org.forgerock.openam.authentication.modules.oauth2

Class OAuth

java.lang.Object

com.sun.identity.authentication.spi.AMLoginModule

org.forgerock.openam.authentication.modules.oauth2.OAuth

All Implemented Interfaces:

LoginModule

public class OAuth
extends AMLoginModule

Field Summary

Fields

Modifier and Type	Field and Description
static org.slf4j.Logger	logger
static String	OPENID_TOKEN
static String	PROFILE_SERVICE_RESPONSE
static String	REFRESH_TOKEN_ATTRIBUTE_CUSTOM_PROPERTY

Fields inherited from class com.sun.identity.authentication.spi.AMLoginModule

amCache, auditor, currentState

Constructor Summary

Constructors

Constructor and Description
OAuth()

Method Summary

Modifier and Type	Method and Description
void	destroyModuleState() This method should be overridden by each login module to destroy dispensable state fields.
String	extractToken(String tokenName, String response)
String	getMail(String svcResponse, String mailAttribute)
Principal	getPrincipal() Abstract method must be implemeted by each login module to get the user Principal
void	init(Subject subject, Map sharedState, Map config) Initialize this LoginModule.
void	nullifyUsedVars() This method should be overridden by each login module to do some garbage collection work after the module process is done.
int	process(Callback[] callbacks, int state) Abstract method must be implemented by each login module to control the flow of the login process.
int	process2(Callback[] callbacks, int state)
String	provisionAccountNow(AccountProvider accountProvider, String realm, String profileSvcResponse, String userPassword, org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
void	saveAttributes(Map<String,Set<String>> attributes)
protected void	updateAccount(AccountProvider accountProvider, String realm, Map<String,Set<String>> userNames, String profileSvcResponse, String userPassword, org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
void	validateInput(String tag, String inputField, String rule, int maxLength, boolean allowNull)

Methods inherited from class com.sun.identity.authentication.spi.AMLoginModule

abort, clearInfoText, commit, createIdentity, forceCallbacksInit, getAMIdentityRepository, getAttribute, getAuditEntryDetail, getAuthenticatedPrincipals, getAuthLevel, getCallback, getCallback, getCallbackHandler, getCurrentState, getFailCount, getHttpServletRequest, getHttpServletResponse, getInfoText, getLocale, getLoginLocale, getLoginState, getMaximumFailCount, getNewUserIDs, getNumberOfStates, getOrgProfile, getOrgServiceTemplate, getPwdKey, getRequestOrg, getServiceConfig, getSessionId, getSSOSession, getUserAliasList, getUserKey, getUserProfile, getUserSessionProperty, getUserSessions, incrementFailCount, initialize, isAccountLocked, isDynamicProfileCreationEnabled, isRequired, isSessionQuotaReached, isSharedStateEnabled, isSuperAdmin, isUseFirstPassEnabled, isValidUserEntry, login, logout, replaceCallback, replaceHeader, resetCallback, resetCurrentState, setAuthLevel, setFailureID, setForceCallbacksRead, setLoginFailureURL, setLoginSuccessURL, setModuleErrorTemplate, setOrg, setSharedStateEnabled, setUserAttributes, setUserSessionProperty, storeUsername, storeUsernamePasswd, substituteHeader, substituteInfoText, validatePassword, validateUserName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROFILE_SERVICE_RESPONSE

public static final String PROFILE_SERVICE_RESPONSE

See Also:

Constant Field Values

OPENID_TOKEN

public static final String OPENID_TOKEN

See Also:

Constant Field Values

REFRESH_TOKEN_ATTRIBUTE_CUSTOM_PROPERTY

public static final String REFRESH_TOKEN_ATTRIBUTE_CUSTOM_PROPERTY

See Also:

Constant Field Values

logger

public static org.slf4j.Logger logger

Constructor Detail

OAuth

public OAuth()

Method Detail

init

public void init(Subject subject,
                 Map sharedState,
                 Map config)

Description copied from class: AMLoginModule

Initialize this LoginModule.

This is an abstract method, must be implemented by user's Login Module to initialize this LoginModule with the relevant information. If this LoginModule does not understand any of the data stored in sharedState or options parameters, they can be ignored.

Specified by:

init in class AMLoginModule

Parameters:

subject - - the Subject to be authenticated.

sharedState - - state shared with other configured LoginModules.

config - - options specified in the login Configuration for this particular LoginModule. It contains all the global and organization attribute configuration for this module. The key of the map is the attribute name (e.g. iplanet-am-auth-ldap-server) as String, the value is the value of the corresponding attribute as Set.

process

public int process(Callback[] callbacks,
                   int state)
            throws LoginException

Description copied from class: AMLoginModule

Abstract method must be implemented by each login module to control the flow of the login process.

This method takes an array of sbumitted Callback, process them and decide the order of next state to go. Return -1 if the login is successful, return 0 if the LoginModule should be ignored.

Specified by:

process in class AMLoginModule

Parameters:

callbacks - Callback[] for this Login state

state - Order of state. State order starts with 1.

Returns:

order of next state. return -1 if authentication is successful, return 0 if the LoginModule should be ignored.

Throws:

LoginException - if login fails.

process2

public int process2(Callback[] callbacks,
                    int state)
             throws LoginException

Throws:

LoginException

saveAttributes

public void saveAttributes(Map<String,Set<String>> attributes)
                    throws AuthLoginException

Throws:

AuthLoginException

provisionAccountNow

public String provisionAccountNow(AccountProvider accountProvider,
                                  String realm,
                                  String profileSvcResponse,
                                  String userPassword,
                                  org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
                           throws AuthLoginException

Throws:

AuthLoginException

updateAccount

protected void updateAccount(AccountProvider accountProvider,
                             String realm,
                             Map<String,Set<String>> userNames,
                             String profileSvcResponse,
                             String userPassword,
                             org.forgerock.json.jose.jwt.JwtClaimsSet jwtClaims)
                      throws AuthLoginException

Throws:

AuthLoginException

extractToken

public String extractToken(String tokenName,
                           String response)

getMail

public String getMail(String svcResponse,
                      String mailAttribute)

validateInput

public void validateInput(String tag,
                          String inputField,
                          String rule,
                          int maxLength,
                          boolean allowNull)
                   throws AuthLoginException

Throws:

AuthLoginException

getPrincipal

public Principal getPrincipal()

Description copied from class: AMLoginModule

Abstract method must be implemeted by each login module to get the user Principal

Specified by:

getPrincipal in class AMLoginModule

Returns:

Principal

destroyModuleState

public void destroyModuleState()

Description copied from class: AMLoginModule

This method should be overridden by each login module to destroy dispensable state fields.

Overrides:

destroyModuleState in class AMLoginModule

nullifyUsedVars

public void nullifyUsedVars()

Description copied from class: AMLoginModule

This method should be overridden by each login module to do some garbage collection work after the module process is done. Typically those class wide global variables that will not be used again until a logout call should be nullified.

Overrides:

nullifyUsedVars in class AMLoginModule