Package org.forgerock.openig.filter.oauth2.client

Class DiscoveryFilter

java.lang.Object

org.forgerock.openig.filter.oauth2.client.DiscoveryFilter

All Implemented Interfaces:

org.forgerock.http.Filter

public class DiscoveryFilter
extends Object
implements org.forgerock.http.Filter

In order for an OpenID Connect Relying Party to utilize OpenID Connect services for an End-User, the RP needs to know where the OpenID Provider is. OpenID Connect uses WebFinger [RFC7033] to locate the OpenID Provider for an End-User.

This class performs OpenID Provider Issuer discovery : determine the location of the OpenID Provider based on a given End-User input which can be an e-mail address or a URL Syntax or even a HostName and Port Syntax.

The user input is given from the query parameters '?discovery=<userInput>'.
Discovery is in two part. The first extracts the host name and a normalized user input from the given input.
Then, IG verifies if an existing Issuer already exists in the heap corresponding to the extracted host name. If it exists, reuse it. If not, IG verifies this host name is not part of an Issuer "supportedDomain". If the host name belongs to an Issuer supported Domain, this Issuer is used. Otherwise, discovery process continues...
In the second part, the WebFinger uses the extracted host name, to get the corresponding OpenID Issuer location which match the selected type of service ("http://openid.net/specs/connect/1.0/issuer") if it exists.
Based on the returned OpenID Issuer's location, the OpenID well-known end-point is extracted and the filter builds a Issuer which is placed in the context and in the heap to be reused if needed.

See Also:

OpenID Connect Dynamic Client Registration 1.0, WebFinger

Method Summary

Modifier and Type	Method	Description
org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException>	filter(org.forgerock.services.context.Context context, org.forgerock.http.protocol.Request request, org.forgerock.http.Handler next)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

filter

public org.forgerock.util.promise.Promise<org.forgerock.http.protocol.Response,org.forgerock.util.promise.NeverThrowsException> filter(org.forgerock.services.context.Context context,
                                                                                                                                             org.forgerock.http.protocol.Request request,
                                                                                                                                             org.forgerock.http.Handler next)

Specified by:

filter in interface org.forgerock.http.Filter