org.forgerock.openidconnect.restlet

Class IdTokenInfo

java.lang.Object

org.restlet.resource.Resource

org.restlet.resource.ServerResource

org.forgerock.openidconnect.restlet.IdTokenInfo

public class IdTokenInfo
extends org.restlet.resource.ServerResource

OpenID Connect id_token validation and claim decoding endpoint. This is a non-standard endpoint that allows a client to pass in an id_token and have it validated and the claims returned in a single call. The id_token is validated by looking up the client id (audience) and realm information to resolve the client registration details, and then obtaining the public/symmetric key information from there (via JWK_URI or other mechanism). The signature is verified and then claims are checked as per the OIDC specification. No attempt is made to check if the token has been revoked.

This endpoint is primarily intended to serve as a minimal "Stateless OpenID Connect" in conjunction with a custom claims script that bakes all required profile information into the id token at creation time. For most cases, the standard userinfo endpoint should be preferred.

Constructor Summary

Constructors

Constructor and Description
IdTokenInfo(OpenIdConnectClientRegistrationStore clientRegistrationStore, OAuth2RequestFactory requestFactory, ExceptionHandler exceptionHandler, ClientAuthenticator clientAuthenticator, OAuth2UrisFactory urisFactory, OAuth2ProviderSettingsFactory providerSettingsFactory) Constructs the idtokeninfo endpoint with the given client registration store

Method Summary

Modifier and Type	Method and Description
protected void	doCatch(Throwable throwable) Handles any exception that is thrown when processing a OAuth2 authorization request.
org.restlet.representation.Representation	validateIdToken(org.restlet.representation.Representation body) Validates the OpenID Connect id_token passed in the body of the request and returns the claims specified in the claims query parameter.

Methods inherited from class org.restlet.resource.ServerResource

abort, commit, delete, delete, describeVariants, doConditionalHandle, doError, doHandle, doHandle, doHandle, doNegotiatedHandle, get, get, getAnnotation, getAnnotation, getAnnotations, getAttribute, getDescription, getInfo, getInfo, getName, getOnSent, getPreferredVariant, getRole, getVariants, getVariants, handle, hasAnnotations, head, head, isAnnotated, isAutoCommitting, isCommitted, isConditional, isExisting, isInRole, isNegotiated, options, options, patch, patch, post, post, put, put, redirectPermanent, redirectPermanent, redirectSeeOther, redirectSeeOther, redirectTemporary, redirectTemporary, setAllowedMethods, setAnnotated, setAttribute, setAutoCommitting, setChallengeRequests, setCommitted, setConditional, setCookieSettings, setDescription, setDimensions, setExisting, setLocationRef, setLocationRef, setName, setNegotiated, setOnSent, setProxyChallengeRequests, setServerInfo, setStatus, setStatus, setStatus, setStatus, updateAllowedMethods, updateDimensions

Methods inherited from class org.restlet.resource.Resource

doError, doInit, doRelease, getAllowedMethods, getApplication, getChallengeRequests, getChallengeResponse, getClientInfo, getConditions, getConnegService, getContext, getConverterService, getCookies, getCookieSettings, getDimensions, getHostRef, getLocationRef, getLogger, getMatrix, getMatrixValue, getMaxForwards, getMetadataService, getMethod, getOriginalRef, getProtocol, getProxyChallengeRequests, getProxyChallengeResponse, getQuery, getQueryValue, getRanges, getReference, getReferrerRef, getRequest, getRequestAttributes, getRequestCacheDirectives, getRequestEntity, getResponse, getResponseAttributes, getResponseCacheDirectives, getResponseEntity, getRootRef, getServerInfo, getStatus, getStatusService, init, isConfidential, isLoggable, release, setApplication, setQueryValue, setRequest, setResponse, toBoolean, toByte, toDouble, toFloat, toInteger, toLong, toObject, toRepresentation, toRepresentation, toRepresentation, toShort, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

IdTokenInfo

@Inject
public IdTokenInfo(OpenIdConnectClientRegistrationStore clientRegistrationStore,
                           OAuth2RequestFactory requestFactory,
                           ExceptionHandler exceptionHandler,
                           ClientAuthenticator clientAuthenticator,
                           OAuth2UrisFactory urisFactory,
                           OAuth2ProviderSettingsFactory providerSettingsFactory)

Constructs the idtokeninfo endpoint with the given client registration store

Parameters:

clientRegistrationStore - the client registration store for this realm.

requestFactory - the OAuth2 request factory.

exceptionHandler - the exception handler for uncaught exceptions.

Method Detail

validateIdToken

@Post
public org.restlet.representation.Representation validateIdToken(org.restlet.representation.Representation body)
                                                                throws OAuth2RestletException

Validates the OpenID Connect id_token passed in the body of the request and returns the claims specified in the claims query parameter.

Parameters:

body - the body of the request.

Returns:

a JSON representation of the claims from the id_token.

Throws:

OAuth2RestletException - if an error occurs.

doCatch

protected void doCatch(Throwable throwable)

Handles any exception that is thrown when processing a OAuth2 authorization request.

Overrides:

doCatch in class org.restlet.resource.ServerResource

Parameters:

throwable - The throwable.