public final class ClientRegistration extends Object
{
"clientId" : expression [REQUIRED]
"clientSecret" : expression [REQUIRED - if private_key_jwt authentication
method is NOT selected. ]
"issuer" : String / Issuer [REQUIRED - the issuer name, or its inlined declaration,
"scopes" : [ expressions ] [OPTIONAL - specific scopes to use for this client
registration. ]
"registrationHandler" : handler [OPTIONAL - by default it uses the 'ClientHandler'
provided in heap. ]
"tokenEndpointAuthMethod" : enum [OPTIONAL - default is Basic Authentication
"client_secret_basic". ]
"tokenEndpointAuthSigningAlg" : string [OPTIONAL - default to RS256 if private_key_jwt authentication
method is selected. ]
"keyStore" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"privateKeyJwtAlias" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"privateKeyJwtPassword" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"claims" : { [OPTIONAL - contains the claims used in private_key_jwt
authentication. ]
"aud" : String OR [Strings][OPTIONAL - default to the URL of the Authorization Server's
Token endpoint.]
}
"jwtExpirationTimeout " : duration [OPTIONAL - default to 1 minute if private_key_jwt
authentication method is selected. ]
}
Example of use:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecret": "password",
"scopes": [
"openid",
"profile"
],
"issuer": "OpenAM"
}
}
or, with inlined Issuer declaration:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecret": "password",
"scopes": [
"openid",
"profile"
],
"tokenEndpointAuthMethod": "client_secret_post",
"issuer": {
"name": "myIssuer",
"type": "Issuer",
"config": {
"wellKnownEndpoint": "http://server.com:8090/openam/oauth2/.well-known/openid-configuration"
}
}
}
}
Modifier and Type | Class and Description |
---|---|
static class |
ClientRegistration.Heaplet
Creates and initializes a Client Registration object in a heap environment.
|
Constructor and Description |
---|
ClientRegistration(String name,
JsonValue config,
Issuer issuer,
Handler registrationHandler,
IdGenerator idGenerator,
TimeService timeService,
KeyStore keyStore)
Creates a Client Registration.
|
Modifier and Type | Method and Description |
---|---|
Promise<JsonValue,OAuth2ErrorException> |
getAccessToken(Context context,
String code,
String callbackUri)
Exchanges the authorization code for an access token and optional ID
token, and then update the session state.
|
String |
getClientId()
Returns the client ID of this client registration.
|
Issuer |
getIssuer()
Returns the
Issuer for this client registration. |
long |
getJwtExpirationTimeout()
Returns the expiration time on or after which the ID Token MUST NOT be accepted for processing.
|
String |
getName()
Returns the name of this client registration.
|
List<String> |
getScopes()
Returns the list of scopes of this client registration.
|
JwsAlgorithm |
getSigningAlgorithm()
Returns the JWS [JWS] signingAlgorithm algorithm [JWA] that MUST be used for signing the JWT [JWT]
used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt
authentication methods.
|
Promise<JsonValue,OAuth2ErrorException> |
getUserInfo(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Returns a Promise completed either with the json value of the user info obtained from the authorization
server if the response from the authorization server has a status code of 200, or with an exception, meaning the
access token may have expired.
|
Promise<JsonValue,OAuth2ErrorException> |
refreshAccessToken(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Refreshes the actual access token, making a refresh request to the token
end-point.
|
public ClientRegistration(String name, JsonValue config, Issuer issuer, Handler registrationHandler, IdGenerator idGenerator, TimeService timeService, KeyStore keyStore)
name
- The name of this client registration. Can be null
. If
it is null
the name is extracted from the
configuration.config
- The configuration of the client registration.issuer
- The Issuer
of this Client.registrationHandler
- The handler used to send request to the AS.idGenerator
- The IdGenerator
to use to generate global unique identifiers
for private_key_jwt authentication.timeService
- TimeService to use when using private_key_jwt authentication method.keyStore
- The keystore to use when using private_key_jwt authentication..public String getName()
public Promise<JsonValue,OAuth2ErrorException> getAccessToken(Context context, String code, String callbackUri)
context
- The current context.code
- The authorization code.callbackUri
- The callback URI.public String getClientId()
public Issuer getIssuer()
Issuer
for this client registration.Issuer
for this client registration.public Promise<JsonValue,OAuth2ErrorException> refreshAccessToken(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
context
- The current context.session
- The current session.public List<String> getScopes()
public JwsAlgorithm getSigningAlgorithm()
public long getJwtExpirationTimeout()
public Promise<JsonValue,OAuth2ErrorException> getUserInfo(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
context
- The current context.session
- The current session to use.Copyright 2011-2017 ForgeRock AS.