Examples with RegistrationAuth - org.keycloak.services.clientregistration.policy.RegistrationAuth

Example 6 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class ClientRegistrationAuth method requireCreate.

public RegistrationAuth requireCreate(ClientRegistrationContext context) {
    init();
    RegistrationAuth registrationAuth = RegistrationAuth.ANONYMOUS;
    if (isBearerToken()) {
        checkClientProtocol();
        if (hasRole(AdminRoles.MANAGE_CLIENTS, AdminRoles.CREATE_CLIENT)) {
            registrationAuth = RegistrationAuth.AUTHENTICATED;
        } else {
            throw forbidden();
        }
    } else if (isInitialAccessToken()) {
        if (initialAccessModel.getRemainingCount() > 0) {
            if (initialAccessModel.getExpiration() == 0 || (initialAccessModel.getTimestamp() + initialAccessModel.getExpiration()) > Time.currentTime()) {
                registrationAuth = RegistrationAuth.AUTHENTICATED;
            } else {
                throw unauthorized("Expired initial access token");
            }
        } else {
            throw unauthorized("No remaining count on initial access token");
        }
    }
    try {
        session.clientPolicy().triggerOnEvent(new DynamicClientRegisterContext(context, jwt, realm));
        ClientRegistrationPolicyManager.triggerBeforeRegister(context, registrationAuth);
    } catch (ClientRegistrationPolicyException | ClientPolicyException crpe) {
        throw forbidden(crpe.getMessage());
    }
    return registrationAuth;
}

Also used : RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientRegisterContext(org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext) ClientRegistrationPolicyException(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Aggregations

ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)6 RegistrationAuth (org.keycloak.services.clientregistration.policy.RegistrationAuth)6 ClientRegistrationPolicyException (org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException)4 ClientModel (org.keycloak.models.ClientModel)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)2 ErrorResponseException (org.keycloak.services.ErrorResponseException)2 ClientInitialAccessModel (org.keycloak.models.ClientInitialAccessModel)1 ModelDuplicateException (org.keycloak.models.ModelDuplicateException)1 RealmModel (org.keycloak.models.RealmModel)1 DynamicClientRegisterContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext)1 DynamicClientRegisteredContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisteredContext)1 DynamicClientUnregisterContext (org.keycloak.services.clientpolicy.context.DynamicClientUnregisterContext)1 DynamicClientUpdateContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext)1 DynamicClientUpdatedContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdatedContext)1 DynamicClientViewContext (org.keycloak.services.clientpolicy.context.DynamicClientViewContext)1 ClientManager (org.keycloak.services.managers.ClientManager)1 RealmManager (org.keycloak.services.managers.RealmManager)1