org.keycloak.authorization.client

Class AuthzClient

java.lang.Object

org.keycloak.authorization.client.AuthzClient

public class AuthzClient
extends Object

This is class serves as an entry point for clients looking for access to Keycloak Authorization Services.

When creating a new instances make sure you have a Keycloak Server running at the location specified in the client configuration. The client tries to obtain server configuration by invoking the UMA Discovery Endpoint, usually available from the server at http(s)://{server}:{port}/auth/realms/{realm}/.well-known/uma-configuration.

Author:

Pedro Igor

Method Summary

Modifier and Type	Method and Description
AuthorizationResource	authorization() Creates a AuthorizationResource instance which can be used to obtain permissions from the server.
AuthorizationResource	authorization(String accessToken) Creates a AuthorizationResource instance which can be used to obtain permissions from the server.
AuthorizationResource	authorization(String userName, String password) Creates a AuthorizationResource instance which can be used to obtain permissions from the server.
static AuthzClient	create() Creates a new instance.
static AuthzClient	create(Configuration configuration) Creates a new instance.
static AuthzClient	create(Configuration configuration, ClientAuthenticator authenticator) Creates a new instance.
static AuthzClient	create(InputStream configStream) Creates a new instance.
Configuration	getConfiguration() Obtains the client configuration
ServerConfiguration	getServerConfiguration() Returns the configuration obtained from the server at the UMA Discovery Endpoint.
AccessTokenResponse	obtainAccessToken() Obtains an access token using the client credentials.
AccessTokenResponse	obtainAccessToken(String userName, String password) Obtains an access token using the resource owner credentials.
ProtectionResource	protection() Creates a ProtectionResource instance which can be used to access the Protection API.
ProtectionResource	protection(String accessToken) Creates a ProtectionResource instance which can be used to access the Protection API.
ProtectionResource	protection(String userName, String password) Creates a ProtectionResource instance which can be used to access the Protection API.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static AuthzClient create()
                          throws RuntimeException

Creates a new instance.

This method expects a keycloak.json in the classpath, otherwise an exception will be thrown.

Returns:

a new instance

Throws:

RuntimeException - in case there is no keycloak.json file in the classpath or the file could not be parsed

create

public static AuthzClient create(InputStream configStream)
                          throws RuntimeException

Creates a new instance.

Parameters:

configStream - the input stream with the configuration data

Returns:

a new instance

Throws:

RuntimeException

create

public static AuthzClient create(Configuration configuration)

Creates a new instance.

Parameters:

configuration - the client configuration

Returns:

a new instance

create

public static AuthzClient create(Configuration configuration,
                                 ClientAuthenticator authenticator)

Creates a new instance.

Parameters:

configuration - the client configuration

authenticator - the client authenticator

Returns:

a new instance

protection

public ProtectionResource protection()

Creates a ProtectionResource instance which can be used to access the Protection API.

When using this method, the PAT (the access token with the uma_protection scope) is obtained for the client itself, using any of the supported credential types (client/secret, jwt, etc).

Returns:

a ProtectionResource

protection

public ProtectionResource protection(String accessToken)

Creates a ProtectionResource instance which can be used to access the Protection API.

Parameters:

accessToken - the PAT (the access token with the uma_protection scope)

Returns:

a ProtectionResource

protection

public ProtectionResource protection(String userName,
                                     String password)

Creates a ProtectionResource instance which can be used to access the Protection API.

When using this method, the PAT (the access token with the uma_protection scope) is obtained for a given user.

Returns:

a ProtectionResource

authorization

public AuthorizationResource authorization()

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

Returns:

a AuthorizationResource

authorization

public AuthorizationResource authorization(String accessToken)

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

Parameters:

accessToken - the Access Token that will be used as a bearer to access the token endpoint

Returns:

a AuthorizationResource

authorization

public AuthorizationResource authorization(String userName,
                                           String password)

Creates a AuthorizationResource instance which can be used to obtain permissions from the server.

Parameters:

userName - an ID Token or Access Token representing an identity and/or access context

password -

Returns:

a AuthorizationResource

obtainAccessToken

public AccessTokenResponse obtainAccessToken()

Obtains an access token using the client credentials.

Returns:

an AccessTokenResponse

obtainAccessToken

public AccessTokenResponse obtainAccessToken(String userName,
                                             String password)

Obtains an access token using the resource owner credentials.

Returns:

an AccessTokenResponse

getServerConfiguration

public ServerConfiguration getServerConfiguration()

Returns the configuration obtained from the server at the UMA Discovery Endpoint.

Returns:

the ServerConfiguration

getConfiguration

public Configuration getConfiguration()

Obtains the client configuration

Returns:

the Configuration