsProvider jwtProvider = new JWTClientCredentialsProvider() {
@Override
public String createSignedRequestToken(String clientId, String realmInfoUrl) {
if (KEEP_GENERATED_KID.equals(kid)) {
return super.createSignedRequestToken(clientId, realmInfoUrl);
} else {
JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl);
return new JWSBuilder().kid(kid).jsonContent(jwt).rsa256(keyPair.getPrivate());
}
}
@Override
protected JsonWebToken createRequestToken(String clientId, String realmInfoUrl) {
JsonWebToken jwt = super.createRequestToken(clientId, realmInfoUrl);
String tokenEndpointUrl = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString();
jwt.audience(tokenEndpointUrl);
return jwt;
}
};
jwtProvider.setupKeyPair(keyPair);
jwtProvider.setTokenTimeout(10);
return jwtProvider.createSignedRequestToken(clientId, realmInfoUrl);
}
Aggregations