Class OpenIdConfiguration

All Implemented Interfaces:
Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle

public class OpenIdConfiguration extends ContainerLifeCycle
Holds the configuration for an OpenID Connect service. This uses the OpenID Provider URL with the path CONFIG_PATH to discover the required information about the OIDC service.
  • Constructor Details

    • OpenIdConfiguration

      public OpenIdConfiguration(String provider, String clientId, String clientSecret)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      provider - The URL of the OpenID provider.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
    • OpenIdConfiguration

      public OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String clientId, String clientSecret, HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      httpClient - The HttpClient instance to use.
    • OpenIdConfiguration

      public OpenIdConfiguration(@Name("issuer") String issuer, @Name("authorizationEndpoint") String authorizationEndpoint, @Name("tokenEndpoint") String tokenEndpoint, @Name("clientId") String clientId, @Name("clientSecret") String clientSecret, @Name("authMethod") String authMethod, @Name("httpClient") HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      authMethod - Authentication method to use with the Token Endpoint.
      httpClient - The HttpClient instance to use.
    • OpenIdConfiguration

      public OpenIdConfiguration(@Name("issuer") String issuer, @Name("authorizationEndpoint") String authorizationEndpoint, @Name("tokenEndpoint") String tokenEndpoint, @Name("endSessionEndpoint") String endSessionEndpoint, @Name("clientId") String clientId, @Name("clientSecret") String clientSecret, @Name("authMethod") String authMethod, @Name("httpClient") HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      endSessionEndpoint - the URL of the OpdnID provider's end session endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      authMethod - Authentication method to use with the Token Endpoint.
      httpClient - The HttpClient instance to use.
  • Method Details

    • doStart

      protected void doStart() throws Exception
      Description copied from class: ContainerLifeCycle
      Starts the managed lifecycle beans in the order they were added.
      Overrides:
      doStart in class ContainerLifeCycle
      Throws:
      AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.
      Exception - If there was a problem starting. Will cause a transition to FAILED state
    • processMetadata

      protected void processMetadata(Map<String,Object> discoveryDocument)
      Process the OpenID Connect metadata discovered by fetchOpenIdConnectMetadata(). By default, only the AUTHORIZATION_ENDPOINT and TOKEN_ENDPOINT claims are extracted.
      Throws:
      IllegalStateException - if a required field is not present in the metadata.
      See Also:
    • fetchOpenIdConnectMetadata

      protected Map<String,Object> fetchOpenIdConnectMetadata()
      Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint.
      Returns:
      a set of Claims about the OpenID Provider's configuration in JSON format.
      Throws:
      IllegalStateException - if metadata could not be fetched from the OP.
    • getHttpClient

      public HttpClient getHttpClient()
    • getAuthEndpoint

      public String getAuthEndpoint()
    • getClientId

      public String getClientId()
    • getClientSecret

      public String getClientSecret()
    • getIssuer

      public String getIssuer()
    • getTokenEndpoint

      public String getTokenEndpoint()
    • getEndSessionEndpoint

      public String getEndSessionEndpoint()
    • getAuthMethod

      public String getAuthMethod()
    • addScopes

      public void addScopes(String... scopes)
    • getScopes

      public List<String> getScopes()
    • isAuthenticateNewUsers

      public boolean isAuthenticateNewUsers()
    • setAuthenticateNewUsers

      public void setAuthenticateNewUsers(boolean authenticateNewUsers)
    • toString

      public String toString()
      Overrides:
      toString in class AbstractLifeCycle