Package org.forgerock.openig.filter.oauth2.client

Class ClientRegistration

  • public final class ClientRegistration
extends Object
    A configuration for an OpenID Connect Provider. Options: 
     
 {
   "clientId"                     : expression,       [REQUIRED]
   "clientSecret"                 : expression,       [REQUIRED]
   "issuer"                       : String / Issuer   [REQUIRED - the issuer name, or its inlined declaration,
   "scopes"                       : [ expressions ],  [OPTIONAL - specific scopes to use for this client
                                                                  registration. ]
   "registrationHandler"          : handler           [OPTIONAL - by default it uses the 'ClientHandler'
                                                                  provided in heap.]
   "tokenEndpointUseBasicAuth"    : boolean           [OPTIONAL - default is true, use Basic Authentication.]
 }
    Example of use: 
     
 {
     "name": "MyClientRegistration",
     "type": "ClientRegistration",
     "config": {
         "clientId": "OpenIG",
         "clientSecret": "password",
         "scopes": [
             "openid",
             "profile"
         ],
         "issuer": "OpenAM"
     }
 }
    or, with inlined Issuer declaration: 
     
 {
     "name": "MyClientRegistration",
     "type": "ClientRegistration",
     "config": {
         "clientId": "OpenIG",
         "clientSecret": "password",
         "scopes": [
             "openid",
             "profile"
         ],
           "tokenEndpointUseBasicAuth": true,
         "issuer": {
             "name": "myIssuer",
             "type": "Issuer",
             "config": {
                 "wellKnownEndpoint": "http://server.com:8090/openam/oauth2/.well-known/openid-configuration"
             }
         }
     }
 }
    See Also:
    OpenID Connect Dynamic Client Registration 1.0

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  ClientRegistration.Heaplet
      Creates and initializes a Client Registration object in a heap environment.

    • Constructor Summary

      Constructors 
      Constructor Description
      ClientRegistration​(String name, org.forgerock.json.JsonValue config, Issuer issuer, org.forgerock.http.Handler registrationHandler)
      Creates a Client Registration.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> getAccessToken​(org.forgerock.services.context.Context context, String code, String callbackUri)
      Exchanges the authorization code for an access token and optional ID token, and then update the session state.
      String getClientId()
      Returns the client ID of this client registration.
      Issuer getIssuer()
      Returns the Issuer for this client registration.
      String getName()
      Returns the name of this client registration.
      List<String> getScopes()
      Returns the list of scopes of this client registration.
      org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> getUserInfo​(org.forgerock.services.context.Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
      Returns a Promise completed either with the json value of the user info obtained from the authorization server if the response from the authorization server has a status code of 200, or with an exception, meaning the access token may have expired.
      org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> refreshAccessToken​(org.forgerock.services.context.Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
      Refreshes the actual access token, making a refresh request to the token end-point.
      ClientRegistration setTokenEndpointUseBasicAuth​(boolean useBasicAuth)
      Sets the authentication method the token end-point should use.

    • Constructor Detail

      • ClientRegistration

        public ClientRegistration​(String name,
                          org.forgerock.json.JsonValue config,
                          Issuer issuer,
                          org.forgerock.http.Handler registrationHandler)
        Creates a Client Registration.
        Parameters:
        name - The name of this client registration. Can be null. If it is null the name is extracted from the configuration.
        config - The configuration of the client registration.
        issuer - The Issuer of this Client.
        registrationHandler - The handler used to send request to the AS.

    • Method Detail

      • getName

        public String getName()
        Returns the name of this client registration.
        Returns:
        the name of this client registration.

      • getAccessToken

        public org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> getAccessToken​(org.forgerock.services.context.Context context,
                                                                                                                  String code,
                                                                                                                  String callbackUri)
        Exchanges the authorization code for an access token and optional ID token, and then update the session state.
        Parameters:
        context - The current context.
        code - The authorization code.
        callbackUri - The callback URI.
        Returns:
        A promise completed with either the json content of the response if status return code of the response is 200 OK or with an OAuth2ErrorException in case of errors.

      • getClientId

        public String getClientId()
        Returns the client ID of this client registration.
        Returns:
        the client ID.

      • getIssuer

        public Issuer getIssuer()
        Returns the Issuer for this client registration.
        Returns:
        the Issuer for this client registration.

      • refreshAccessToken

        public org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> refreshAccessToken​(org.forgerock.services.context.Context context,
                                                                                                                      org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
        Refreshes the actual access token, making a refresh request to the token end-point.
        Parameters:
        context - The current context.
        session - The current session.
        Returns:
        A promise completed either with the JSON content of the response if status return code of the response is 200 OK, or with an OAuth2ErrorException if an error occurs when contacting the authorization server or if the returned response status code is different than 200 OK.

      • getScopes

        public List<String> getScopes()
        Returns the list of scopes of this client registration.
        Returns:
        the the list of scopes of this client registration.

      • getUserInfo

        public org.forgerock.util.promise.Promise<org.forgerock.json.JsonValue,​OAuth2ErrorException> getUserInfo​(org.forgerock.services.context.Context context,
                                                                                                               org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
        Returns a Promise completed either with the json value of the user info obtained from the authorization server if the response from the authorization server has a status code of 200, or with an exception, meaning the access token may have expired.
        Parameters:
        context - The current context.
        session - The current session to use.
        Returns:
        A promise completed either with a JsonValue containing the requested user info, or with an OAuth2ErrorException if an error occurs when contacting the authorization server or if the returned response status code is different than 200 OK (That may signify that the access token has expired).

      • setTokenEndpointUseBasicAuth

        public ClientRegistration setTokenEndpointUseBasicAuth​(boolean useBasicAuth)
        Sets the authentication method the token end-point should use. true for 'client_secret_basic', false for 'client_secret_post' (not recommended).
        Parameters:
        useBasicAuth - true if the token end-point should use Basic authentication, false if it should use client secret POST.
        Returns:
        This client registration.
        See Also:
        RFC 6749, Section 2.3.1