package io.vertx.ext.auth.oauth2.providers;

import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.rbac.KeycloakRBAC;

Simplified factory to create an OAuth2Auth for Keycloak.
Author:Paulo Lopes
/** * Simplified factory to create an {@link OAuth2Auth} for Keycloak. * * @author <a href="mailto:plopes@redhat.com">Paulo Lopes</a> */
@VertxGen public interface KeycloakAuth extends OpenIDConnectAuth {
Create a OAuth2Auth provider for Keycloak
Params:
  • config – the json config file exported from Keycloak admin console
/** * Create a OAuth2Auth provider for Keycloak * * @param config the json config file exported from Keycloak admin console */
static OAuth2Auth create(Vertx vertx, JsonObject config) { return create(vertx, OAuth2FlowType.AUTH_CODE, config); }
Create a OAuth2Auth provider for Keycloak
Params:
  • flow – the oauth2 flow to use
  • config – the json config file exported from Keycloak admin console
/** * Create a OAuth2Auth provider for Keycloak * * @param flow the oauth2 flow to use * @param config the json config file exported from Keycloak admin console */
static OAuth2Auth create(Vertx vertx, OAuth2FlowType flow, JsonObject config) { return create(vertx, flow, config, new HttpClientOptions()); }
Create a OAuth2Auth provider for Keycloak
Params:
  • config – the json config file exported from Keycloak admin console
  • httpClientOptions – custom http client options
/** * Create a OAuth2Auth provider for Keycloak * * @param config the json config file exported from Keycloak admin console * @param httpClientOptions custom http client options */
static OAuth2Auth create(Vertx vertx, JsonObject config, HttpClientOptions httpClientOptions) { return create(vertx, OAuth2FlowType.AUTH_CODE, config, httpClientOptions); }
Create a OAuth2Auth provider for Keycloak
Params:
  • flow – the oauth2 flow to use
  • config – the json config file exported from Keycloak admin console
  • httpClientOptions – custom http client options
/** * Create a OAuth2Auth provider for Keycloak * * @param flow the oauth2 flow to use * @param config the json config file exported from Keycloak admin console * @param httpClientOptions custom http client options */
static OAuth2Auth create(Vertx vertx, OAuth2FlowType flow, JsonObject config, HttpClientOptions httpClientOptions) { final OAuth2ClientOptions options = new OAuth2ClientOptions(httpClientOptions); options.setFlow(flow); // keycloak conversion to oauth2 options if (config.containsKey("auth-server-url")) { options.setSite(config.getString("auth-server-url")); } if (config.containsKey("resource")) { options.setClientID(config.getString("resource")); } if (config.containsKey("credentials") && config.getJsonObject("credentials").containsKey("secret")) { options.setClientSecret(config.getJsonObject("credentials").getString("secret")); } if (config.containsKey("public-client") && config.getBoolean("public-client", false)) { options.setUseBasicAuthorizationHeader(true); } if (config.containsKey("realm")) { final String realm = config.getString("realm"); options.setAuthorizationPath("/realms/" + realm + "/protocol/openid-connect/auth"); options.setTokenPath("/realms/" + realm + "/protocol/openid-connect/token"); options.setRevocationPath(null); options.setLogoutPath("/realms/" + realm + "/protocol/openid-connect/logout"); options.setUserInfoPath("/realms/" + realm + "/protocol/openid-connect/userinfo"); // keycloak follows the RFC7662 options.setIntrospectionPath("/realms/" + realm + "/protocol/openid-connect/token/introspect"); // keycloak follows the RFC7517 options.setJwkPath("/realms/" + realm + "/protocol/openid-connect/certs"); } if (config.containsKey("realm-public-key")) { options.addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(config.getString("realm-public-key"))); } return OAuth2Auth .create(vertx, options) .rbacHandler(KeycloakRBAC.create(options)); }
Create a OAuth2Auth provider for OpenID Connect Discovery. The discovery will use the default site in the configuration options and attempt to load the well known descriptor. If a site is provided (for example when running on a custom instance) that site will be used to do the lookup.

If the discovered config includes a json web key url, it will be also fetched and the JWKs will be loaded into the OAuth provider so tokens can be decoded.

Params:
  • vertx – the vertx instance
  • config – the initial config
  • handler – the instantiated Oauth2 provider instance handler
/** * Create a OAuth2Auth provider for OpenID Connect Discovery. The discovery will use the default site in the * configuration options and attempt to load the well known descriptor. If a site is provided (for example when * running on a custom instance) that site will be used to do the lookup. * <p> * If the discovered config includes a json web key url, it will be also fetched and the JWKs will be loaded * into the OAuth provider so tokens can be decoded. * * @param vertx the vertx instance * @param config the initial config * @param handler the instantiated Oauth2 provider instance handler */
static void discover(final Vertx vertx, final OAuth2ClientOptions config, final Handler<AsyncResult<OAuth2Auth>> handler) { final OAuth2ClientOptions options = new OAuth2ClientOptions(config); OpenIDConnectAuth.discover(vertx, options, discover -> { // apply the Keycloak RBAC if (discover.succeeded()) { discover.result().rbacHandler(KeycloakRBAC.create(options)); } handler.handle(discover); }); } }