io.vertx.ext.auth.oauth2.impl

Class OAuth2AuthProviderImpl

java.lang.Object

io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl

All Implemented Interfaces:

AuthProvider, AuthProviderInternal, OAuth2Auth

public class OAuth2AuthProviderImpl
extends Object
implements OAuth2Auth, AuthProviderInternal

Author:

Paulo Lopes

Constructor Summary

Constructors

Constructor and Description
OAuth2AuthProviderImpl(Vertx vertx, OAuth2ClientOptions config)

Method Summary

Modifier and Type	Method and Description
void	authenticate(JsonObject authInfo, Handler<AsyncResult<User>> resultHandler) Authenticate a user.
String	authorizeURL(JsonObject params) Generate a redirect URL to the authN/Z backend.
OAuth2Auth	decodeToken(String token, Handler<AsyncResult<AccessToken>> handler) Deprecated.
OAuth2ClientOptions	getConfig()
OAuth2Flow	getFlow()
OAuth2FlowType	getFlowType() Returns the configured flow type for the Oauth2 provider.
JWT	getJWT()
String	getScopeSeparator() Deprecated.
void	getToken(JsonObject credentials, Handler<AsyncResult<AccessToken>> handler) Deprecated.
Vertx	getVertx()
void	internalLoadJWK(Handler<AsyncResult<JsonObject>> handler)
OAuth2Auth	introspectToken(String token, String tokenType, Handler<AsyncResult<AccessToken>> handler) Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.
OAuth2Auth	loadJWK(Handler<AsyncResult<Void>> handler) Loads a JWK Set from the remote provider.
OAuth2Auth	missingKeyHandler(Handler<String> handler) Handled to be called when a key (mentioned on a JWT) is missing from the current config.
OAuth2Auth	rbacHandler(OAuth2RBAC rbac)
void	verifyIsUsingPassword() This is a verification step, it can abort by throwing a RuntimeException.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.vertx.ext.auth.oauth2.OAuth2Auth

create, create, create, create, createKeycloak, introspectToken

Constructor Detail

OAuth2AuthProviderImpl

public OAuth2AuthProviderImpl(Vertx vertx,
                              OAuth2ClientOptions config)

Method Detail

missingKeyHandler

public OAuth2Auth missingKeyHandler(Handler<String> handler)

Description copied from interface: OAuth2Auth

Handled to be called when a key (mentioned on a JWT) is missing from the current config. Users are advised to call OAuth2Auth.loadJWK(Handler) but being careful to implement some rate limiting function. This method isn't generic for several reasons. The provider is not aware of the capabilities of the backend IdP in terms of max allowed API calls. Some validation could be done at the key id, which only the end user is aware of.

Specified by:

missingKeyHandler in interface OAuth2Auth

Returns:

Future result.

See Also:

OAuth2Auth.missingKeyHandler(Handler)

verifyIsUsingPassword

public void verifyIsUsingPassword()

Description copied from interface: AuthProviderInternal

This is a verification step, it can abort by throwing a RuntimeException.

Specified by:

verifyIsUsingPassword in interface AuthProviderInternal

loadJWK

public OAuth2Auth loadJWK(Handler<AsyncResult<Void>> handler)

Description copied from interface: OAuth2Auth

Loads a JWK Set from the remote provider. When calling this method several times, the loaded JWKs are updated in the underlying JWT object.

Specified by:

loadJWK in interface OAuth2Auth

internalLoadJWK

public void internalLoadJWK(Handler<AsyncResult<JsonObject>> handler)

rbacHandler

public OAuth2Auth rbacHandler(OAuth2RBAC rbac)

Specified by:

rbacHandler in interface OAuth2Auth

getConfig

public OAuth2ClientOptions getConfig()

getVertx

public Vertx getVertx()

getJWT

public JWT getJWT()

authenticate

public void authenticate(JsonObject authInfo,
                         Handler<AsyncResult<User>> resultHandler)

Description copied from interface: AuthProvider

Authenticate a user.

The first argument is a JSON object containing information for authenticating the user. What this actually contains depends on the specific implementation. In the case of a simple username/password based authentication it is likely to contain a JSON object with the following structure:

   {
     "username": "tim",
     "password": "mypassword"
   }
 

For other types of authentication it contain different information - for example a JWT token or OAuth bearer token.

If the user is successfully authenticated a User object is passed to the handler in an AsyncResult. The user object can then be used for authorisation.

Specified by:

authenticate in interface AuthProvider

Parameters:

authInfo - The auth information

resultHandler - The result handler

authorizeURL

public String authorizeURL(JsonObject params)

Description copied from interface: OAuth2Auth

Generate a redirect URL to the authN/Z backend. It only applies to auth_code flow.

Specified by:

authorizeURL in interface OAuth2Auth

getToken

@Deprecated
public void getToken(JsonObject credentials,
                                 Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Description copied from interface: OAuth2Auth

Returns the Access Token object.

Specified by:

getToken in interface OAuth2Auth

Parameters:

credentials - - JSON with the options, each flow requires different options.

handler - - The handler returning the results.

decodeToken

@Deprecated
public OAuth2Auth decodeToken(String token,
                                          Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Description copied from interface: OAuth2Auth

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Specified by:

decodeToken in interface OAuth2Auth

Parameters:

token - the access token (base64 string)

handler - A handler to receive the event

Returns:

self

introspectToken

public OAuth2Auth introspectToken(String token,
                                  String tokenType,
                                  Handler<AsyncResult<AccessToken>> handler)

Description copied from interface: OAuth2Auth

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Specified by:

introspectToken in interface OAuth2Auth

Parameters:

token - the access token (base64 string)

tokenType - hint to the token type e.g.: `access_token`

handler - A handler to receive the event

Returns:

self

getScopeSeparator

@Deprecated
public String getScopeSeparator()

Deprecated.

Description copied from interface: OAuth2Auth

Returns the scope separator. The RFC 6749 states that a scope is expressed as a set of case-sensitive and space-delimited strings, however vendors tend not to agree on this and we see the following cases being used: space, plus sign, comma.

Specified by:

getScopeSeparator in interface OAuth2Auth

Returns:

what value was used in the configuration of the object, falling back to the default value which is a space.

getFlowType

public OAuth2FlowType getFlowType()

Description copied from interface: OAuth2Auth

Returns the configured flow type for the Oauth2 provider.

Specified by:

getFlowType in interface OAuth2Auth

Returns:

the flow type.

getFlow

public OAuth2Flow getFlow()