Package org.forgerock.openig.filter.oauth2.client

Class Issuer

  • public final class Issuer
extends Object
    A configuration for an OpenID Connect Issuer. Two approaches to create the Issuer:

    With an OpenId well-known end-point: 

     
 {
   "wellKnownEndpoint"            : uriExpression,   [REQUIRED]
   "issuerHandler"                : handler          [OPTIONAL - by default it uses the 'ClientHandler'
                                                                 provided in heap.]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
    The 'supportedDomains' are the other domain names supported by this issuer, their format can include use of regular-expression patterns. Nota: Declaring these domains in the configuration should be as simple as possible, without any schemes or end slash i.e.: 
    
 GOOD: [ "openam.com", "openam.com:8092", "register.server.com", "allopenamdomains.*" ]
 BAD : [ "http://openam.com", "openam.com:8092/", "http://openam.com/" ]

    For example, use this kind of configuration if the end-points are not known: 

     
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "wellKnownEndpoint": "http://www.example.com:8081/openam/oauth2/.well-known/openid-configuration"
          "supportedDomains" : [ "openam.com", "openam.com:8092", "register.server.com" ]
     }
 }

    Use this configuration if the end-points are known. The well-known end-point is optional as the value will be saved but no request will be performed on this end-point. 

     
 {
   "authorizeEndpoint"            : uriExpression,   [REQUIRED]
   "tokenEndpoint"                : uriExpression,   [REQUIRED]
   "registrationEndpoint"         : uriExpression,   [OPTIONAL - allows dynamic client registration]
   "userInfoEndpoint"             : uriExpression    [OPTIONAL - default is no user info]
   "wellKnownEndpoint"            : uriExpression    [OPTIONAL]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
    For example: 
     
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "authorizeEndpoint": "http://www.example.com:8081/openam/oauth2/authorize",
          "tokenEndpoint": "http://www.example.com:8081/openam/oauth2/access_token",
          "userInfoEndpoint": "http://www.example.com:8081/openam/oauth2/userinfo"
     }
 }

    • Field Detail

    • Constructor Detail

      • Issuer

        public Issuer​(String name,
              org.forgerock.json.JsonValue config)
        Creates an issuer with the specified name and configuration.
        Parameters:
        name - The name of this Issuer. When the issuer is created by discovery, the issuer name is given by the metadata "issuer", not null.
        config - The configuration of this issuer, not null.

    • Method Detail

      • getName

        public String getName()
        Returns the name of this issuer.
        Returns:
        the name of this issuer.

      • getAuthorizeEndpoint

        public URI getAuthorizeEndpoint()
        Returns the authorize end-point of this issuer.
        Returns:
        the authorize end-point of this issuer.

      • getTokenEndpoint

        public URI getTokenEndpoint()
        Returns the token end-point of this issuer.
        Returns:
        the token end-point of this issuer.

      • getRegistrationEndpoint

        public URI getRegistrationEndpoint()
        Returns the registration end-point of this issuer.
        Returns:
        the registration end-point of this issuer.

      • getUserInfoEndpoint

        public URI getUserInfoEndpoint()
        Returns the user end-point of this issuer.
        Returns:
        the user end-point of this issuer.

      • getWellKnownEndpoint

        public URI getWellKnownEndpoint()
        Returns the well-known end-point of this issuer.
        Returns:
        the well-known end-point of this issuer.

      • hasUserInfoEndpoint

        public boolean hasUserInfoEndpoint()
        Returns true if this issuer has a user info end-point.
        Returns:
        true if this issuer has a user info end-point.

      • getSupportedDomains

        public List<Pattern> getSupportedDomains()
        Returns the unmodifiable list of the supported domain names.
        Returns:
        A unmodifiable list of the supported domain names.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • build

        public static org.forgerock.util.promise.Promise<Issuer,​DiscoveryException> build​(org.forgerock.services.context.Context context,
                                                                                        String name,
                                                                                        URI wellKnownUri,
                                                                                        List<String> supportedDomains,
                                                                                        org.forgerock.http.Handler handler)
        Builds a new Issuer based on the given well-known URI.
        Parameters:
        context - The context's chain.
        name - The issuer's identifier. Usually, it's the host name or a given name.
        wellKnownUri - The well-known URI of this issuer.
        supportedDomains - List of the supported domains for this issuer.
        handler - The issuer handler that does the call to the given well-known URI.
        Returns:
        A promise completed with either an OAuth 2.0 issuer on success or a DiscoveryException on failure