public final class ClientRegistration extends Object
{
"clientId" : expression [REQUIRED]
"clientSecretId" : expression [REQUIRED - if private_key_jwt authentication
method is NOT selected. ]
"issuer" : String / Issuer [REQUIRED - the issuer name, or its inlined declaration,
"scopes" : [ expressions ] [OPTIONAL - specific scopes to use for this client
registration. ]
"registrationHandler" : handler [OPTIONAL - by default it uses the 'ClientHandler'
provided in heap. ]
"tokenEndpointAuthMethod" : enum [OPTIONAL - default is Basic Authentication
"client_secret_basic". ]
"tokenEndpointAuthSigningAlg" : string [OPTIONAL - default to RS256 if private_key_jwt authentication
method is selected. ]
"keystore" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"privateKeyJwtAlias" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"privateKeyJwtPassword" : expression [OPTIONAL - but REQUIRED if private_key_jwt authentication
method is selected. ]
"claims" : { [OPTIONAL - contains the claims used in private_key_jwt
authentication. ]
"aud" : String OR [Strings][OPTIONAL - default to the URL of the Authorization Server's
Token endpoint.]
}
"jwtExpirationTimeout " : duration [OPTIONAL - default to 1 minute if private_key_jwt
authentication method is selected. ]
}
Example of use:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecretId": "client.password.secret.id",
"scopes": [
"openid",
"profile"
],
"issuer": "OpenAM"
}
}
or, with inlined Issuer declaration:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecretId": "client.password.secret.id",
"scopes": [
"openid",
"profile"
],
"tokenEndpointAuthMethod": "client_secret_post",
"issuer": {
"name": "myIssuer",
"type": "Issuer",
"config": {
"wellKnownEndpoint": "http://server.com:8090/openam/oauth2/.well-known/openid-configuration"
}
}
}
}
Purpose
required to read
a GenericSecret
required to authenticate the client when
SecretBasicClientAuthentication
or SecretPostClientAuthentication
are used.SecretBasicClientAuthentication
or
SecretPostClientAuthentication
are used.
NOTE: If both clientSecret and clientSecretId are provided,
the 'clientSecretId' has precedence.Modifier and Type | Class and Description |
---|---|
static class |
ClientRegistration.Heaplet
Creates and initializes a Client Registration object in a heap environment.
|
Constructor and Description |
---|
ClientRegistration(String clientId,
String name,
List<String> scopes,
Issuer issuer,
Handler registrationHandler,
org.forgerock.openig.filter.oauth2.client.ClientAuthentication clientAuthentication)
Creates a Client Registration.
|
Modifier and Type | Method and Description |
---|---|
Promise<JsonValue,OAuth2ErrorException> |
getAccessToken(Context context,
String code,
String callbackUri)
Exchanges the authorization code for an access token and optional ID
token, and then update the session state.
|
String |
getClientId()
Returns the client ID of this client registration.
|
Issuer |
getIssuer()
Returns the
Issuer for this client registration. |
String |
getName()
Returns the name of this client registration.
|
List<String> |
getScopes()
Returns the list of scopes of this client registration.
|
Promise<JsonValue,OAuth2ErrorException> |
getUserInfo(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Returns a Promise completed either with the json value of the user info obtained from the authorization
server if the response from the authorization server has a status code of 200, or with an exception, meaning the
access token may have expired.
|
Promise<JsonValue,OAuth2ErrorException> |
refreshAccessToken(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Refreshes the actual access token, making a refresh request to the token
end-point.
|
public ClientRegistration(String clientId, String name, List<String> scopes, Issuer issuer, Handler registrationHandler, org.forgerock.openig.filter.oauth2.client.ClientAuthentication clientAuthentication)
clientId
- The ID of this client registration.name
- The name of this client registration. Can be null
. If
it is null
, the clientId is used.scopes
- The list of scopes for this client registration, not null
.issuer
- The Issuer
of this Client, not null
.registrationHandler
- The handler used to send request to the AS.clientAuthentication
- The ClientAuthentication
to use, not null
.public String getName()
public Promise<JsonValue,OAuth2ErrorException> getAccessToken(Context context, String code, String callbackUri)
context
- The current context.code
- The authorization code.callbackUri
- The callback URI.public String getClientId()
public Issuer getIssuer()
Issuer
for this client registration.Issuer
for this client registration.public Promise<JsonValue,OAuth2ErrorException> refreshAccessToken(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
context
- The current context.session
- The current session.public List<String> getScopes()
public Promise<JsonValue,OAuth2ErrorException> getUserInfo(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
context
- The current context.session
- The current session to use.Copyright 2011-2017 ForgeRock AS.