| Package | Description |
|---|---|
| org.forgerock.oauth2.core |
Defines the core classes to implement OAuth2 for OpenAM.
|
| org.forgerock.openam.oauth2 | |
| org.forgerock.openam.oauth2.saml2.core | |
| org.forgerock.openam.oauth2.validation | |
| org.forgerock.openidconnect |
| Modifier and Type | Method and Description |
|---|---|
ClientRegistration |
ClientAuthenticator.authenticate(OAuth2Request request,
String endpoint)
Authenticates the client making the OAuth2 request by extracting the client's id and secret from the request
and authenticating against the OAuth2 providers client registrations.
|
ClientRegistration |
ClientRegistrationStore.get(String clientId,
OAuth2Request request)
Gets the client registration for the given client id.
|
ClientRegistration |
ClientRegistrationStore.get(String clientId,
String realm,
org.forgerock.services.context.Context context)
Gets the client registration for the given client id.
|
ClientRegistration |
OAuth2Request.getClientRegistration()
Get the OAuth2 client registration of the request.
|
| Modifier and Type | Method and Description |
|---|---|
static OAuth2Constants.UrlLocation |
Utils.getRequiredUrlLocation(OAuth2Request request,
ClientRegistration clientRegistration)
Determines if the UrlLocation is fragment or query based on the response types read from the request
and the type of client.
|
static OAuth2Constants.UrlLocation |
Utils.getRequiredUrlLocation(Set<String> responseTypes,
ClientRegistration clientRegistration)
Determines if the UrlLocation is fragment or query based on the given response types and the type of client.
|
UserInfoClaims |
AgentOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
UserInfoClaims |
OAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token or request.
|
UserInfoClaims |
ScopeValidator.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token.
|
UserInfoClaims |
RealmOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
AccessToken |
ClientCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
PasswordCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
AuthorizationCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
protected AccessToken |
DeviceCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration client,
OAuth2ProviderSettings providerSettings) |
protected abstract AccessToken |
GrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
JwtBearerGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
static boolean |
Utils.isOpenIdConnectClient(ClientRegistration clientRegistration)
Check if the OAuth2 Client is configured to be an OpenId Connect Client.
|
AuthorizationToken |
AuthorizationTokenIssuer.issueTokens(OAuth2Request request,
ClientRegistration clientRegistration,
ResourceOwner resourceOwner,
Set<String> authorizationScope,
OAuth2ProviderSettings providerSettings)
Issues tokens for the OAuth2 authorize request.
|
void |
OAuth2Request.setClientRegistration(ClientRegistration clientRegistration)
Set the OAuth2 client registration.
|
void |
ResponseTypeValidator.validate(ClientRegistration clientRegistration,
Set<String> requestedResponseTypes,
OAuth2ProviderSettings providerSettings,
OAuth2Request request)
Validates that the requested response types are valid and supported by both the OAuth2 client and provider.
|
void |
RedirectUriValidator.validate(ClientRegistration clientRegistration,
String redirectUri)
Validates that the requested redirect uri matches against one of the pre-registered redirect uris on the
client's registration.
|
Set<String> |
AgentOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
ScopeValidator.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
ScopeValidator.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
ScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
void |
AuthorizationCodeRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorization code grant.
|
void |
PasswordCredentialsRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 password credentials grant.
|
void |
ClientCredentialsRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 client credentials grant.
|
void |
AuthorizationCodeRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorization code grant.
|
void |
ClientCredentialsRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 client credentials grant.
|
void |
PasswordCredentialsRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 password credentials grant.
|
boolean |
ResourceOwnerConsentVerifier.verify(boolean consentSaved,
OAuth2Request request,
ClientRegistration registration)
Determines whether if the resource owner has previously saved consent and whether it should be used.
|
| Modifier and Type | Class and Description |
|---|---|
class |
AgentClientRegistration
Models an OpenAM J2EE agent registration in the OAuth2 provider.
|
class |
OpenAMClientRegistration
Models an OpenAM OAuth2 and OpenId Connect client registration in the OAuth2 provider.
|
| Modifier and Type | Method and Description |
|---|---|
UserInfoClaims |
OpenAMScopeValidator.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token.
|
Set<String> |
OpenAMScopeValidator.validateAccessTokenScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
OpenAMScopeValidator.validateAuthorizationScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
OpenAMScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
| Modifier and Type | Method and Description |
|---|---|
protected AccessToken |
Saml2GrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
| Modifier and Type | Method and Description |
|---|---|
void |
ConfirmationKeyValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration) |
| Modifier and Type | Interface and Description |
|---|---|
interface |
OpenIdConnectClientRegistration
Models an OpenId Connect client registration in the OAuth2 provider.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
OpenIdResourceOwnerConsentVerifier.verify(boolean consentSaved,
OAuth2Request request,
ClientRegistration registration)
Determines whether if the resource owner has previously saved consent and whether it should be used.
|
Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.