public final class ClientRegistration extends Object
{
"clientId" : expression, [REQUIRED]
"clientSecret" : expression, [REQUIRED]
"issuer" : String / Issuer [REQUIRED - the issuer name, or its inlined declaration,
"scopes" : [ expressions ], [OPTIONAL - specific scopes to use for this client
registration. ]
"registrationHandler" : handler [OPTIONAL - by default it uses the 'ClientHandler'
provided in heap.]
"tokenEndpointUseBasicAuth" : boolean [OPTIONAL - default is true, use Basic Authentication.]
}
Example of use:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecret": "password",
"scopes": [
"openid",
"profile"
],
"issuer": "OpenAM"
}
}
or, with inlined Issuer declaration:
{
"name": "MyClientRegistration",
"type": "ClientRegistration",
"config": {
"clientId": "OpenIG",
"clientSecret": "password",
"scopes": [
"openid",
"profile"
],
"tokenEndpointUseBasicAuth": true,
"issuer": {
"name": "myIssuer",
"type": "Issuer",
"config": {
"wellKnownEndpoint": "http://server.com:8090/openam/oauth2/.well-known/openid-configuration"
}
}
}
}
Modifier and Type | Class and Description |
---|---|
static class |
ClientRegistration.Heaplet
Creates and initializes a Client Registration object in a heap environment.
|
Constructor and Description |
---|
ClientRegistration(String name,
JsonValue config,
Issuer issuer,
Handler registrationHandler)
Creates a Client Registration.
|
Modifier and Type | Method and Description |
---|---|
JsonValue |
getAccessToken(Context context,
String code,
String callbackUri)
Exchanges the authorization code for an access token and optional ID
token, and then update the session state.
|
String |
getClientId()
Returns the client ID of this client registration.
|
Issuer |
getIssuer()
Returns the
Issuer for this client registration. |
String |
getName()
Returns the name of this client registration.
|
List<String> |
getScopes()
Returns the list of scopes of this client registration.
|
JsonValue |
getUserInfo(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Returns the json value of the user info obtained from the authorization
server if the response from the authorization server has a status code of
200.
|
JsonValue |
refreshAccessToken(Context context,
org.forgerock.openig.filter.oauth2.client.OAuth2Session session)
Refreshes the actual access token, making a refresh request to the token
end-point.
|
ClientRegistration |
setTokenEndpointUseBasicAuth(boolean useBasicAuth)
Sets the authentication method the token end-point should use.
|
public ClientRegistration(String name, JsonValue config, Issuer issuer, Handler registrationHandler)
name
- The name of this client registration. Can be null
. If
it is null
the name is extracted from the
configuration.config
- The configuration of the client registration.issuer
- The Issuer
of this Client.registrationHandler
- The handler used to send request to the AS.public String getName()
public JsonValue getAccessToken(Context context, String code, String callbackUri) throws OAuth2ErrorException
context
- The current context.code
- The authorization code.callbackUri
- The callback URI.OAuth2ErrorException
- If an error occurs when contacting the authorization server
or if the returned response status code is different than 200
OK.public String getClientId()
public Issuer getIssuer()
Issuer
for this client registration.Issuer
for this client registration.public JsonValue refreshAccessToken(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session) throws ResponseException, OAuth2ErrorException
context
- The current context.session
- The current session.ResponseException
- If an exception occurs that prevents handling of the request
or if the creation of the request for a refresh token fails.OAuth2ErrorException
- If an error occurs when contacting the authorization server
or if the returned response status code is different than 200
OK.public List<String> getScopes()
public JsonValue getUserInfo(Context context, org.forgerock.openig.filter.oauth2.client.OAuth2Session session) throws ResponseException, OAuth2ErrorException
context
- The current context.session
- The current session to use.ResponseException
- If an exception occurs that prevents handling of the request
or if the creation of the request for getting user info
fails.OAuth2ErrorException
- If an error occurs when contacting the authorization server
or if the returned response status code is different than 200
OK. May signify that the access token has expired.public ClientRegistration setTokenEndpointUseBasicAuth(boolean useBasicAuth)
true
for 'client_secret_basic', false
for
'client_secret_post' (not recommended).useBasicAuth
- true
if the token end-point should use Basic
authentication, false
if it should use client secret
POST.Copyright 2011-2015 ForgeRock AS.