| Package | Description |
|---|---|
| org.forgerock.oauth2.core |
Defines the core classes to implement OAuth2 for OpenAM.
|
| org.forgerock.oauth2.resources | |
| org.forgerock.oauth2.restlet | |
| org.forgerock.oauth2.restlet.resources | |
| org.forgerock.openam.oauth2 | |
| org.forgerock.openam.oauth2.resources | |
| org.forgerock.openam.oauth2.saml2.core | |
| org.forgerock.openam.uma | |
| org.forgerock.openam.uma.audit | |
| org.forgerock.openam.uma.rest | |
| org.forgerock.openidconnect |
| Modifier and Type | Method and Description |
|---|---|
Map<String,String> |
AgentOAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request) |
Map<String,String> |
OAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization
request.
|
Map<String,String> |
RealmOAuth2ProviderSettings.additionalDataToReturnFromAuthorizeEndpoint(Map<String,Token> tokens,
OAuth2Request request) |
void |
AgentOAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request) |
void |
OAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
void |
ScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
void |
RealmOAuth2ProviderSettings.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request) |
AuthorizationToken |
AuthorizationService.authorize(OAuth2Request request)
Handles an initial authorization request from a OAuth2 client, validates the request is valid and contains
the required parameters, checks the resource owner has authenticated and given their consent for the client to
be authorized before issuing an AuthorizationToken.
|
AuthorizationToken |
AuthorizationService.authorize(OAuth2Request request,
boolean consentGiven,
boolean saveConsent)
Handles an authorization request from a OAuth2 client, validates the request is valid and contains the required
parameters, checks the resource owner has authenticated and given their consent for the client to be authorized
before issuing an AuthorizationToken.
|
boolean |
AgentOAuth2ProviderSettings.clientsCanSkipConsent() |
boolean |
OAuth2ProviderSettings.clientsCanSkipConsent()
Whether clients can opt to skip resource owner consent during authorization flows.
|
boolean |
RealmOAuth2ProviderSettings.clientsCanSkipConsent() |
AccessToken |
TokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AccessToken |
TokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AuthorizationCode |
TokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
TokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates a new device code token.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
RefreshToken |
TokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime)
Creates a Refresh Token and stores it in the OAuth2 Provider's store.
|
void |
TokenStore.delete(String realm,
String tokenId)
Deletes the Token from the OAuth2 Provider's store with the specified identifier.
|
void |
TokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId)
Deletes an Access Token from the OAuth2 Provider's store.
|
void |
TokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode)
Deletes an Authorization Code from the OAuth2 Provider's store.
|
void |
TokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request)
Deletes a device code token.
|
void |
TokenStore.deleteRefreshToken(OAuth2Request request,
String refreshTokenId)
Deletes a Refresh Token from the OAuth2 Provider's store.
|
Map<String,Object> |
AgentOAuth2ProviderSettings.evaluateScope(AccessToken accessToken) |
Map<String,Object> |
OAuth2ProviderSettings.evaluateScope(AccessToken accessToken)
Gets the specified access token's information.
|
Map<String,Object> |
RealmOAuth2ProviderSettings.evaluateScope(AccessToken accessToken) |
Set<ResourceSetDescription> |
ResourceSetFilter.filter(Set<ResourceSetDescription> values)
Filters the Set provided.
|
AccessToken |
GrantTypeAccessTokenGenerator.generateAccessToken(OAuth2ProviderSettings providerSettings,
String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
String validatedClaims,
String authorizationCode,
String nonce,
OAuth2Request request) |
long |
AgentOAuth2ProviderSettings.getAccessTokenLifetime() |
long |
OAuth2ProviderSettings.getAccessTokenLifetime()
Gets the lifetime an access token will have before it expires.
|
long |
RealmOAuth2ProviderSettings.getAccessTokenLifetime() |
Map<String,AuthenticationMethod> |
AgentOAuth2ProviderSettings.getAcrMapping() |
Map<String,AuthenticationMethod> |
OAuth2ProviderSettings.getAcrMapping()
Returns a mapping from Authentication Context Class Reference (ACR) values (typically a Level of Assurance
value) to concrete authentication methods.
|
Map<String,AuthenticationMethod> |
RealmOAuth2ProviderSettings.getAcrMapping() |
Map<String,ResponseTypeHandler> |
AgentOAuth2ProviderSettings.getAllowedResponseTypes() |
Map<String,ResponseTypeHandler> |
OAuth2ProviderSettings.getAllowedResponseTypes()
Gets the response types allowed by the OAuth2 provider.
|
Map<String,ResponseTypeHandler> |
RealmOAuth2ProviderSettings.getAllowedResponseTypes() |
Map<String,String> |
AgentOAuth2ProviderSettings.getAMRAuthModuleMappings() |
Map<String,String> |
OAuth2ProviderSettings.getAMRAuthModuleMappings()
The mappings between amr values and auth module names.
|
Map<String,String> |
RealmOAuth2ProviderSettings.getAMRAuthModuleMappings() |
long |
AgentOAuth2ProviderSettings.getAuthorizationCodeLifetime() |
long |
OAuth2ProviderSettings.getAuthorizationCodeLifetime()
Gets the lifetime an authorization code will have before it expires.
|
long |
RealmOAuth2ProviderSettings.getAuthorizationCodeLifetime() |
Map<String,String> |
ClientRegistration.getClaimDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
boolean |
AgentOAuth2ProviderSettings.getClaimsParameterSupported() |
boolean |
OAuth2ProviderSettings.getClaimsParameterSupported()
Returns whether this provider supports claims requested via 'claims' parameter.
|
boolean |
RealmOAuth2ProviderSettings.getClaimsParameterSupported() |
String |
AgentOAuth2ProviderSettings.getCompletionUrl() |
String |
OAuth2ProviderSettings.getCompletionUrl()
The URL that the user will be sent to on completion of their OAuth 2 login
and consent when using the device code flow.
|
String |
RealmOAuth2ProviderSettings.getCompletionUrl() |
String |
AgentOAuth2ProviderSettings.getCreatedTimestampAttributeName() |
String |
OAuth2ProviderSettings.getCreatedTimestampAttributeName()
Gets the created timestamp attribute name.
|
String |
RealmOAuth2ProviderSettings.getCreatedTimestampAttributeName() |
freemarker.template.Template |
AgentOAuth2ProviderSettings.getCustomLoginUrlTemplate() |
freemarker.template.Template |
OAuth2ProviderSettings.getCustomLoginUrlTemplate()
Gets the custom login url template which will create the url to redirect resource owners to for authentication.
|
freemarker.template.Template |
RealmOAuth2ProviderSettings.getCustomLoginUrlTemplate() |
String |
AgentOAuth2ProviderSettings.getDefaultAcrValues() |
String |
OAuth2ProviderSettings.getDefaultAcrValues()
The default Authentication Context Class Reference (ACR) values to use for authentication if none is specified
in the request.
|
String |
RealmOAuth2ProviderSettings.getDefaultAcrValues() |
Set<String> |
AgentOAuth2ProviderSettings.getDefaultScopes() |
Set<String> |
OAuth2ProviderSettings.getDefaultScopes()
Gets the default set of scopes to give a client registering with this provider.
|
Set<String> |
RealmOAuth2ProviderSettings.getDefaultScopes() |
int |
AgentOAuth2ProviderSettings.getDeviceCodeLifetime() |
int |
OAuth2ProviderSettings.getDeviceCodeLifetime()
The lifetime of the device code.
|
int |
RealmOAuth2ProviderSettings.getDeviceCodeLifetime() |
int |
AgentOAuth2ProviderSettings.getDeviceCodePollInterval() |
int |
OAuth2ProviderSettings.getDeviceCodePollInterval()
The polling interval for devices waiting for tokens when using the device code flow.
|
int |
RealmOAuth2ProviderSettings.getDeviceCodePollInterval() |
String |
AgentOAuth2ProviderSettings.getHashSalt() |
String |
OAuth2ProviderSettings.getHashSalt()
Returns the salt to use for hashing sub values upon pairwise requests.
|
String |
RealmOAuth2ProviderSettings.getHashSalt() |
protected IntrospectableToken |
OAuth2TokenIntrospectionHandler.getIntrospectableToken(OAuth2Request request,
String tokenType,
String tokenId) |
String |
OAuth2Uris.getIssuer()
Gets the identifier of this issuer.
|
org.forgerock.json.JsonValue |
AgentOAuth2ProviderSettings.getJWKSet() |
org.forgerock.json.JsonValue |
OAuth2ProviderSettings.getJWKSet()
Gets the JWK Set for this OAuth2 Authorization /OpenID Provider.
|
org.forgerock.json.JsonValue |
RealmOAuth2ProviderSettings.getJWKSet() |
String |
AgentOAuth2ProviderSettings.getJWKSUri() |
String |
OAuth2ProviderSettings.getJWKSUri()
Gets the JSON Web Key Set URI.
|
String |
OAuth2Uris.getJWKSUri()
Gets the JSON Web Key Set URI.
|
String |
RealmOAuth2ProviderSettings.getJWKSUri() |
String |
AgentOAuth2ProviderSettings.getModifiedTimestampAttributeName() |
String |
OAuth2ProviderSettings.getModifiedTimestampAttributeName()
Gets the modified timestamp attribute name.
|
String |
RealmOAuth2ProviderSettings.getModifiedTimestampAttributeName() |
String |
ResourceOwner.getName(OAuth2ProviderSettings settings)
Gets the name of the user, if possible.
|
long |
AgentOAuth2ProviderSettings.getOpenIdTokenLifetime() |
long |
OAuth2ProviderSettings.getOpenIdTokenLifetime()
Gets the lifetime an OpenID token will have before it expires.
|
long |
RealmOAuth2ProviderSettings.getOpenIdTokenLifetime() |
long |
AgentOAuth2ProviderSettings.getRefreshTokenLifetime() |
long |
OAuth2ProviderSettings.getRefreshTokenLifetime()
Gets the lifetime an refresh token will have before it expires.
|
long |
RealmOAuth2ProviderSettings.getRefreshTokenLifetime() |
Set<String> |
AgentOAuth2ProviderSettings.getResourceOwnerAuthenticatedAttributes() |
Set<String> |
OAuth2ProviderSettings.getResourceOwnerAuthenticatedAttributes()
Gets the attributes of the resource owner that are used for authenticating resource owners.
|
Set<String> |
RealmOAuth2ProviderSettings.getResourceOwnerAuthenticatedAttributes() |
Map<String,String> |
ClientRegistration.getScopeDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
KeyPair |
AgentOAuth2ProviderSettings.getSigningKeyPair(org.forgerock.json.jose.jws.JwsAlgorithm algorithm) |
KeyPair |
OAuth2ProviderSettings.getSigningKeyPair(org.forgerock.json.jose.jws.JwsAlgorithm algorithm)
Gets the signing key pair of the OAuth2 provider.
|
KeyPair |
RealmOAuth2ProviderSettings.getSigningKeyPair(org.forgerock.json.jose.jws.JwsAlgorithm algorithm) |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedClaims() |
Set<String> |
OAuth2ProviderSettings.getSupportedClaims()
Gets the supported claims for this provider.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedClaims() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedClaimsWithTranslations() |
Set<String> |
OAuth2ProviderSettings.getSupportedClaimsWithTranslations()
Gets the supported claims for this provider as strings with pipe-separated translations.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedClaimsWithTranslations() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedIDTokenEncryptionAlgorithms() |
Set<String> |
OAuth2ProviderSettings.getSupportedIDTokenEncryptionAlgorithms()
Gets the algorithms that the OAuth2 provider supports for encryptin OpenID tokens.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedIDTokenEncryptionAlgorithms() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedIDTokenEncryptionMethods() |
Set<String> |
OAuth2ProviderSettings.getSupportedIDTokenEncryptionMethods()
Gets the encryption methods that the OAuth2 provider supports for encryptin OpenID tokens.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedIDTokenEncryptionMethods() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedIDTokenSigningAlgorithms() |
Set<String> |
OAuth2ProviderSettings.getSupportedIDTokenSigningAlgorithms()
Gets the algorithms that the OAuth2 provider supports for signing OpenID tokens.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedIDTokenSigningAlgorithms() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedScopes() |
Set<String> |
OAuth2ProviderSettings.getSupportedScopes()
Gets the supported scopes for this provider without translations.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedScopes() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedScopesWithTranslations() |
Set<String> |
OAuth2ProviderSettings.getSupportedScopesWithTranslations()
Gets the supported scopes for this provider.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedScopesWithTranslations() |
Set<String> |
AgentOAuth2ProviderSettings.getSupportedSubjectTypes() |
Set<String> |
OAuth2ProviderSettings.getSupportedSubjectTypes()
Gets the subject types supported by the OAuth2 provider.
|
Set<String> |
RealmOAuth2ProviderSettings.getSupportedSubjectTypes() |
String |
AgentOAuth2ProviderSettings.getTokenHmacSharedSecret() |
String |
OAuth2ProviderSettings.getTokenHmacSharedSecret()
Gets the Base64 encoded shared secret used to sign stateless access and refresh tokens.
|
String |
RealmOAuth2ProviderSettings.getTokenHmacSharedSecret() |
String |
Token.getTokenId()
Gets the token's identifier.
|
org.forgerock.json.JsonValue |
TokenInfoService.getTokenInfo(OAuth2Request request)
Returns a Json representation of the token's information that is on the OAuth2 request.
|
String |
AgentOAuth2ProviderSettings.getTokenSigningAlgorithm() |
String |
OAuth2ProviderSettings.getTokenSigningAlgorithm()
Gets the signing algorithm used when issuing stateless access and refresh tokens.
|
String |
RealmOAuth2ProviderSettings.getTokenSigningAlgorithm() |
String |
AgentOAuth2ProviderSettings.getUserDisplayNameAttribute() |
String |
OAuth2ProviderSettings.getUserDisplayNameAttribute()
The attribute that can be used to obtain a UI-displayable name for a user's AMIdentity.
|
String |
RealmOAuth2ProviderSettings.getUserDisplayNameAttribute() |
UserInfoClaims |
AgentOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
UserInfoClaims |
OAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request)
Gets the resource owners information based on an issued access token or request.
|
UserInfoClaims |
RealmOAuth2ProviderSettings.getUserInfo(ClientRegistration clientRegistration,
AccessToken token,
OAuth2Request request) |
String |
AgentOAuth2ProviderSettings.getVerificationUrl() |
String |
OAuth2ProviderSettings.getVerificationUrl()
The URL that the user will be instructed to visit to complete their OAuth 2 login and consent when using the
device code flow.
|
String |
RealmOAuth2ProviderSettings.getVerificationUrl() |
AccessToken |
GrantTypeHandler.handle(OAuth2Request request)
Handles an access token request for a specific OAuth2 grant type.
|
AccessToken |
ClientCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
PasswordCredentialsGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
AuthorizationCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
protected AccessToken |
DeviceCodeGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration client,
OAuth2ProviderSettings providerSettings) |
protected abstract AccessToken |
GrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
AccessToken |
JwtBearerGrantTypeHandler.handle(OAuth2Request request,
ClientRegistration clientRegistration,
OAuth2ProviderSettings providerSettings) |
Map.Entry<String,Token> |
ResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,Token> |
AuthorizationCodeResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,Token> |
TokenResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
org.forgerock.json.JsonValue |
TokenIntrospectionService.introspect(OAuth2Request request)
Allows introspection of a (refresh or access) token according to the
OAuth 2.0 Token Introspection
standard.
|
org.forgerock.json.JsonValue |
TokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId)
Look for a token of a particular type, with a given ID, and return its introspected representation.
|
org.forgerock.json.JsonValue |
OAuth2TokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId) |
void |
TokenInvalidator.invalidateTokens(OAuth2Request request,
String clientId,
String userName,
String authGrantId)
Invalidates all tokens associated with same auth grant, client and resource owner.
|
boolean |
AgentOAuth2ProviderSettings.isAlwaysAddClaimsToToken() |
boolean |
OAuth2ProviderSettings.isAlwaysAddClaimsToToken()
Whether to always add claims to id_tokens - non-spec compliant.
|
boolean |
RealmOAuth2ProviderSettings.isAlwaysAddClaimsToToken() |
boolean |
AgentOAuth2ProviderSettings.isCodeVerifierRequired() |
boolean |
OAuth2ProviderSettings.isCodeVerifierRequired()
Whether or not to enforce the Code Verifier Parameter.
|
boolean |
RealmOAuth2ProviderSettings.isCodeVerifierRequired() |
boolean |
AgentOAuth2ProviderSettings.isIdTokenInfoClientAuthenticationEnabled() |
boolean |
OAuth2ProviderSettings.isIdTokenInfoClientAuthenticationEnabled()
Determines whether idtokeninfo endpoint should require client authentication.
|
boolean |
RealmOAuth2ProviderSettings.isIdTokenInfoClientAuthenticationEnabled() |
boolean |
AgentOAuth2ProviderSettings.isOpenDynamicClientRegistrationAllowed() |
boolean |
OAuth2ProviderSettings.isOpenDynamicClientRegistrationAllowed()
Indicates whether clients may register without providing an access token.
|
boolean |
RealmOAuth2ProviderSettings.isOpenDynamicClientRegistrationAllowed() |
boolean |
AgentOAuth2ProviderSettings.isOpenIDConnectSSOProviderEnabled() |
boolean |
OAuth2ProviderSettings.isOpenIDConnectSSOProviderEnabled()
Whether OpenID Connect ID Tokens are accepted as SSOTokens in this realm or not.
|
boolean |
RealmOAuth2ProviderSettings.isOpenIDConnectSSOProviderEnabled() |
boolean |
AgentOAuth2ProviderSettings.isRegistrationAccessTokenGenerationEnabled() |
boolean |
OAuth2ProviderSettings.isRegistrationAccessTokenGenerationEnabled()
Whether to generate access tokens for clients that register without one.
|
boolean |
RealmOAuth2ProviderSettings.isRegistrationAccessTokenGenerationEnabled() |
boolean |
AgentOAuth2ProviderSettings.isStatelessTokensEnabled() |
boolean |
OAuth2ProviderSettings.isStatelessTokensEnabled()
Determines whether access and refresh tokens should be stateless.
|
boolean |
RealmOAuth2ProviderSettings.isStatelessTokensEnabled() |
boolean |
AgentOAuth2ProviderSettings.issueRefreshTokens() |
boolean |
OAuth2ProviderSettings.issueRefreshTokens()
Whether the OAuth2 provider should issue refresh tokens when issuing access tokens.
|
boolean |
RealmOAuth2ProviderSettings.issueRefreshTokens() |
boolean |
AgentOAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken() |
boolean |
OAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken()
Whether the OAuth2 provider should issue refresh tokens when refreshing access tokens.
|
boolean |
RealmOAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken() |
AuthorizationToken |
AuthorizationTokenIssuer.issueTokens(OAuth2Request request,
ClientRegistration clientRegistration,
ResourceOwner resourceOwner,
Set<String> authorizationScope,
OAuth2ProviderSettings providerSettings)
Issues tokens for the OAuth2 authorize request.
|
boolean |
AgentOAuth2ProviderSettings.isTokenCompressionEnabled() |
boolean |
OAuth2ProviderSettings.isTokenCompressionEnabled()
Determines whether token compression is enabled for stateless access and refresh tokens.
|
boolean |
RealmOAuth2ProviderSettings.isTokenCompressionEnabled() |
org.forgerock.json.JsonValue |
TokenStore.queryForToken(String realm,
org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter)
Queries the OAuth2 Provider's store for tokens.
|
org.forgerock.json.JsonValue |
TokenStore.read(String tokenId)
Reads the Token from the OAuth2 Provider's store with the specified identifier.
|
AccessToken |
TokenStore.readAccessToken(OAuth2Request request,
String tokenId)
Reads an Access Token from the OAuth2 Provider's store with the specified identifier.
|
AuthorizationCode |
TokenStore.readAuthorizationCode(OAuth2Request request,
String code)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
TokenStore.readDeviceCode(String userCode,
OAuth2Request request)
Reads a device code token.
|
DeviceCode |
TokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request)
Reads a device code token.
|
RefreshToken |
TokenStore.readRefreshToken(OAuth2Request request,
String tokenId)
Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.
|
AccessToken |
AccessTokenService.refreshToken(OAuth2Request request)
Handles a request to refresh an already issued access token for a OAuth2 client, validates that the request is
valid and contains the required parameters, checks that the refresh token on the request is valid and has not
expired, or been previously used to refresh an access token.
|
AccessToken |
AccessTokenService.requestAccessToken(OAuth2Request request)
Handles a request for access token(s) by a OAuth2 client, validates that the request is valid and contains the
required parameters, checks that the authorization code on the request is valid and has not expired, or been
previously used.
|
boolean |
AgentOAuth2ProviderSettings.shouldStoreOpsTokens() |
boolean |
OAuth2ProviderSettings.shouldStoreOpsTokens()
Whether to generate and store an ops token in CTS for this OIDC provider.
|
boolean |
RealmOAuth2ProviderSettings.shouldStoreOpsTokens() |
Map<String,Object> |
DeviceCode.toMap() |
Map<String,Object> |
Token.toMap()
Converts the token into a
Map of its key data. |
void |
TokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken)
Updates an Access Token.
|
void |
TokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode)
Updates an Authorization Code.
|
void |
TokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request)
Updates a device code token.
|
void |
ResponseTypeValidator.validate(ClientRegistration clientRegistration,
Set<String> requestedResponseTypes,
OAuth2ProviderSettings providerSettings,
OAuth2Request request)
Validates that the requested response types are valid and supported by both the OAuth2 client and provider.
|
ResourceOwner |
ResourceOwnerSessionValidator.validate(OAuth2Request request)
Checks if the request contains valid resource owner session.
|
Set<String> |
AgentOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
ScopeValidator.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAccessTokenScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
ScopeValidator.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateAuthorizationScope(ClientRegistration clientRegistration,
Set<String> scope,
OAuth2Request request) |
Set<String> |
AgentOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
Set<String> |
OAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
ScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
Set<String> |
RealmOAuth2ProviderSettings.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request) |
void |
DuplicateRequestParameterValidator.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
AuthorizeRequestValidator.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
void |
AuthorizeRequestValidatorImpl.validateRequest(OAuth2Request request)
Validates that the OAuth2 request contains the valid parameters for the OAuth2 authorize endpoint.
|
String |
AgentOAuth2ProviderSettings.validateRequestedClaims(String requestedClaims) |
String |
OAuth2ProviderSettings.validateRequestedClaims(String requestedClaims)
Validates that the requested claims are appropriate to be requested by the given client.
|
String |
RealmOAuth2ProviderSettings.validateRequestedClaims(String requestedClaims) |
| Modifier and Type | Method and Description |
|---|---|
void |
ResourceSetStore.create(OAuth2Request request,
ResourceSetDescription resourceSetDescription)
Create a
ResourceSetDescription. |
void |
ResourceSetStore.delete(String resourceSetId,
String resourceOwnerId)
Remove a
ResourceSetDescription with the given ID from the store. |
Set<ResourceSetDescription> |
ResourceSetStore.query(org.forgerock.util.query.QueryFilter<String> query)
Query the store for
ResourceSetDescription instances. |
ResourceSetDescription |
ResourceSetStore.read(String resourceSetId,
ResourceSetFilter filter)
Reads a
ResourceSetDescription out of the store using its OpenAM Unique ID. |
ResourceSetDescription |
ResourceSetStore.read(String resourceSetId,
String resourceOwnerId)
Reads a
ResourceSetDescription out of the store using its OpenAM Unique ID. |
void |
ResourceSetStore.update(ResourceSetDescription resourceSetDescription)
Update a given
ResourceSetDescription instance. |
| Modifier and Type | Method and Description |
|---|---|
org.restlet.representation.Representation |
DeviceCodeVerificationResource.userCodeForm()
Handles GET requests to the OAuth2 device/user endpoint, returning a form to allow the user to submit their
user code
|
org.restlet.representation.Representation |
DeviceCodeVerificationResource.verify(org.restlet.representation.Representation body)
Handles POST requests to the OAuth2 device/user endpoint.
|
| Modifier and Type | Method and Description |
|---|---|
void |
ResourceSetRegistrationHook.resourceSetCreated(String realm,
ResourceSetDescription resourceSet)
Fired after a Resource Set description is successfully created.
|
void |
ResourceSetRegistrationHook.resourceSetDeleted(String realm,
ResourceSetDescription resourceSet)
Fired before a Resource Set description is about to be deleted.
|
| Modifier and Type | Method and Description |
|---|---|
void |
OpenAMScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken accessToken,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to return additional data from an access token
request.
|
AccessToken |
OpenAMTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request) |
AccessToken |
StatelessTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request) |
AccessToken |
StatefulTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AccessToken |
OpenAMTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime) |
AccessToken |
StatelessTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime) |
AccessToken |
StatefulTokenStore.createAccessToken(String grantType,
String accessTokenType,
String authorizationCode,
String resourceOwnerId,
String clientId,
String redirectUri,
Set<String> scope,
RefreshToken refreshToken,
String nonce,
String claims,
OAuth2Request request,
long authTime)
Creates an Access Token and stores it in the OAuth2 Provider's store.
|
AuthorizationCode |
OpenAMTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
AuthorizationCode |
StatelessTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
AuthorizationCode |
StatefulTokenStore.createAuthorizationCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
OpenAMTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
DeviceCode |
StatelessTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod) |
DeviceCode |
StatefulTokenStore.createDeviceCode(Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String nonce,
String responseType,
String state,
String acrValues,
String prompt,
String uiLocales,
String loginHint,
Integer maxAge,
String claims,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Creates a new device code token.
|
OpenIdConnectToken |
OpenAMTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request) |
OpenIdConnectToken |
StatefulTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request)
Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.
|
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
long authTime) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId) |
RefreshToken |
OpenAMTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
RefreshToken |
StatelessTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
RefreshToken |
StatefulTokenStore.createRefreshToken(String grantType,
String clientId,
String resourceOwnerId,
String redirectUri,
Set<String> scope,
OAuth2Request request,
String validatedClaims,
String authGrantId,
long authTime) |
void |
OpenAMTokenStore.delete(String realm,
String tokenId) |
void |
StatelessTokenStore.delete(String realm,
String tokenId) |
void |
StatefulTokenStore.delete(String realm,
String tokenId) |
void |
OpenAMTokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId) |
void |
StatelessTokenStore.deleteAccessToken(OAuth2Request request,
String jwtString) |
void |
StatefulTokenStore.deleteAccessToken(OAuth2Request request,
String accessTokenId)
Deletes an Access Token from the OAuth2 Provider's store.
|
void |
OpenAMTokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode) |
void |
StatelessTokenStore.deleteAuthorizationCode(OAuth2Request request,
String authorizationCode) |
void |
OpenAMTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
StatelessTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
StatefulTokenStore.deleteDeviceCode(String clientId,
String code,
OAuth2Request request) |
void |
OpenAMTokenStore.deleteRefreshToken(OAuth2Request request,
String refreshTokenId) |
void |
StatelessTokenStore.deleteRefreshToken(OAuth2Request request,
String jwtString) |
OAuth2Uris |
OAuth2UrisFactory.get(org.forgerock.services.context.Context context,
Realm realm)
Gets a OAuth2Uris instance.
|
OAuth2Uris |
OAuth2UrisFactory.get(OAuth2Request request)
Gets a OAuth2Uris instance.
|
OAuth2Uris |
OAuth2UrisFactory.get(OAuth2Request oAuth2Request,
Realm realm) |
long |
AgentClientRegistration.getAccessTokenLifeTime(OAuth2ProviderSettings providerSettings) |
long |
OpenAMClientRegistration.getAccessTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the access token life time in milliseconds.
|
long |
AgentClientRegistration.getAuthorizationCodeLifeTime(OAuth2ProviderSettings providerSettings) |
long |
OpenAMClientRegistration.getAuthorizationCodeLifeTime(OAuth2ProviderSettings providerSettings)
Gets the authorization code life time in milliseconds.
|
Map<String,String> |
AgentClientRegistration.getClaimDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
Map<String,String> |
OpenAMClientRegistration.getClaimDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
long |
AgentClientRegistration.getJwtTokenLifeTime(OAuth2ProviderSettings providerSettings) |
long |
OpenAMClientRegistration.getJwtTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the JWT token life time in milliseconds.
|
long |
AgentClientRegistration.getRefreshTokenLifeTime(OAuth2ProviderSettings providerSettings) |
long |
OpenAMClientRegistration.getRefreshTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the refresh token life time in milliseconds.
|
Map<String,String> |
AgentClientRegistration.getScopeDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
Map<String,String> |
OpenAMClientRegistration.getScopeDescriptions(Locale locale)
Gets the display descriptions for the allowed and default scopes combined, in the specified locale.
|
org.forgerock.json.JsonValue |
OpenAMTokenStore.queryForToken(String realm,
org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter) |
org.forgerock.json.JsonValue |
StatelessTokenStore.queryForToken(String realm,
org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter) |
org.forgerock.json.JsonValue |
StatefulTokenStore.queryForToken(String realm,
org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter) |
org.forgerock.json.JsonValue |
OpenAMTokenStore.read(String tokenId) |
org.forgerock.json.JsonValue |
StatelessTokenStore.read(String tokenId) |
org.forgerock.json.JsonValue |
StatefulTokenStore.read(String tokenId) |
AccessToken |
OpenAMTokenStore.readAccessToken(OAuth2Request request,
String tokenId) |
AccessToken |
StatelessTokenStore.readAccessToken(OAuth2Request request,
String jwtString) |
AccessToken |
StatefulTokenStore.readAccessToken(OAuth2Request request,
String tokenId)
Reads an Access Token from the OAuth2 Provider's store with the specified identifier.
|
AuthorizationCode |
OpenAMTokenStore.readAuthorizationCode(OAuth2Request request,
String code) |
AuthorizationCode |
StatelessTokenStore.readAuthorizationCode(OAuth2Request request,
String code) |
AuthorizationCode |
StatefulTokenStore.readAuthorizationCode(OAuth2Request request,
String code)
Creates an Authorization Code and stores it in the OAuth2 Provider's store.
|
DeviceCode |
OpenAMTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
StatelessTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
StatefulTokenStore.readDeviceCode(String userCode,
OAuth2Request request) |
DeviceCode |
OpenAMTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
DeviceCode |
StatelessTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
DeviceCode |
StatefulTokenStore.readDeviceCode(String clientId,
String code,
OAuth2Request request) |
RefreshToken |
OpenAMTokenStore.readRefreshToken(OAuth2Request request,
String tokenId) |
RefreshToken |
StatelessTokenStore.readRefreshToken(OAuth2Request request,
String jwtString) |
RefreshToken |
StatefulTokenStore.readRefreshToken(OAuth2Request request,
String tokenId)
Reads a Refresh Token from the OAuth2 Provider's store with the specified identifier.
|
void |
OpenAMTokenStore.updateAccessToken(OAuth2Request request,
AccessToken accessToken) |
void |
OpenAMTokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode) |
void |
StatelessTokenStore.updateAuthorizationCode(OAuth2Request request,
AuthorizationCode authorizationCode) |
void |
OpenAMTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
void |
StatelessTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
void |
StatefulTokenStore.updateDeviceCode(DeviceCode code,
OAuth2Request request) |
Set<String> |
OpenAMScopeValidator.validateAccessTokenScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token
is requested.
|
Set<String> |
OpenAMScopeValidator.validateAuthorizationScope(ClientRegistration client,
Set<String> scope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization
is requested.
|
Set<String> |
OpenAMScopeValidator.validateRefreshTokenScope(ClientRegistration clientRegistration,
Set<String> requestedScope,
Set<String> tokenScope,
OAuth2Request request)
Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token
is requested.
|
| Modifier and Type | Method and Description |
|---|---|
void |
OpenAMResourceSetStore.create(OAuth2Request request,
ResourceSetDescription resourceSetDescription) |
org.restlet.representation.Representation |
ResourceSetRegistrationEndpoint.createResourceSet(org.restlet.ext.json.JsonRepresentation entity)
Creates or updates a resource set description.
|
void |
OpenAMResourceSetStore.delete(String resourceSetId,
String resourceOwnerId) |
org.restlet.representation.Representation |
ResourceSetRegistrationEndpoint.deleteResourceSet()
Deletes the resource set description for the request resource set id as long as the If-Match header matches
the current version of the resource set.
|
Set<ResourceSetDescription> |
OpenAMResourceSetStore.query(org.forgerock.util.query.QueryFilter<String> query) |
ResourceSetDescription |
OpenAMResourceSetStore.read(String resourceSetId,
ResourceSetFilter filter) |
ResourceSetDescription |
OpenAMResourceSetStore.read(String resourceSetId,
String resourceOwnerId) |
org.restlet.representation.Representation |
ResourceSetRegistrationEndpoint.readOrListResourceSet()
Reads the requested resource set description or queries all the client's (resource server's) resource sets.
|
void |
OpenAMResourceSetStore.update(ResourceSetDescription resourceSetDescription) |
org.restlet.representation.Representation |
ResourceSetRegistrationEndpoint.updateResourceSet(org.restlet.ext.json.JsonRepresentation entity) |
| Modifier and Type | Method and Description |
|---|---|
AccessToken |
Saml2GrantTypeHandler.handle(OAuth2Request request) |
| Modifier and Type | Method and Description |
|---|---|
void |
UmaTokenStore.deletePermissionTicket(String id) |
void |
UmaTokenStore.deleteRPT(String id) |
Set<ResourceSetDescription> |
ResourceSetSharedFilter.filter(Set<ResourceSetDescription> values) |
UmaUris |
UmaUrisFactory.get(org.forgerock.services.context.Context context,
Realm realm)
Gets the instance of the UmaProviderSettings.
|
UmaUris |
UmaUrisFactory.get(OAuth2Request request) |
UmaUris |
UmaUrisFactory.get(OAuth2Request oAuth2Request,
Realm realm)
Gets the instance of the UmaUris.
|
String |
UmaSettings.getAuditLogConfig()
Gets the config file to be used to store Uma audit
|
protected AccessToken |
AuthorizationRequestEndpoint.getAuthorisationApiToken() |
org.restlet.representation.Representation |
UmaWellKnownConfigurationEndpoint.getConfiguration()
Gets the configuration for the configured UMA provider for the realm.
|
URI |
UmaUris.getIssuer()
Gets the identifier of this issuer.
|
long |
UmaSettingsImpl.getPermissionTicketLifetime()
Gets the lifetime an permission ticket will have before it expires.
|
long |
UmaSettings.getPermissionTicketLifetime()
Gets the lifetime an permission ticket will have before it expires.
|
ResharingMode |
UmaSettingsImpl.getResharingMode() |
ResharingMode |
UmaSettings.getResharingMode()
Gets the configured re-sharing mode.
|
long |
UmaSettingsImpl.getRPTLifetime()
Gets the lifetime an RPT will have before it expires.
|
long |
UmaSettings.getRPTLifetime()
Gets the lifetime an RPT will have before it expires.
|
Set<String> |
UmaSettingsImpl.getSupportedAATGrantTypes()
Gets the supported AAT Grant Types.
|
Set<String> |
UmaSettings.getSupportedAATGrantTypes()
Gets the supported AAT Grant Types.
|
Set<String> |
UmaSettingsImpl.getSupportedAATProfiles()
Gets the supported AAT Profiles.
|
Set<String> |
UmaSettings.getSupportedAATProfiles()
Gets the supported AAT Profiles.
|
Set<String> |
UmaSettingsImpl.getSupportedClaimTokenProfiles()
Gets the supported claim token profiles.
|
Set<String> |
UmaSettings.getSupportedClaimTokenProfiles()
Gets the supported claim token profiles.
|
Set<String> |
UmaSettingsImpl.getSupportedPATGrantTypes()
Gets the supported PAT Grant Types.
|
Set<String> |
UmaSettings.getSupportedPATGrantTypes()
Gets the supported PAT Grant Types.
|
Set<String> |
UmaSettingsImpl.getSupportedPATProfiles()
Gets the supported PAT Profiles.
|
Set<String> |
UmaSettings.getSupportedPATProfiles()
Gets the supported PAT Profiles.
|
Set<String> |
UmaSettingsImpl.getSupportedRPTProfiles()
Gets the supported RPT Profiles.
|
Set<String> |
UmaSettings.getSupportedRPTProfiles()
Gets the supported RPT Profiles.
|
Set<URI> |
UmaSettingsImpl.getSupportedUmaProfiles()
Gets the supported UMA profiles.
|
Set<URI> |
UmaSettings.getSupportedUmaProfiles()
Gets the supported UMA profiles.
|
String |
UmaSettingsImpl.getUserProfilePreferredLocaleAttribute() |
String |
UmaSettings.getUserProfilePreferredLocaleAttribute()
Gets the attribute on the user's profile which stores the user's preferred locale.
|
org.forgerock.json.JsonValue |
UmaTokenIntrospectionHandler.introspect(OAuth2Request request,
String clientId,
String tokenType,
String tokenId) |
boolean |
UmaSettingsImpl.isEmailRequestingPartyOnPendingRequestApprovalEnabled() |
boolean |
UmaSettings.isEmailRequestingPartyOnPendingRequestApprovalEnabled()
Gets whether the Requesting Party should be emailed when a Pending Request
is approved by the Resource Owner.
|
boolean |
UmaSettingsImpl.isEmailResourceOwnerOnPendingRequestCreationEnabled() |
boolean |
UmaSettings.isEmailResourceOwnerOnPendingRequestCreationEnabled()
Gets whether the Resource Owner should be emailed when a Pending Request
is created when a Requesting Party requests authorization for a resource.
|
boolean |
UmaSettingsImpl.isTrustElevationRequired() |
boolean |
UmaSettings.isTrustElevationRequired()
Gets whether the AAT is sufficient for determining the requesting party
on the authorization request or trust elevation is required.
|
boolean |
UmaSettingsImpl.onDeleteResourceServerDeletePolicies()
Gets whether a Resource Server's policies should be deleted when the Resource Server OAuth2
agent entry is removed, or the "uma_protection" scope is removed.
|
boolean |
UmaSettings.onDeleteResourceServerDeletePolicies()
Gets whether a Resource Server's policies should be deleted when the Resource Server OAuth2
agent entry is removed, or the "uma_protection" scope is removed.
|
boolean |
UmaSettingsImpl.onDeleteResourceServerDeleteResourceSets()
Gets whether a Resource Server's resource sets should be deleted when the Resource Server
OAuth2 agent entry is removed, or the "uma_protection" scope is removed.
|
boolean |
UmaSettings.onDeleteResourceServerDeleteResourceSets()
Gets whether a Resource Server's resource sets should be deleted when the Resource Server
OAuth2 agent entry is removed, or the "uma_protection" scope is removed.
|
org.restlet.representation.Representation |
PermissionRequestEndpoint.registerPermissionRequest(org.restlet.ext.json.JsonRepresentation entity)
Registers the permission that the client requires for it to be able to access a protected resource.
|
org.restlet.representation.Representation |
AuthorizationRequestEndpoint.requestAuthorization(org.restlet.ext.json.JsonRepresentation entity) |
void |
UmaTokenStore.updatePermissionTicket(PermissionTicket permissionTicket) |
| Modifier and Type | Method and Description |
|---|---|
String |
UmaAuditLogger.getResourceName(String resourceSetId,
org.restlet.Request request) |
| Modifier and Type | Method and Description |
|---|---|
void |
UmaResourceSetRegistrationHook.resourceSetCreated(String realm,
ResourceSetDescription resourceSet)
Creates a ResourceType for the Resource Set and adds it to the Resource Server's policy Application.
|
void |
UmaResourceSetRegistrationHook.resourceSetDeleted(String realm,
ResourceSetDescription resourceSet)
Removes the ResourceType from the Resource Server's policy application, deletes all related policies,
then deletes the ResourceSet.
|
| Modifier and Type | Method and Description |
|---|---|
OpenIdConnectToken |
OpenIdConnectTokenStore.createOpenIDToken(ResourceOwner resourceOwner,
String clientId,
String authorizationParty,
String nonce,
String ops,
OAuth2Request request)
Creates an OpenId Connect token and stores it in the OpenId Connect Provider's store.
|
org.forgerock.json.JsonValue |
OpenIdConnectClientRegistrationService.createRegistration(String accessToken,
String deploymentUrl,
OAuth2Request request)
Creates an OpenId Connect client registration in the OAuth2 provider.
|
void |
OpenIDConnectProvider.destroySession(String opsId)
Destroys a users session.
|
void |
OpenIDConnectEndSession.endSession(OAuth2Request request,
String idToken)
Ends an OpenId Connect session.
|
long |
OpenIdConnectClientRegistration.getAccessTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the access token life time in milliseconds.
|
long |
OpenIdConnectClientRegistration.getAuthorizationCodeLifeTime(OAuth2ProviderSettings providerSettings)
Gets the authorization code life time in milliseconds.
|
long |
OpenIdConnectClientRegistration.getJwtTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the JWT token life time in milliseconds.
|
long |
OpenIdConnectClientRegistration.getRefreshTokenLifeTime(OAuth2ProviderSettings providerSettings)
Gets the refresh token life time in milliseconds.
|
String |
OpenIdConnectToken.getTokenId()
Gets the token's identifier.
|
Map.Entry<String,Token> |
IdTokenResponseTypeHandler.handle(String tokenType,
Set<String> scope,
ResourceOwner resourceOwner,
String clientId,
String redirectUri,
String nonce,
OAuth2Request request,
String codeChallenge,
String codeChallengeMethod)
Handles the creating of a Token instance and storing the Token in the OAuth2 provider
TokenStore. |
Map.Entry<String,String> |
OpenIDTokenIssuer.issueToken(AccessToken accessToken,
OAuth2Request request)
Issues an OpenId Connect token, using the details of the access token.
|
Map<String,Object> |
OpenIdConnectToken.toMap()
Converts the token into a
Map of its key data. |
void |
ClaimsParameterValidator.validateRequest(OAuth2Request request) |
void |
CodeVerifierValidator.validateRequest(OAuth2Request request) |
void |
SubjectTypeValidator.validateRequest(OAuth2Request request) |
Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.