Package org.forgerock.openig.filter.oauth2
This package contains the OAuth2 Token validation filter that acts as an OAuth 2 Resource Server.
- It ensure that there is an existing bearer access token in the request's headers.
- It resolves it against a given Authorization Server (that must provide a token-info
endpoint).
- Produced
AccessTokenInfo
are cached for future re-use. - Produced
AccessTokenInfo
are stored in theAttributesContext
for downstream handlers/filters.
- Produced
- It performs token validation: checking expiration time and required scopes compliance.
-
Interface Summary Interface Description ConfirmationKeyVerifier AConfirmationKeyVerifier
is responsible to verify a confirmation key node. -
Class Summary Class Description CaffeineCacheAccessTokenResolver ACaffeineCacheAccessTokenResolver
is a delegatingAccessTokenResolver
that uses a write-throughCaffeine
to enable fastAccessTokenInfo
resolution.CaffeineCacheAccessTokenResolver.Heaplet Creates and initializes anCaffeineCacheAccessTokenResolver
in the heap environment.CertificateThumbprintConfirmationKeyVerifier Verifies a certificate thumbprint by computing a digest of the client certificate (found inClientContext
) and comparing the result with the base64-url-encoded value provided within the confirmation key node.ConfirmationKeyVerifierAccessTokenResolver AConfirmationKeyVerifierAccessTokenResolver
is responsible of validating confirmation keys bound to the access_token (such as certificate thumbprint).ConfirmationKeyVerifierAccessTokenResolver.Heaplet Creates and initializes a Confirmation Key Verifier access_token resolver in the heap environment.OAuth2ClassAliasResolver Register all the aliases supported by the openig-oauth2 module.OAuth2ResourceServerFilterHeaplet Validates aRequest
that contains an OAuth 2.0 access token.OpenAmAccessTokenResolverHeaplet Creates and initializes anOpenAmAccessTokenResolver
in a heap environment.Result AResult
represents the result of a validation operation: either a success or a failure (with an associated description).ScriptableAccessTokenResolver A Scriptable access token resolver.ScriptableAccessTokenResolver.Heaplet Creates and initializes a scriptable access token resolver in a heap environment.ScriptableResourceAccess A scriptable resource access.ScriptableResourceAccess.Heaplet Creates and initializes a scriptable object in a heap environment.StatelessAccessTokenResolver AStatelessAccessTokenResolver
that locally resolves and validates stateless access_tokens issued by AM.StatelessAccessTokenResolver.Heaplet Creates and initializes a stateless access token resolver in the heap environment.TokenIntrospectionAccessTokenResolverHeaplet Creates and initializes anTokenIntrospectionAccessTokenResolver
in a heap environment.