ClientCredentialsProvider (Red Hat Single Sign-On 7.0.0.GA public API)

All Known Implementing Classes:

ClientIdAndSecretCredentialsProvider, JWTClientCredentialsProvider
```
public interface ClientCredentialsProvider
```
The simple SPI for authenticating clients/applications . It's used by adapter during all OIDC backchannel requests to Keycloak server (codeToToken exchange, refresh token or backchannel logout) . You can also use it in your application during direct access grants or service account request (See the service-account example from Keycloak demo for more info) When you implement this SPI on the adapter (application) side, you also need to implement org.keycloak.authentication.ClientAuthenticator on the server side, so your server is able to authenticate client You must specify a file META-INF/services/org.keycloak.adapters.authentication.ClientCredentialsProvider in the WAR that this class is contained in (or in the JAR that is attached to the WEB-INF/lib or as jboss module if you want to share the implementation among more WARs). NOTE: The SPI is not finished and method signatures are still subject to change in future versions (for example to support authentication with client certificate)

Author:

Marek Posolda

See Also:

ClientIdAndSecretCredentialsProvider, JWTClientCredentialsProvider

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`String`	`getId()` Return the ID of the provider.
`void`	`init(KeycloakDeployment deployment, Object config)` Called by adapter during deployment of your application.
`void`	`setClientCredentials(KeycloakDeployment deployment, Map<String,String> requestHeaders, Map<String,String> formParams)` Called every time adapter needs to perform backchannel request

- Method Detail
  - getId
```
String getId()
```
    Return the ID of the provider. Use this ID in the keycloak.json configuration as the subelement of the "credentials" element For example if your provider has ID "kerberos-keytab" , use the configuration like this in keycloak.json "credentials": { "kerberos-keytab": { "keytab": "/tmp/foo" } }
    
    Returns:
  - init
```
void init(KeycloakDeployment deployment,
          Object config)
```
    Called by adapter during deployment of your application. You can for example read configuration and init your authenticator here
    
    Parameters:
    
    deployment - the adapter configuration
    
    config - the configuration of your provider read from keycloak.json . For the kerberos-keytab example above, it will return map with the single key "keytab" with value "/tmp/foo"
  - setClientCredentials
```
void setClientCredentials(KeycloakDeployment deployment,
                          Map<String,String> requestHeaders,
                          Map<String,String> formParams)
```
    Called every time adapter needs to perform backchannel request
    
    Parameters:
    
    deployment - Fully resolved deployment
    
    requestHeaders - You should put any HTTP request headers you want to use for authentication of client. These headers will be attached to the HTTP request sent to Keycloak server
    
    formParams - You should put any request parameters you want to use for authentication of client. These parameters will be attached to the HTTP request sent to Keycloak server

Interface ClientCredentialsProvider

Method Summary

Method Detail

getId

init

setClientCredentials