org.forgerock.openig.filter.oauth2.client

Class Issuer

java.lang.Object

org.forgerock.openig.filter.oauth2.client.Issuer

public final class Issuer
extends Object

A configuration for an OpenID Connect Issuer. Two approaches to create the Issuer:

With an OpenId well-known end-point:

 
 {
   "wellKnownEndpoint"            : uriExpression,   [REQUIRED]
   "issuerHandler"                : handler          [OPTIONAL - by default it uses the 'ClientHandler'
                                                                 provided in heap.]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
 
 

The 'supportedDomains' are the other domain names supported by this issuer, their format can include use of regular-expression patterns. Nota: Declaring these domains in the configuration should be as simple as possible, without any schemes or end slash i.e.:

 GOOD: [ "openam.com", "openam.com:8092", "register.server.com", "allopenamdomains.*" ]
 BAD : [ "http://openam.com", "openam.com:8092/", "http://openam.com/" ]
 
 

For example, use this kind of configuration if the end-points are not known:

 
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "wellKnownEndpoint": "http://www.example.com:8081/openam/oauth2/.well-known/openid-configuration"
          "supportedDomains" : [ "openam.com", "openam.com:8092", "register.server.com" ]
     }
 }
 
 

Use this configuration if the end-points are known. The well-known end-point is optional as the value will be saved but no request will be performed on this end-point.

 
 {
   "authorizeEndpoint"            : uriExpression,   [REQUIRED]
   "tokenEndpoint"                : uriExpression,   [REQUIRED]
   "registrationEndpoint"         : uriExpression,   [OPTIONAL - allows dynamic client registration]
   "userInfoEndpoint"             : uriExpression    [OPTIONAL - default is no user info]
   "wellKnownEndpoint"            : uriExpression    [OPTIONAL]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
 
 

For example:

 
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "authorizeEndpoint": "http://www.example.com:8081/openam/oauth2/authorize",
          "tokenEndpoint": "http://www.example.com:8081/openam/oauth2/access_token",
          "userInfoEndpoint": "http://www.example.com:8081/openam/oauth2/userinfo"
     }
 }
 
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Issuer.Heaplet Creates and initializes an Issuer object in a heap environment.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ISSUER_KEY The key used to store this issuer in the context.

Constructor Summary

Constructors

Constructor and Description
Issuer(String name, org.forgerock.json.JsonValue config) Creates an issuer with the specified name and configuration.

Method Summary

Modifier and Type	Method and Description
static org.forgerock.util.promise.Promise<Issuer,DiscoveryException>	build(org.forgerock.services.context.Context context, String name, URI wellKnownUri, List<String> supportedDomains, org.forgerock.http.Handler handler) Builds a new Issuer based on the given well-known URI.
boolean	equals(Object obj)
URI	getAuthorizeEndpoint() Returns the authorize end-point of this issuer.
String	getName() Returns the name of this issuer.
URI	getRegistrationEndpoint() Returns the registration end-point of this issuer.
List<Pattern>	getSupportedDomains() Returns the unmodifiable list of the supported domain names.
URI	getTokenEndpoint() Returns the token end-point of this issuer.
URI	getUserInfoEndpoint() Returns the user end-point of this issuer.
URI	getWellKnownEndpoint() Returns the well-known end-point of this issuer.
int	hashCode()
boolean	hasUserInfoEndpoint() Returns true if this issuer has a user info end-point.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Detail

ISSUER_KEY

public static final String ISSUER_KEY

The key used to store this issuer in the context.

See Also:

Constant Field Values

Constructor Detail

Issuer

public Issuer(String name,
              org.forgerock.json.JsonValue config)

Creates an issuer with the specified name and configuration.

Parameters:

name - The name of this Issuer. When the issuer is created by discovery, the issuer name is given by the metadata "issuer", not null.

config - The configuration of this issuer, not null.

Method Detail

getName

public String getName()

Returns the name of this issuer.

Returns:

the name of this issuer.

getAuthorizeEndpoint

public URI getAuthorizeEndpoint()

Returns the authorize end-point of this issuer.

Returns:

the authorize end-point of this issuer.

getTokenEndpoint

public URI getTokenEndpoint()

Returns the token end-point of this issuer.

Returns:

the token end-point of this issuer.

getRegistrationEndpoint

public URI getRegistrationEndpoint()

Returns the registration end-point of this issuer.

Returns:

the registration end-point of this issuer.

getUserInfoEndpoint

public URI getUserInfoEndpoint()

Returns the user end-point of this issuer.

Returns:

the user end-point of this issuer.

getWellKnownEndpoint

public URI getWellKnownEndpoint()

Returns the well-known end-point of this issuer.

Returns:

the well-known end-point of this issuer.

hasUserInfoEndpoint

public boolean hasUserInfoEndpoint()

Returns true if this issuer has a user info end-point.

Returns:

true if this issuer has a user info end-point.

getSupportedDomains

public List<Pattern> getSupportedDomains()

Returns the unmodifiable list of the supported domain names.

Returns:

A unmodifiable list of the supported domain names.

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

build

public static org.forgerock.util.promise.Promise<Issuer,DiscoveryException> build(org.forgerock.services.context.Context context,
                                                                                  String name,
                                                                                  URI wellKnownUri,
                                                                                  List<String> supportedDomains,
                                                                                  org.forgerock.http.Handler handler)

Builds a new Issuer based on the given well-known URI.

Parameters:

context - The context's chain.

name - The issuer's identifier. Usually, it's the host name or a given name.

wellKnownUri - The well-known URI of this issuer.

supportedDomains - List of the supported domains for this issuer.

handler - The issuer handler that does the call to the given well-known URI.

Returns:

A promise completed with either an OAuth 2.0 issuer on success or a DiscoveryException on failure