Package org.eclipse.jetty.security.openid

Class OpenIdConfiguration

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.security.openid.OpenIdConfiguration
All Implemented Interfaces:
Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
public class OpenIdConfiguration extends ContainerLifeCycle
Holds the configuration for an OpenID Connect service. This uses the OpenID Provider URL with the path CONFIG_PATH to discover the required information about the OIDC service.

  • Constructor Details

    • OpenIdConfiguration

      public OpenIdConfiguration(String provider, String clientId, String clientSecret)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      provider - The URL of the OpenID provider.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.

    • OpenIdConfiguration

      public OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String clientId, String clientSecret, HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      httpClient - The HttpClient instance to use.

    • OpenIdConfiguration

      public OpenIdConfiguration(@Name("issuer") String issuer, @Name("authorizationEndpoint") String authorizationEndpoint, @Name("tokenEndpoint") String tokenEndpoint, @Name("clientId") String clientId, @Name("clientSecret") String clientSecret, @Name("authMethod") String authMethod, @Name("httpClient") HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      authMethod - Authentication method to use with the Token Endpoint.
      httpClient - The HttpClient instance to use.

    • OpenIdConfiguration

      public OpenIdConfiguration(@Name("issuer") String issuer, @Name("authorizationEndpoint") String authorizationEndpoint, @Name("tokenEndpoint") String tokenEndpoint, @Name("endSessionEndpoint") String endSessionEndpoint, @Name("clientId") String clientId, @Name("clientSecret") String clientSecret, @Name("authMethod") String authMethod, @Name("httpClient") HttpClient httpClient)
      Create an OpenID configuration for a specific OIDC provider.
      Parameters:
      issuer - The URL of the OpenID provider.
      authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.
      tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.
      endSessionEndpoint - the URL of the OpdnID provider's end session endpoint if configured.
      clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.
      clientSecret - The client secret known only by the Client and the Authorization Server.
      authMethod - Authentication method to use with the Token Endpoint.
      httpClient - The HttpClient instance to use.

  • Method Details

    • doStart

      protected void doStart() throws Exception
      Description copied from class: ContainerLifeCycle
      Starts the managed lifecycle beans in the order they were added.
      Overrides:
      doStart in class ContainerLifeCycle
      Throws:
      AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.
      Exception - If there was a problem starting. Will cause a transition to FAILED state

    • processMetadata

      protected void processMetadata(Map<String,Object> discoveryDocument)
      Process the OpenID Connect metadata discovered by fetchOpenIdConnectMetadata(). By default, only the AUTHORIZATION_ENDPOINT and TOKEN_ENDPOINT claims are extracted.
      Throws:
      IllegalStateException - if a required field is not present in the metadata.
      See Also:

    • fetchOpenIdConnectMetadata

      protected Map<String,Object> fetchOpenIdConnectMetadata()
      Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint.
      Returns:
      a set of Claims about the OpenID Provider's configuration in JSON format.
      Throws:
      IllegalStateException - if metadata could not be fetched from the OP.

    • getHttpClient

      public HttpClient getHttpClient()

    • getAuthEndpoint

      public String getAuthEndpoint()

    • getClientId

      public String getClientId()

    • getClientSecret

      public String getClientSecret()

    • getIssuer

      public String getIssuer()

    • getTokenEndpoint

      public String getTokenEndpoint()

    • getEndSessionEndpoint

      public String getEndSessionEndpoint()

    • getAuthMethod

      public String getAuthMethod()

    • addScopes

      public void addScopes(String... scopes)

    • getScopes

      public List<String> getScopes()

    • isAuthenticateNewUsers

      public boolean isAuthenticateNewUsers()

    • setAuthenticateNewUsers

      public void setAuthenticateNewUsers(boolean authenticateNewUsers)

    • isLogoutWhenIdTokenIsExpired

      public boolean isLogoutWhenIdTokenIsExpired()

    • setLogoutWhenIdTokenIsExpired

      public void setLogoutWhenIdTokenIsExpired(boolean logoutWhenIdTokenIsExpired)

    • toString

      public String toString()
      Overrides:
      toString in class AbstractLifeCycle