Search in sources :

Example 1 with DynamicClientUpdateContext

use of org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext in project keycloak by keycloak.

the class ClientRegistrationAuth method requireUpdate.

public RegistrationAuth requireUpdate(ClientRegistrationContext context, ClientModel client) {
    RegistrationAuth regAuth = requireUpdateAuth(client);
    try {
        session.clientPolicy().triggerOnEvent(new DynamicClientUpdateContext(context, client, jwt, realm));
        ClientRegistrationPolicyManager.triggerBeforeUpdate(context, regAuth, client);
    } catch (ClientRegistrationPolicyException | ClientPolicyException crpe) {
        throw forbidden(crpe.getMessage());
    }
    return regAuth;
}
Also used : RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientUpdateContext(org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext) ClientRegistrationPolicyException(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 2 with DynamicClientUpdateContext

use of org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext in project keycloak by keycloak.

the class SecureClientUrisExecutor method executeOnEvent.

@Override
public void executeOnEvent(ClientPolicyContext context) throws ClientPolicyException {
    switch(context.getEvent()) {
        case REGISTER:
            if (context instanceof AdminClientRegisterContext || context instanceof DynamicClientRegisterContext) {
                ClientRepresentation clientRep = ((ClientCRUDContext) context).getProposedClientRepresentation();
                confirmSecureUris(clientRep);
                // Use rootUrl as default redirectUrl to avoid creation of redirectUris with wildcards, which is done at later stages during client creation
                if (clientRep.getRootUrl() != null && (clientRep.getRedirectUris() == null || clientRep.getRedirectUris().isEmpty())) {
                    logger.debugf("Setup Redirect URI = %s for client %s", clientRep.getRootUrl(), clientRep.getClientId());
                    clientRep.setRedirectUris(Collections.singletonList(clientRep.getRootUrl()));
                }
            } else {
                throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "not allowed input format.");
            }
            return;
        case UPDATE:
            if (context instanceof AdminClientUpdateContext || context instanceof DynamicClientUpdateContext) {
                confirmSecureUris(((ClientCRUDContext) context).getProposedClientRepresentation());
            } else {
                throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "not allowed input format.");
            }
            return;
        case AUTHORIZATION_REQUEST:
            confirmSecureRedirectUri(((AuthorizationRequestContext) context).getRedirectUri());
            return;
        default:
            return;
    }
}
Also used : ClientCRUDContext(org.keycloak.services.clientpolicy.context.ClientCRUDContext) AdminClientUpdateContext(org.keycloak.services.clientpolicy.context.AdminClientUpdateContext) DynamicClientUpdateContext(org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext) DynamicClientRegisterContext(org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext) AdminClientRegisterContext(org.keycloak.services.clientpolicy.context.AdminClientRegisterContext) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Aggregations

ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)2 DynamicClientUpdateContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)1 AdminClientRegisterContext (org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)1 AdminClientUpdateContext (org.keycloak.services.clientpolicy.context.AdminClientUpdateContext)1 ClientCRUDContext (org.keycloak.services.clientpolicy.context.ClientCRUDContext)1 DynamicClientRegisterContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext)1 ClientRegistrationPolicyException (org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException)1 RegistrationAuth (org.keycloak.services.clientregistration.policy.RegistrationAuth)1