All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.keycloak.models.ClientModel Maven / Gradle / Ivy

There is a newer version: 26.1.0
Show newest version
/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.keycloak.models;

import java.util.Map;
import java.util.Objects;
import java.util.Set;

import org.keycloak.common.util.ObjectUtil;
import org.keycloak.provider.ProviderEvent;
import org.keycloak.provider.ProviderEventManager;
import org.keycloak.storage.SearchableModelField;

/**
 * @author Bill Burke
 * @version $Revision: 1 $
 */
public interface ClientModel extends ClientScopeModel, RoleContainerModel,  ProtocolMapperContainerModel, ScopeContainerModel {

    // COMMON ATTRIBUTES

    String PRIVATE_KEY = "privateKey";
    String PUBLIC_KEY = "publicKey";
    String X509CERTIFICATE = "X509Certificate";
    String LOGO_URI ="logoUri";
    String POLICY_URI ="policyUri";
    String TOS_URI ="tosUri";

    public static class SearchableFields {
        public static final SearchableModelField ID                 = new SearchableModelField<>("id", String.class);
        public static final SearchableModelField REALM_ID           = new SearchableModelField<>("realmId", String.class);
        public static final SearchableModelField CLIENT_ID          = new SearchableModelField<>("clientId", String.class);
        public static final SearchableModelField ENABLED            = new SearchableModelField<>("enabled", Boolean.class);
        public static final SearchableModelField SCOPE_MAPPING_ROLE = new SearchableModelField<>("scopeMappingRole", String.class);
        public static final SearchableModelField ALWAYS_DISPLAY_IN_CONSOLE = new SearchableModelField<>("alwaysDisplayInConsole", Boolean.class);

        /**
         * Search for attribute value. The parameters is a pair {@code (attribute_name, value)} where {@code attribute_name}
         * is always checked for equality, and the value is checked per the operator.
         */
        public static final SearchableModelField ATTRIBUTE          = new SearchableModelField<>("attribute", String[].class);
    }

    interface ClientCreationEvent extends ProviderEvent {
        ClientModel getCreatedClient();
    }

    // Called also during client creation after client is fully initialized (including all attributes etc)
    interface ClientUpdatedEvent extends ProviderEvent {
        ClientModel getUpdatedClient();
        KeycloakSession getKeycloakSession();
    }

    interface ClientRemovedEvent extends ProviderEvent {
        ClientModel getClient();
        KeycloakSession getKeycloakSession();
    }

    interface ClientProtocolUpdatedEvent extends ProviderEvent {
        ClientModel getClient();
    }

    /**
     * Notifies other providers that this client has been updated.
     * 

* After a client is updated, providers can register for {@link ClientUpdatedEvent}. * The setters in this model do not send an update for individual updates of the model. * This method is here to allow for sending this event for this client, * allowsing for to group multiple changes of a client and signal that * all the changes in this client have been performed. * * @deprecated Do not use, to be removed * * @see ProviderEvent * @see ProviderEventManager * @see ClientUpdatedEvent */ void updateClient(); /** * Returns client internal ID (UUID). * @return */ String getId(); /** * Returns client ID as defined by the user. * @return */ String getClientId(); void setClientId(String clientId); String getName(); void setName(String name); String getDescription(); void setDescription(String description); boolean isEnabled(); void setEnabled(boolean enabled); boolean isAlwaysDisplayInConsole(); void setAlwaysDisplayInConsole(boolean alwaysDisplayInConsole); boolean isSurrogateAuthRequired(); void setSurrogateAuthRequired(boolean surrogateAuthRequired); Set getWebOrigins(); void setWebOrigins(Set webOrigins); void addWebOrigin(String webOrigin); void removeWebOrigin(String webOrigin); Set getRedirectUris(); void setRedirectUris(Set redirectUris); void addRedirectUri(String redirectUri); void removeRedirectUri(String redirectUri); String getManagementUrl(); void setManagementUrl(String url); String getRootUrl(); void setRootUrl(String url); String getBaseUrl(); void setBaseUrl(String url); boolean isBearerOnly(); void setBearerOnly(boolean only); int getNodeReRegistrationTimeout(); void setNodeReRegistrationTimeout(int timeout); String getClientAuthenticatorType(); void setClientAuthenticatorType(String clientAuthenticatorType); boolean validateSecret(String secret); String getSecret(); public void setSecret(String secret); String getRegistrationToken(); void setRegistrationToken(String registrationToken); String getProtocol(); void setProtocol(String protocol); void setAttribute(String name, String value); void removeAttribute(String name); String getAttribute(String name); Map getAttributes(); /** * Get authentication flow binding override for this client. Allows client to override an authentication flow binding. * * @param binding examples are "browser", "direct_grant" * * @return */ String getAuthenticationFlowBindingOverride(String binding); Map getAuthenticationFlowBindingOverrides(); void removeAuthenticationFlowBindingOverride(String binding); void setAuthenticationFlowBindingOverride(String binding, String flowId); boolean isFrontchannelLogout(); void setFrontchannelLogout(boolean flag); boolean isFullScopeAllowed(); void setFullScopeAllowed(boolean value); @Override default boolean hasDirectScope(RoleModel role) { if (getScopeMappingsStream().anyMatch(r -> Objects.equals(r, role))) return true; return getRolesStream().anyMatch(r -> Objects.equals(r, role)); } boolean isPublicClient(); void setPublicClient(boolean flag); boolean isConsentRequired(); void setConsentRequired(boolean consentRequired); boolean isStandardFlowEnabled(); void setStandardFlowEnabled(boolean standardFlowEnabled); boolean isImplicitFlowEnabled(); void setImplicitFlowEnabled(boolean implicitFlowEnabled); boolean isDirectAccessGrantsEnabled(); void setDirectAccessGrantsEnabled(boolean directAccessGrantsEnabled); boolean isServiceAccountsEnabled(); void setServiceAccountsEnabled(boolean serviceAccountsEnabled); RealmModel getRealm(); /** * Add clientScope with this client. Add it as default scope (if parameter 'defaultScope' is true) or optional scope (if parameter 'defaultScope' is false) * @param clientScope * @param defaultScope */ void addClientScope(ClientScopeModel clientScope, boolean defaultScope); /** * Add clientScopes with this client. Add as default scopes (if parameter 'defaultScope' is true) or optional scopes (if parameter 'defaultScope' is false) * @param clientScopes * @param defaultScope */ void addClientScopes(Set clientScopes, boolean defaultScope); void removeClientScope(ClientScopeModel clientScope); /** * Return all default scopes (if 'defaultScope' is true) or all optional scopes (if 'defaultScope' is false) linked with this client * * @param defaultScope * @return map where key is the name of the clientScope, value is particular clientScope. Returns empty map if no scopes linked (never returns null). */ Map getClientScopes(boolean defaultScope); /** *

Returns a {@link ClientScopeModel} associated with this client. * *

This method is used as a fallback in order to let clients to resolve a {@code scope} dynamically which is not listed as default or optional scope when calling {@link #getClientScopes(boolean, boolean)}. * * @param scope the scope name * @return the client scope */ default ClientScopeModel getDynamicClientScope(String scope) { return null; } /** * Time in seconds since epoc * * @return */ int getNotBefore(); void setNotBefore(int notBefore); Map getRegisteredNodes(); /** * Register node or just update the 'lastReRegistration' time if this node is already registered * * @param nodeHost * @param registrationTime */ void registerNode(String nodeHost, int registrationTime); void unregisterNode(String nodeHost); // Clients are not displayed on consent screen by default @Override default boolean isDisplayOnConsentScreen() { String displayVal = getAttribute(DISPLAY_ON_CONSENT_SCREEN); return displayVal==null ? false : Boolean.parseBoolean(displayVal); } // Fallback to name or clientId if consentScreenText attribute is null @Override default String getConsentScreenText() { String consentScreenText = ClientScopeModel.super.getConsentScreenText(); if (ObjectUtil.isBlank(consentScreenText)) { consentScreenText = getClientId(); } return consentScreenText; } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy