io.vertx.ext.auth.oauth2.impl

Class OAuth2AuthProviderImpl

java.lang.Object

io.vertx.ext.auth.oauth2.impl.OAuth2AuthProviderImpl

All Implemented Interfaces:

AuthenticationProvider, OAuth2Auth

public class OAuth2AuthProviderImpl
extends Object
implements OAuth2Auth

Author:

Paulo Lopes

Constructor Summary

Constructors

Constructor and Description
OAuth2AuthProviderImpl(Vertx vertx, OAuth2Options config)

Method Summary

Modifier and Type	Method and Description
void	authenticate(Credentials credentials, Handler<AsyncResult<User>> handler) Authenticate a user.
void	authenticate(JsonObject authInfo, Handler<AsyncResult<User>> handler) Authenticate a user.
String	authorizeURL(JsonObject params) The client sends the end-user's browser to this endpoint to request their authentication and consent.
OAuth2Auth	decodeToken(String token, Handler<AsyncResult<AccessToken>> handler) Deprecated.
String	endSessionURL(User user, JsonObject params) The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
OAuth2Options	getConfig()
OAuth2FlowType	getFlowType() Deprecated.
OAuth2Auth	introspectToken(String token, String tokenType, Handler<AsyncResult<AccessToken>> handler) Deprecated.
OAuth2Auth	jWKSet(Handler<AsyncResult<Void>> handler) Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.
OAuth2Auth	missingKeyHandler(Handler<String> handler) Handled to be called when a key (mentioned on a JWT) is missing from the current config.
OAuth2Auth	rbacHandler(OAuth2RBAC rbac) Deprecated.
OAuth2Auth	refresh(User user, Handler<AsyncResult<User>> handler) Refresh the current User (access token).
OAuth2Auth	revoke(User user, String tokenType, Handler<AsyncResult<Void>> handler) Revoke an obtained access or refresh token.
OAuth2Auth	userInfo(User user, Handler<AsyncResult<JsonObject>> handler) Retrieve profile information and other attributes for a logged-in end-user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.vertx.ext.auth.oauth2.OAuth2Auth

create, create, decodeToken, endSessionURL, introspectToken, introspectToken, introspectToken, jWKSet, loadJWK, loadJWK, refresh, revoke, revoke, revoke, userInfo

Methods inherited from interface io.vertx.ext.auth.authentication.AuthenticationProvider

authenticate, authenticate

Constructor Detail

OAuth2AuthProviderImpl

public OAuth2AuthProviderImpl(Vertx vertx,
                              OAuth2Options config)

Method Detail

jWKSet

public OAuth2Auth jWKSet(Handler<AsyncResult<Void>> handler)

Description copied from interface: OAuth2Auth

Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh.

Specified by:

jWKSet in interface OAuth2Auth

Parameters:

handler - the handler success/failure.

Returns:

fluent self.

missingKeyHandler

public OAuth2Auth missingKeyHandler(Handler<String> handler)

Description copied from interface: OAuth2Auth

Handled to be called when a key (mentioned on a JWT) is missing from the current config. Users are advised to call OAuth2Auth.jWKSet(Handler) but being careful to implement some rate limiting function. This method isn't generic for several reasons. The provider is not aware of the capabilities of the backend IdP in terms of max allowed API calls. Some validation could be done at the key id, which only the end user is aware of.

Specified by:

missingKeyHandler in interface OAuth2Auth

Returns:

Future result.

See Also:

OAuth2Auth.missingKeyHandler(Handler)

getConfig

public OAuth2Options getConfig()

authenticate

public void authenticate(JsonObject authInfo,
                         Handler<AsyncResult<User>> handler)

Description copied from interface: AuthenticationProvider

Authenticate a user.

The first argument is a JSON object containing information for authenticating the user. What this actually contains depends on the specific implementation. In the case of a simple username/password based authentication it is likely to contain a JSON object with the following structure:

   {
     "username": "tim",
     "password": "mypassword"
   }
 

For other types of authentication it contain different information - for example a JWT token or OAuth bearer token.

If the user is successfully authenticated a User object is passed to the handler in an AsyncResult. The user object can then be used for authorisation.

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authInfo - The credentials

handler - The result handler

authenticate

public void authenticate(Credentials credentials,
                         Handler<AsyncResult<User>> handler)

Description copied from interface: AuthenticationProvider

Authenticate a user.

The first argument is a Credentials object containing information for authenticating the user. What this actually contains depends on the specific implementation. If the user is successfully authenticated a User object is passed to the handler in an AsyncResult. The user object can then be used for authorisation.

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

credentials - The credentials

handler - The result handler

authorizeURL

public String authorizeURL(JsonObject params)

Description copied from interface: OAuth2Auth

The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.

Specified by:

authorizeURL in interface OAuth2Auth

Parameters:

params - extra params to be included in the final URL.

Returns:

the url to be used to authorize the user.

refresh

public OAuth2Auth refresh(User user,
                          Handler<AsyncResult<User>> handler)

Description copied from interface: OAuth2Auth

Refresh the current User (access token).

Specified by:

refresh in interface OAuth2Auth

Parameters:

user - the user (access token) to be refreshed.

handler - the handler success/failure.

Returns:

fluent self.

revoke

public OAuth2Auth revoke(User user,
                         String tokenType,
                         Handler<AsyncResult<Void>> handler)

Description copied from interface: OAuth2Auth

Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.

Specified by:

revoke in interface OAuth2Auth

Parameters:

user - the user (access token) to revoke.

tokenType - the token type (either access_token or refresh_token).

handler - the handler success/failure.

Returns:

fluent self.

userInfo

public OAuth2Auth userInfo(User user,
                           Handler<AsyncResult<JsonObject>> handler)

Description copied from interface: OAuth2Auth

Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Specified by:

userInfo in interface OAuth2Auth

Parameters:

user - the user (access token) to fetch the user info.

handler - the handler success/failure.

Returns:

fluent self.

endSessionURL

public String endSessionURL(User user,
                            JsonObject params)

Description copied from interface: OAuth2Auth

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.

Specified by:

endSessionURL in interface OAuth2Auth

Parameters:

user - the user to generate the url for

params - extra parameters to apply to the url

Returns:

the url to end the session.

decodeToken

@Deprecated
public OAuth2Auth decodeToken(String token,
                                          Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Description copied from interface: OAuth2Auth

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Specified by:

decodeToken in interface OAuth2Auth

Parameters:

token - the access token (base64 string)

handler - A handler to receive the event

Returns:

self

introspectToken

@Deprecated
public OAuth2Auth introspectToken(String token,
                                              String tokenType,
                                              Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Description copied from interface: OAuth2Auth

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Specified by:

introspectToken in interface OAuth2Auth

Parameters:

token - the access token (base64 string)

tokenType - hint to the token type e.g.: `access_token`

handler - A handler to receive the event

Returns:

self

getFlowType

@Deprecated
public OAuth2FlowType getFlowType()

Deprecated.

Description copied from interface: OAuth2Auth

Returns the configured flow type for the Oauth2 provider.

Specified by:

getFlowType in interface OAuth2Auth

Returns:

the flow type.

rbacHandler

@Deprecated
public OAuth2Auth rbacHandler(OAuth2RBAC rbac)

Deprecated.

Specified by:

rbacHandler in interface OAuth2Auth