| Package | Description |
|---|---|
| org.forgerock.oauth2.core |
Defines the core classes to implement OAuth2 for OpenAM.
|
| org.forgerock.oauth2.core.exceptions | |
| org.forgerock.oauth2.resources | |
| org.forgerock.oauth2.restlet | |
| org.forgerock.openam.oauth2 | |
| org.forgerock.openam.oauth2.guice | |
| org.forgerock.openam.oauth2.resources | |
| org.forgerock.openam.oauth2.saml2.core | |
| org.forgerock.openam.oauth2.validation | |
| org.forgerock.openam.uma | |
| org.forgerock.openidconnect | |
| org.forgerock.openidconnect.restlet |
| Modifier and Type | Method and Description |
|---|---|
OAuth2Request |
OAuth2RequestFactory.create(org.restlet.Request request)
Creates a new OAuth2Request for the underlying HTTP request.
|
static OAuth2Request |
OAuth2Request.forRealm(String realm)
Creates an
OAuth2Request which holds the provided realm only. |
| Modifier and Type | Method and Description |
|---|---|
Map<String,String> |
AgentOAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request) |
Map<String,String> |
OAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization
request.
|
Map<String,String> |
ScopeValidator.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization
request.
|
Map<String,String> |
RealmOAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request) |
void |
AgentOAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request) |
void |
OAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
void |
ScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
void |
RealmOAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request) |
ResourceOwner |
ResourceOwnerAuthenticator.authenticate(OAuth2Request request)
Authenticates a resource owner by extracting the resource owner's credentials from the request and authenticating
against the OAuth2 provider's internal user store.
|
ClientRegistration |
ClientAuthenticator.authenticate(OAuth2Request request,
String endpoint)
Authenticates the client making the OAuth2 request by extracting the client's id and secret from the request
and authenticating against the OAuth2 providers client registrations.
|
AuthorizationToken |
AuthorizationService.authorize(OAuth2Request request)
Handles an initial authorization request from a OAuth2 client, validates the request is valid and contains
the required parameters, checks the resource owner has authenticated and given their consent for the client to
be authorized before issuing an AuthorizationToken.
|
AuthorizationToken |
AuthorizationService.authorize(OAuth2Request request,
boolean consentGiven,
boolean saveConsent)
Handles an authorization request from a OAuth2 client, validates the request is valid and contains the required
parameters, checks the resource owner has authenticated and given their consent for the client to be authorized
before issuing an AuthorizationToken.
|
AccessToken |
TokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AccessToken |
TokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AuthorizationCode |
TokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
TokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates a new device code token.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
void |
TokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId)
Deletes an Access Token from the OAuth2 Provider's store.
|
void |
TokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode)
Deletes an Authorization Code from the OAuth2 Provider's store.
|
void |
TokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request)
Deletes a device code token.
|
void |
TokenStore.deleteRefreshToken(OAuth2Request request,
String refreshTokenId)
Deletes a Refresh Token from the OAuth2 Provider's store.
|
AccessToken |
GrantTypeAccessTokenGenerator.generateAccessToken(OAuth2ProviderSettings providerSettings,
String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
String validatedClaims,
String authorizationCode,
String nonce,
OAuth2Request request) |
OAuth2ProviderSettings |
OAuth2ProviderSettingsFactory.get(OAuth2Request request)
Gets the instance of the OAuth2ProviderSettings
|
ClientRegistration |
ClientRegistrationStore.get(String clientId,
OAuth2Request request)
Gets the client registration for the given client id.
|
protected IntrospectableToken |
OAuth2TokenIntrospectionHandler.getIntrospectableToken(OAuth2Request request,
String tokenType,
String tokenId) |
static OAuth2Constants.UrlLocation |
Utils.getRequiredUrlLocation(OAuth2Request request,
ClientRegistration clientRegistration)
Determines if the UrlLocation is fragment or query based on the response types read from the request
and the type of client.
|
SSOToken |
ResourceOwnerSessionValidator.getResourceOwnerSession(OAuth2Request request)
Gets the resource owner's session from the OAuth2 request.
|
org.forgerock.json.JsonValue |
TokenInfoService.getTokenInfo(OAuth2Request request)
Returns a Json representation of the token's information that is on the OAuth2 request.
|
UserInfoClaims |
AgentOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
UserInfoClaims |
OAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token or request.
|
UserInfoClaims |
ScopeValidator.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token.
|
UserInfoClaims |
RealmOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
AccessToken |
GrantTypeHandler.handle(OAuth2Request request)
Handles an access token request for a specific OAuth2 grant type.
|
AccessToken |
ClientCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
PasswordCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
AuthorizationCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
protected AccessToken |
DeviceCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration client,
OAuth2ProviderSettings providerSettings) |
protected abstract AccessToken |
GrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
JwtBearerGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
Map.Entry<String,Token> |
NoneResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,Token> |
ResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,Token> |
AuthorizationCodeResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,Token> |
TokenResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
org.forgerock.json.JsonValue |
TokenIntrospectionService.introspect(OAuth2Request request)
Allows introspection of a (refresh or access) token according to the
OAuth 2.0 Token Introspection
standard.
|
org.forgerock.json.JsonValue |
TokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId)
Look for a token of a particular type, with a given ID, and return its introspected representation.
|
org.forgerock.json.JsonValue |
OAuth2TokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId) |
void |
TokenInvalidator.invalidateTokens(OAuth2Request request,
String clientId,
String userName,
String authGrantId)
Invalidates all tokens associated with same auth grant, client and resource owner.
|
boolean |
CsrfProtection.isCsrfAttack(OAuth2Request request)
Checks if the request contains the required "csrf" parameter and check it equals the users session id.
|
AuthorizationToken |
AuthorizationTokenIssuer.issueTokens(OAuth2Request request,
ClientRegistration clientRegistration,
ResourceOwner resourceOwner,
Set<String> authorizationScope,
OAuth2ProviderSettings providerSettings)
Issues tokens for the OAuth2 authorize request.
|
protected abstract String |
AccessTokenVerifier.obtainTokenId(OAuth2Request request)
Obtain the token ID from the request.
|
AccessToken |
TokenStore.readAccessToken(OAuth2Request request,
String tokenId)
Reads an Access Token from the OAuth2 Provider's store with the specified identifier.
|
AuthorizationCode |
TokenStore.readAuthorizationCode(OAuth2Request request,
String code)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
TokenStore.readDeviceCode(String userCode,
OAuth2Request request)
Reads a device code token.
|
DeviceCode |
TokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request)
Reads a device code token.
|
RefreshToken |
TokenStore.readRefreshToken(OAuth2Request request,
String tokenId)
Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.
|
AccessToken |
AccessTokenService.refreshToken(OAuth2Request request)
Handles a request to refresh an already issued access token for a OAuth2 client, validates that the request is
valid and contains the required parameters, checks that the refresh token on the request is valid and has not
expired, or been previously used to refresh an access token.
|
AccessToken |
AccessTokenService.requestAccessToken(OAuth2Request request)
Handles a request for access token(s) by a OAuth2 client, validates that the request is valid and contains the
required parameters, checks that the authorization code on the request is valid and has not expired, or been
previously used.
|
String |
RedirectUriResolver.resolve(OAuth2Request request)
Resolves the redirect URI
|
void |
TokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken)
Updates an Access Token.
|
void |
TokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode)
Updates an Authorization Code.
|
void |
TokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request)
Updates a device code token.
|
void |
ResponseTypeValidator.validate(ClientRegistration clientRegistration,
Set<String> requestedResponseTypes,
OAuth2ProviderSettings providerSettings,
OAuth2Request request)
Validates that the requested response types are valid and supported by both the OAuth2 client and provider.
|
ResourceOwner |
ResourceOwnerSessionValidator.validate(OAuth2Request request)
Checks if the request contains valid resource owner session.
|
Set<String> |
AgentOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
ScopeValidator.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
ScopeValidator.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
ScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
void |
DuplicateRequestParameterValidator.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
AuthorizeRequestValidator.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
AuthorizeRequestValidatorImpl.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
AuthorizationCodeRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorization code grant.
|
void |
PasswordCredentialsRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 password credentials grant.
|
void |
ClientCredentialsRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 client credentials grant.
|
void |
AuthorizationCodeRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorization code grant.
|
void |
ClientCredentialsRequestValidatorImpl.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 client credentials grant.
|
void |
PasswordCredentialsRequestValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 password credentials grant.
|
boolean |
ResourceOwnerConsentVerifier.verify(boolean consentSaved,
OAuth2Request request,
ClientRegistration registration)
Determines whether if the resource owner has previously saved consent and whether it should be used.
|
AccessTokenVerifier.TokenState |
AccessTokenVerifier.verify(OAuth2Request request)
Verifies that the specified OAuth2 request contains a valid access token which has not expired.
|
| Modifier and Type | Method and Description |
|---|---|
static InvalidScopeException |
InvalidScopeException.create(String message,
OAuth2Request request)
Creates a new InvalidScopeException by deducing the UrlLocation from the OAuth2Request.
|
InvalidClientException |
ClientAuthenticationFailureFactory.getException(OAuth2Request request,
String message)
Produces an InvalidClientException or InvalidClientAuthZHeaderException based on the request provided.
|
protected abstract String |
ClientAuthenticationFailureFactory.getRealm(OAuth2Request request)
Extracts the realm from the request, and normalises it
|
protected abstract boolean |
ClientAuthenticationFailureFactory.hasAuthorizationHeader(OAuth2Request request)
Determines whether the request makes use of the authorization header
|
| Modifier and Type | Method and Description |
|---|---|
void |
ResourceSetStore.create(OAuth2Request request,
ResourceSetDescription resourceSetDescription)
Create a
ResourceSetDescription. |
| Modifier and Type | Method and Description |
|---|---|
void |
AuthorizeRequestHook.afterAuthorizeSuccess(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Called after the authorize request has been completed and an authorization code is being returned.
|
void |
TokenRequestHook.afterTokenHandling(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Called after the token request is actually handled.
|
void |
AuthorizeRequestHook.beforeAuthorizeHandling(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Called before the authorize request is actually handled
|
protected Map<String,Object> |
ConsentRequiredResource.getDataModel(ResourceOwnerConsentRequired consentRequired,
OAuth2Request request)
Gets the data model to use when rendering the error page.
|
protected String |
OpenAMClientAuthenticationFailureFactory.getRealm(OAuth2Request request) |
org.restlet.representation.Representation |
OAuth2Representation.getRepresentation(org.restlet.Context context,
OAuth2Request request,
String templateName,
Map<String,Object> dataModel)
Gets the appropriate representation to send to the user agent based from the specified parameters.
|
protected boolean |
OpenAMClientAuthenticationFailureFactory.hasAuthorizationHeader(OAuth2Request request) |
protected String |
RestletHeaderAccessTokenVerifier.obtainTokenId(OAuth2Request request)
Obtain the token ID from the request.
|
protected String |
RestletQueryParameterAccessTokenVerifier.obtainTokenId(OAuth2Request request)
Obtain the token ID from the request.
|
protected String |
RestletFormBodyAccessTokenVerifier.obtainTokenId(OAuth2Request request)
Obtain the token ID from the request.
|
| Modifier and Type | Method and Description |
|---|---|
Map<String,String> |
OpenAMScopeValidator.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization
request.
|
void |
OpenAMScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
T |
StatelessCheck.byRequest(OAuth2Request request)
Checks the OAuth2 token is stateless or not based on the request
|
AccessToken |
OpenAMTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request) |
AccessToken |
StatelessTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request) |
AccessToken |
StatefulTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AccessToken |
OpenAMTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime) |
AccessToken |
StatelessTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime) |
AccessToken |
StatefulTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AuthorizationCode |
OpenAMTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
AuthorizationCode |
StatelessTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
AuthorizationCode |
StatefulTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
OpenAMTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
DeviceCode |
StatelessTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
DeviceCode |
StatefulTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates a new device code token.
|
OpenIdConnectToken |
OpenAMTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request) |
OpenIdConnectToken |
StatefulTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request)
Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.
|
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
void |
OpenAMTokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId) |
void |
StatelessTokenStore.deleteAccessToken(OAuth2Request request,
String jwtString) |
void |
StatefulTokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId)
Deletes an Access Token from the OAuth2 Provider's store.
|
void |
OpenAMTokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode) |
void |
StatelessTokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode) |
void |
StatefulTokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode)
Deletes an Authorization Code from the OAuth2 Provider's store.
|
void |
OpenAMTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
StatelessTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
StatefulTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
OpenAMTokenStore.deleteRefreshToken(OAuth2Request request,
String refreshTokenId) |
void |
StatelessTokenStore.deleteRefreshToken(OAuth2Request request,
String jwtString) |
void |
StatefulTokenStore.deleteRefreshToken(OAuth2Request request,
String refreshTokenId)
Deletes a Refresh Token from the OAuth2 Provider's store.
|
ClientCredentials |
ClientCredentialsReader.extractCredentials(OAuth2Request request,
String endpoint)
Extracts the client's credentials from the OAuth2 request.
|
OAuth2Uris |
OAuth2UrisFactory.get(OAuth2Request request)
Gets a OAuth2Uris instance.
|
OAuth2Uris |
OAuth2UrisFactory.get(OAuth2Request oAuth2Request,
Realm realm) |
OpenIdConnectClientRegistration |
OpenAMClientRegistrationStore.get(String clientId,
OAuth2Request request)
Gets the client registration for the given client id.
|
org.forgerock.json.JsonValue |
OAuth2Utils.getConfirmationKey(OAuth2Request request)
Given an OAuth2 request, attempts to pull out the confirmation key; this is optional.
|
UserInfoClaims |
OpenAMScopeValidator.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token.
|
AccessToken |
OpenAMTokenStore.readAccessToken(OAuth2Request request,
String tokenId) |
AccessToken |
StatelessTokenStore.readAccessToken(OAuth2Request request,
String jwtString) |
AccessToken |
StatefulTokenStore.readAccessToken(OAuth2Request request,
String tokenId)
Reads an Access Token from the OAuth2 Provider's store with the specified identifier.
|
AuthorizationCode |
OpenAMTokenStore.readAuthorizationCode(OAuth2Request request,
String code) |
AuthorizationCode |
StatelessTokenStore.readAuthorizationCode(OAuth2Request request,
String code) |
AuthorizationCode |
StatefulTokenStore.readAuthorizationCode(OAuth2Request request,
String code)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
OpenAMTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
StatelessTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
StatefulTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
OpenAMTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
DeviceCode |
StatelessTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
DeviceCode |
StatefulTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
RefreshToken |
OpenAMTokenStore.readRefreshToken(OAuth2Request request,
String tokenId) |
RefreshToken |
StatelessTokenStore.readRefreshToken(OAuth2Request request,
String jwtString) |
RefreshToken |
StatefulTokenStore.readRefreshToken(OAuth2Request request,
String tokenId)
Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.
|
String |
OAuth2RealmResolver.resolveFrom(OAuth2Request request)
Resolve realm from the request
|
void |
OpenAMTokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken) |
void |
StatelessTokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken) |
void |
StatefulTokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken) |
void |
OpenAMTokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode) |
void |
StatelessTokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode) |
void |
StatefulTokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode)
Updates an Authorization Code.
|
void |
OpenAMTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
void |
StatelessTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
void |
StatefulTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
Set<String> |
OpenAMScopeValidator.validateAccessTokenScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
OpenAMScopeValidator.validateAuthorizationScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
OpenAMScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
protected void |
StatelessTokenStore.validateTokenRealm(String tokenRealm,
OAuth2Request request) |
protected void |
StatefulTokenStore.validateTokenRealm(String tokenRealm,
OAuth2Request request) |
| Modifier and Type | Method and Description |
|---|---|
Boolean |
OAuth2GuiceModule.DefaultStatelessCheck.byRequest(OAuth2Request request) |
protected void |
OAuth2GuiceModule.RealmAgnosticStatefulTokenStore.validateTokenRealm(String tokenRealm,
OAuth2Request request) |
protected void |
OAuth2GuiceModule.RealmAgnosticStatelessTokenStore.validateTokenRealm(String tokenRealm,
OAuth2Request request) |
| Modifier and Type | Method and Description |
|---|---|
void |
OpenAMResourceSetStore.create(OAuth2Request request,
ResourceSetDescription resourceSetDescription) |
| Modifier and Type | Method and Description |
|---|---|
AccessToken |
Saml2GrantTypeHandler.handle(OAuth2Request request) |
protected AccessToken |
Saml2GrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
| Modifier and Type | Method and Description |
|---|---|
void |
ConfirmationKeyValidator.validateRequest(OAuth2Request request) |
void |
ConfirmationKeyValidator.validateRequest(OAuth2Request request,
ClientRegistration clientRegistration) |
| Modifier and Type | Method and Description |
|---|---|
UmaUris |
UmaUrisFactory.get(OAuth2Request request) |
UmaProviderSettings |
UmaProviderSettingsFactory.get(OAuth2Request request) |
UmaUris |
UmaUrisFactory.get(OAuth2Request oAuth2Request,
Realm realm)
Gets the instance of the UmaUris.
|
String |
IdTokenClaimGatherer.getRequestingPartyId(OAuth2Request oAuth2Request,
AccessToken authorizationApiToken,
org.forgerock.json.JsonValue claimToken) |
String |
ClaimGatherer.getRequestingPartyId(OAuth2Request oAuth2Request,
AccessToken authorizationApiToken,
org.forgerock.json.JsonValue claimToken)
Attempts to get the requesting party id from the claim token.
|
org.forgerock.json.JsonValue |
UmaTokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId) |
| Modifier and Type | Method and Description |
|---|---|
void |
ClientDAO.create(Client client,
OAuth2Request request)
Stores a client to a storage system.
|
OpenIdConnectToken |
OpenIdConnectTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request)
Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.
|
org.forgerock.json.JsonValue |
OpenIdConnectClientRegistrationService.createRegistration(String accessToken,
String deploymentUrl,
OAuth2Request request)
Creates an OpenId Connect client registration in the OAuth2 provider.
|
void |
ClientDAO.delete(String clientId,
OAuth2Request request)
Delete a client from the storage system.
|
Map<String,Object> |
OpenIDConnectProviderDiscovery.discover(String resource,
String rel,
String deploymentUrl,
OAuth2Request request)
Returns the response to a request to discover the OpenId Connect provider.
|
void |
OpenIDConnectEndSession.endSession(OAuth2Request request,
String idToken)
Ends an OpenId Connect session.
|
OpenIdConnectClientRegistration |
OpenIdConnectClientRegistrationStore.get(String clientId,
OAuth2Request request)
Gets the client registration for the given client id.
|
org.forgerock.json.JsonValue |
OpenIDConnectProviderConfiguration.getConfiguration(OAuth2Request request)
Gets the OpenId configuration for the OpenId Connect provider.
|
protected String |
OpenIDTokenIssuer.getOps(AccessToken accessToken,
OAuth2Request request)
Gets the ops value for the OpenId Token.
|
org.forgerock.json.JsonValue |
OpenIdConnectClientRegistrationService.getRegistration(String clientId,
String accessToken,
OAuth2Request request)
Gets an OpenId Connect client registration from the OAuth2 provider.
|
org.forgerock.json.JsonValue |
UserInfoService.getUserInfo(OAuth2Request request)
Gets the user's information for the specified access token.
|
Map.Entry<String,Token> |
IdTokenResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,String> |
OpenIDTokenIssuer.issueToken(AccessToken accessToken,
OAuth2Request request)
Issues an OpenId Connect token, using the details of the access token.
|
boolean |
OpenIDConnectProvider.isUserValid(String userId,
OAuth2Request request)
Determines whether a user has a valid session.
|
Client |
ClientDAO.read(String clientId,
OAuth2Request request)
Reads a client from a storage system.
|
void |
ClientDAO.update(Client client,
OAuth2Request request)
Updates a client already stored.
|
void |
OpenIdConnectAuthorizeRequestValidator.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
ClaimsParameterValidator.validateRequest(OAuth2Request request) |
void |
CodeVerifierValidator.validateRequest(OAuth2Request request) |
void |
SubjectTypeValidator.validateRequest(OAuth2Request request) |
boolean |
OpenIdResourceOwnerConsentVerifier.verify(boolean consentSaved,
OAuth2Request request,
ClientRegistration registration)
Determines whether if the resource owner has previously saved consent and whether it should be used.
|
| Constructor and Description |
|---|
OpenIdPrompt(OAuth2Request request)
Constructs a new OpenIdPrompt instance directly from the request object
by using the constant defined in OAuth2Constants and calling the
existing constructor with the string obtained.
|
| Modifier and Type | Method and Description |
|---|---|
void |
LoginHintHook.afterAuthorizeSuccess(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Once we're returning an auth code we can remove the login hint cookie.
|
void |
LoginHintHook.afterTokenHandling(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Authentication has completed - remove the cookie.
|
void |
LoginHintHook.beforeAuthorizeHandling(OAuth2Request o2request,
org.restlet.Request request,
org.restlet.Response response)
Adds the login_hint value to cookie.
|
protected Map<String,Object> |
OpenIDConnectCheckSessionEndpoint.getDataModel(OAuth2Request oAuth2Request) |
Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.