tessl/maven-org-keycloak--keycloak-server-spi
Service Provider Interface (SPI) contracts and abstractions for the Keycloak identity and access management server enabling extensibility through custom providers
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-org-keycloak--keycloak-server-spi@26.2.00
# Keycloak Server SPI
1
2
Keycloak Server SPI (Service Provider Interface) is the core extensibility framework for the Keycloak identity and access management server. It provides comprehensive interfaces and contracts that enable developers to create custom providers for authentication, user storage, credential management, session handling, and other extensibility points.
3
4
## Package Information
5
6
- **Package Name**: org.keycloak:keycloak-server-spi
7
- **Package Type**: Maven JAR Library
8
- **Language**: Java
9
- **Version**: 26.2.5
10
- **Installation**: Add Maven dependency:
11
12
```xml
13
<dependency>
14
<groupId>org.keycloak</groupId>
15
<artifactId>keycloak-server-spi</artifactId>
16
<version>26.2.5</version>
17
<scope>provided</scope>
18
</dependency>
19
```
20
21
## Core Imports
22
23
```java
24
import org.keycloak.provider.Provider;
25
import org.keycloak.provider.ProviderFactory;
26
import org.keycloak.provider.Spi;
27
import org.keycloak.models.KeycloakSession;
28
import org.keycloak.models.RealmModel;
29
import org.keycloak.models.UserModel;
30
import org.keycloak.models.ClientModel;
31
import org.keycloak.component.ComponentModel;
32
```
33
34
## Basic Usage
35
36
```java
37
// Implementing a custom provider
38
public class MyCustomProvider implements UserStorageProvider {
39
private KeycloakSession session;
40
private ComponentModel model;
41
42
public MyCustomProvider(KeycloakSession session, ComponentModel model) {
43
this.session = session;
44
this.model = model;
45
}
46
47
@Override
48
public UserModel getUserById(RealmModel realm, String id) {
49
// Custom user lookup implementation
50
return null;
51
}
52
53
@Override
54
public void close() {
55
// Cleanup resources
56
}
57
}
58
59
// Creating a provider factory
60
public class MyCustomProviderFactory implements UserStorageProviderFactory<MyCustomProvider> {
61
public static final String PROVIDER_ID = "my-custom-provider";
62
63
@Override
64
public MyCustomProvider create(KeycloakSession session, ComponentModel model) {
65
return new MyCustomProvider(session, model);
66
}
67
68
@Override
69
public String getId() {
70
return PROVIDER_ID;
71
}
72
}
73
```
74
75
## Architecture
76
77
The Keycloak Server SPI is built around several key architectural patterns:
78
79
- **Provider Pattern**: Core abstraction using Provider/ProviderFactory/SPI interfaces for all extensibility points
80
- **Session Management**: KeycloakSession serves as the central context for all operations
81
- **Model Layer**: Rich set of model interfaces (UserModel, RealmModel, ClientModel) representing Keycloak entities
82
- **Component Framework**: Configuration-driven component system for provider instantiation and management
83
- **Storage Abstraction**: Pluggable storage providers for users, roles, clients, and other entities
84
- **Transaction Management**: Built-in transaction support for data consistency
85
86
## Capabilities
87
88
### Core Provider Framework
89
90
Foundation interfaces for creating extensible Keycloak providers. Essential for all custom integrations.
91
92
```java { .api }
93
public interface Provider {
94
void close();
95
}
96
97
public interface ProviderFactory<T extends Provider> {
98
T create(KeycloakSession session);
99
void init(Config.Scope config);
100
void postInit(KeycloakSessionFactory factory);
101
void close();
102
String getId();
103
}
104
105
public interface Spi {
106
boolean isInternal();
107
String getName();
108
Class<? extends Provider> getProviderClass();
109
Class<? extends ProviderFactory> getProviderFactoryClass();
110
}
111
```
112
113
[Provider Framework](./provider-framework.md)
114
115
### Session and Context Management
116
117
Central session interfaces providing access to all Keycloak services and transaction management.
118
119
```java { .api }
120
public interface KeycloakSession extends AutoCloseable {
121
KeycloakContext getContext();
122
KeycloakTransactionManager getTransactionManager();
123
<T extends Provider> T getProvider(Class<T> clazz);
124
RealmProvider realms();
125
UserProvider users();
126
ClientProvider clients();
127
}
128
129
public interface KeycloakContext {
130
URI getAuthServerUrl();
131
String getContextPath();
132
UriInfo getUri();
133
HttpHeaders getRequestHeaders();
134
RealmModel getRealm();
135
ClientModel getClient();
136
}
137
```
138
139
[Session Management](./session-management.md)
140
141
### Core Model Interfaces
142
143
Primary model interfaces representing Keycloak entities like realms, users, clients, and roles.
144
145
```java { .api }
146
public interface RealmModel extends RoleContainerModel {
147
String getId();
148
String getName();
149
String getDisplayName();
150
void setDisplayName(String displayName);
151
boolean isEnabled();
152
void setEnabled(boolean enabled);
153
SslRequired getSslRequired();
154
void setSslRequired(SslRequired sslRequired);
155
}
156
157
public interface UserModel extends RoleMapperModel {
158
String getId();
159
String getUsername();
160
void setUsername(String username);
161
String getFirstName();
162
void setFirstName(String firstName);
163
String getLastName();
164
void setLastName(String lastName);
165
String getEmail();
166
void setEmail(String email);
167
}
168
169
public interface ClientModel extends ProtocolMapperContainerModel, ScopeContainerModel, RoleContainerModel {
170
String getId();
171
String getClientId();
172
void setClientId(String clientId);
173
String getName();
174
void setName(String name);
175
boolean isEnabled();
176
void setEnabled(boolean enabled);
177
}
178
```
179
180
[Core Models](./core-models.md)
181
182
### User Storage Federation
183
184
Interfaces for integrating external user stores and implementing custom user storage providers.
185
186
```java { .api }
187
public interface UserStorageProvider extends Provider {
188
// Base interface for user storage providers
189
}
190
191
public interface UserLookupProvider {
192
UserModel getUserById(RealmModel realm, String id);
193
UserModel getUserByUsername(RealmModel realm, String username);
194
UserModel getUserByEmail(RealmModel realm, String email);
195
}
196
197
public interface UserQueryProvider extends UserQueryMethodsProvider, UserCountMethodsProvider {
198
Stream<UserModel> searchForUserStream(RealmModel realm, String search);
199
Stream<UserModel> searchForUserStream(RealmModel realm, String search, Integer firstResult, Integer maxResults);
200
Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group);
201
}
202
```
203
204
[User Storage](./user-storage.md)
205
206
### Credential Management
207
208
Framework for handling various credential types including passwords, OTP, and WebAuthn.
209
210
```java { .api }
211
public interface CredentialProvider extends Provider {
212
String getType();
213
CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel credential);
214
boolean deleteCredential(RealmModel realm, UserModel user, String credentialId);
215
CredentialModel getCredentialFromModel(CredentialModel model);
216
}
217
218
public interface CredentialInputValidator {
219
boolean supportsCredentialType(String credentialType);
220
boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType);
221
boolean isValid(RealmModel realm, UserModel user, CredentialInput input);
222
}
223
224
public interface CredentialInputUpdater {
225
boolean supportsCredentialType(String credentialType);
226
boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input);
227
void disableCredentialType(RealmModel realm, UserModel user, String credentialType);
228
}
229
```
230
231
[Credential Management](./credential-management.md)
232
233
### Authentication and Session Management
234
235
Interfaces for managing authentication flows, user sessions, and client sessions.
236
237
```java { .api }
238
public interface AuthenticationSessionModel extends CommonClientSessionModel {
239
String getTabId();
240
RootAuthenticationSessionModel getParentSession();
241
Map<String, ExecutionStatus> getExecutionStatus();
242
void setExecutionStatus(String authenticator, ExecutionStatus status);
243
void clearExecutionStatus();
244
UserModel getAuthenticatedUser();
245
void setAuthenticatedUser(UserModel user);
246
}
247
248
public interface UserSessionModel {
249
String getId();
250
RealmModel getRealm();
251
UserModel getUser();
252
String getLoginUsername();
253
String getIpAddress();
254
String getAuthMethod();
255
int getStarted();
256
int getLastSessionRefresh();
257
void setLastSessionRefresh(int seconds);
258
}
259
```
260
261
[Authentication Sessions](./authentication-sessions.md)
262
263
### Component Framework
264
265
Configuration-driven component system for managing provider instances and their configurations.
266
267
```java { .api }
268
public interface ComponentFactory<T extends Provider> extends ProviderFactory<T> {
269
T create(KeycloakSession session, ComponentModel model);
270
void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel model) throws ComponentValidationException;
271
void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model);
272
void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel oldModel, ComponentModel newModel);
273
}
274
275
public class ComponentModel {
276
private String id;
277
private String name;
278
private String providerId;
279
private String providerType;
280
private String parentId;
281
private String subType;
282
private MultivaluedHashMap<String, String> config;
283
}
284
```
285
286
[Component Framework](./component-framework.md)
287
288
### Theme and Localization
289
290
Framework for customizing Keycloak UI themes and handling internationalization.
291
292
```java { .api }
293
public interface Theme {
294
String getName();
295
String getParentName();
296
String getImportName();
297
Type getType();
298
URL getTemplate(String name) throws IOException;
299
InputStream getResourceAsStream(String path) throws IOException;
300
Properties getMessages() throws IOException;
301
Properties getProperties() throws IOException;
302
}
303
304
public interface ThemeSelectorProvider extends Provider {
305
String getThemeName(Theme.Type type);
306
}
307
308
public interface LocaleSelectorProvider extends Provider {
309
Locale resolveLocale(RealmModel realm, UserModel user);
310
}
311
```
312
313
### Validation Framework
314
315
Extensible validation system for form fields and user input validation.
316
317
```java { .api }
318
public interface Validator {
319
String getId();
320
ValidationResult validate(Object input, String inputHint, ValidationContext context, ValidatorConfig config) throws ValidationException;
321
}
322
323
public interface ValidationContext extends AttributeContext {
324
KeycloakSession getSession();
325
Attributes getAttributes();
326
RealmModel getRealm();
327
UserModel getUser();
328
}
329
330
public class ValidationResult {
331
public static final ValidationResult VALID = new ValidationResult();
332
private final boolean valid;
333
private final Set<ValidationError> errors;
334
}
335
```
336
337
[Validation Framework](./validation-framework.md)
338
339
### Vault Integration
340
341
Secure secrets management through vault provider integration.
342
343
```java { .api }
344
public interface VaultProvider extends Provider {
345
VaultRawSecret obtainSecret(String vaultSecretId);
346
}
347
348
public interface VaultStringSecret extends VaultCharSecret {
349
Optional<String> get();
350
default String getOrDefault(String defaultValue) {
351
return get().orElse(defaultValue);
352
}
353
}
354
355
public interface VaultTranscriber {
356
String transcribe(String value);
357
}
358
```
359
360
[Vault Integration](./vault-integration.md)
361
362
## Common Types
363
364
```java { .api }
365
// Core model enumerations
366
public enum SslRequired {
367
ALL, EXTERNAL, NONE
368
}
369
370
// Authentication execution status
371
public enum ExecutionStatus {
372
SUCCESS, FAILED, SETUP_REQUIRED, ATTEMPTED, SKIPPED, CHALLENGED, FLOW_RESET
373
}
374
375
// Provider event base interface
376
public interface ProviderEvent {
377
// Marker interface for provider events
378
}
379
380
// Component validation exception
381
public class ComponentValidationException extends Exception {
382
public ComponentValidationException(String message);
383
public ComponentValidationException(String message, Object... parameters);
384
}
385
386
// Model exceptions
387
public class ModelException extends RuntimeException {
388
public ModelException(String message);
389
public ModelException(String message, Throwable cause);
390
}
391
392
public class ModelDuplicateException extends ModelException {
393
public ModelDuplicateException(String message);
394
public String getDuplicateFieldName();
395
public Object getDuplicateFieldValue();
396
}
397
```