001/* 002 * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2012 ForgeRock AS. All rights reserved. 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * http://forgerock.org/license/CDDLv1.0.html 013 * See the License for the specific language governing 014 * permission and limitations under the License. 015 * 016 * When distributing Covered Code, include this CDDL 017 * Header Notice in each file and include the License file 018 * at http://forgerock.org/license/CDDLv1.0.html 019 * If applicable, add the following below the CDDL Header, 020 * with the fields enclosed by brackets [] replaced by 021 * your own identifying information: 022 * "Portions Copyrighted [2012] [ForgeRock Inc]" 023 */ 024package org.forgerock.openam.oauth2.provider; 025 026import java.util.Collection; 027 028import org.forgerock.openam.oauth2.exceptions.OAuthProblemException; 029import org.forgerock.openam.oauth2.model.ClientApplication; 030import org.restlet.Request; 031import org.restlet.Response; 032import org.restlet.data.ChallengeScheme; 033 034/** 035 * The authorization server SHOULD require all clients to register their 036 * redirection endpoint prior to utilizing the authorization endpoint 037 * <p/> 038 * The authorization server SHOULD require the client to provide the complete 039 * redirection URI (the client MAY use the "state" request parameter to achieve 040 * per-request customization). If requiring the registration of the complete 041 * redirection URI is not possible, the authorization server SHOULD require the 042 * registration of the URI scheme, authority, and path (allowing the client to 043 * dynamically vary only the query component of the redirection URI when 044 * requesting authorization). 045 * <p/> 046 * The authorization server MAY allow the client to register multiple 047 * redirection endpoints. 048 * 049 * @supported.all.api 050 */ 051public interface ClientVerifier { 052 /** 053 * Authenticates the client 054 * 055 * @param request 056 * the HTTP Request 057 * @param response 058 * the HTTP Response 059 * @return Client if the credentials are correct 060 * @throws OAuthProblemException 061 * when authentication failed or null if authentication fails 062 */ 063 public ClientApplication verify(Request request, Response response) 064 throws OAuthProblemException; 065 066 /** 067 * Get the configured HTTP Authentication scheme for the given 068 * {@code client_id} 069 * <p/> 070 * The authorization server MAY support any suitable HTTP authentication 071 * scheme matching its security requirements. When using other 072 * authentication methods, the authorization server MUST define a mapping 073 * between the client identifier (registration record) and authentication 074 * scheme. 075 * 076 * @param client_id 077 * @return 078 */ 079 public Collection<ChallengeScheme> getRequiredAuthenticationScheme(String client_id); 080 081 082 /** 083 * Find the client given a clientId. 084 * @param clientId the client id to find 085 * @param request the request that wants the client 086 * @return 087 * @throws OAuthProblemException 088 */ 089 public ClientApplication findClient(String clientId, Request request) throws OAuthProblemException; 090 091}