Wt  4.10.4
Classes | Public Member Functions | Protected Member Functions | List of all members
Wt::Auth::OAuthProcess Class Reference

An OAuth authorization (and authentication) process. More...

Inheritance diagram for Wt::Auth::OAuthProcess:
[legend]

Classes

class  TokenError
 Exception thrown while parsing a token response. More...
 

Public Member Functions

const std::string & scope () const
 Returns the scope for which this process was created. More...
 
const OAuthServiceservice () const
 Returns the OAuth service which spawned this process. More...
 
virtual void startAuthorize ()
 Starts an authorization process. More...
 
virtual void startAuthenticate ()
 Starts an authorization and authentication process. More...
 
virtual void getIdentity (const OAuthAccessToken &token)
 Obtains an authenticated identity. More...
 
WString error () const
 Error information, in case authentication or identification failed. More...
 
const OAuthAccessTokentoken () const
 Returns the access token. More...
 
Signal< OAuthAccessToken > & authorized ()
 Authorization signal. More...
 
Signal< Identity > & authenticated ()
 Authentication signal. More...
 
- Public Member Functions inherited from Wt::WObject
void addChild (std::unique_ptr< WObject > child)
 Add a child WObject whose lifetime is determined by this WObject.
 
template<typename Child >
Child * addChild (std::unique_ptr< Child > child)
 Add a child WObject, returning a raw pointer. More...
 
std::unique_ptr< WObjectremoveChild (WObject *child)
 Remove a child WObject, so its lifetime is no longer determined by this WObject.
 
template<typename Child >
std::unique_ptr< Child > removeChild (Child *child)
 Remove a child WObject, so its lifetime is no longer determined by this WObject. More...
 
virtual const std::string id () const
 Returns the (unique) identifier for this object. More...
 
virtual void setObjectName (const std::string &name)
 Sets an object name. More...
 
virtual std::string objectName () const
 Returns the object name. More...
 
void resetLearnedSlots ()
 Resets learned stateless slot implementations. More...
 
template<class T >
void resetLearnedSlot (void(T::*method)())
 Resets a learned stateless slot implementation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)())
 Declares a slot to be stateless and learn client-side behaviour on first invocation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)(), void(T::*undoMethod)())
 Declares a slot to be stateless and learn client-side behaviour in advance. More...
 
void isNotStateless ()
 Marks the current function as not stateless. More...
 
template<class T >
WStatelessSlot * implementJavaScript (void(T::*method)(), const std::string &jsCode)
 Provides a JavaScript implementation for a method. More...
 
- Public Member Functions inherited from Wt::Core::observable
 observable () noexcept
 Default constructor.
 
virtual ~observable ()
 Destructor. More...
 
template<typename... Args, typename C >
auto bindSafe (void(C::*method)(Args...)) noexcept
 Protects a method call against object destruction. More...
 
template<typename... Args, typename C >
auto bindSafe (void(C::*method)(Args...) const) const noexcept
 Protects a const method call against object destruction. More...
 
template<typename Function >
auto bindSafe (const Function &function) noexcept
 Protects a function against object destruction. More...
 

Protected Member Functions

 OAuthProcess (const OAuthService &service, const std::string &scope)
 Constructor. More...
 
virtual OAuthAccessToken parseTokenResponse (const Http::Message &response)
 Parses the response for a token request. More...
 
virtual void setError (const WString &e)
 Sets the error. More...
 
- Protected Member Functions inherited from Wt::WObject
virtual WStatelessSlot * getStateless (Method method)
 On-demand stateless slot implementation. More...
 

Additional Inherited Members

- Public Types inherited from Wt::WObject
typedef void(WObject::* Method) ()
 Typedef for a WObject method without arguments.
 

Detailed Description

An OAuth authorization (and authentication) process.

The process implements the state machine that is needed to complete an OAuth authorization cycle.

Optionally, it also provides authentication, by using the service-specific logic which uses the access token to return identity information.

A process is created for a particular scope, which represents what kind of information one wants to access, and which is used to inform the user of the kind of operations he needs to authorize for your application to make with his protected data.

The configuration of the service is done using properties which are specific to the 3rd party provider and discussed in sub classes of this class. There is one property, which is optional, which can be configured here which is a secret used for creating the OAuth2 'state' hash. By default, the library will create this secret from a random generator, and this is sufficient for single-process deployments. For multi-process deployments (e.g. FastCGI), however the same value must be used in all processes and thus needs to be pre-configured.

For example:

<properties>
...
<property name="oauth2-secret">U6EKaj5QurAJCWwBonvkM4i4pi7Wro2z9lEJRAKY</property>
</properties>
See also
OAuthService::createProcess()

Constructor & Destructor Documentation

◆ OAuthProcess()

Wt::Auth::OAuthProcess::OAuthProcess ( const OAuthService service,
const std::string &  scope 
)
protected

Constructor.

See also
OAuthService::createProcess()

Member Function Documentation

◆ authenticated()

Signal<Identity>& Wt::Auth::OAuthProcess::authenticated ( )

Authentication signal.

This signal indicates the end of an authentication process started with startAuthenticate() or getIdentity(). If the authentication process was successful, then the parameter is a valid and authentic identity. If the authentication process failed then the identity parameter is invalid, and you can get more information using error().

Authentication can fail because authorization failed (in case of startAuthenticate()), or because of a protocol error, or configuration problem.

See also
startAuthenticate(), getIdentity(), Identity::isValid()

◆ authorized()

Signal<OAuthAccessToken>& Wt::Auth::OAuthProcess::authorized ( )

Authorization signal.

This signal indicates the end of an authorization process started with startAuthorize(). If the authorization process was successful, then the parameter carries a valid access token that was obtained. If the authorization process failed then the access token parameter is invalid, and you can get more information using error().

Authorization can fail because of a protocol error, aconfiguration problem, or because the user denied the authorization.

See also
startAuthorize(), OAuthAccessToken::isValid()

◆ error()

WString Wt::Auth::OAuthProcess::error ( ) const

Error information, in case authentication or identification failed.

The error message contains details when the authorized() or authenticated() signals indicate respectively an invalid token or invalid identity.

◆ getIdentity()

void Wt::Auth::OAuthProcess::getIdentity ( const OAuthAccessToken token)
virtual

Obtains an authenticated identity.

The authentication process uses an access token to issue one or more protected requests for obtaining identity information. This is not part of the OAuth protocol, since OAuth does not standardize the use of the access token to obtain this information.

The authentication process ends with the authenticated() signal which signals the obtained identity.

Reimplemented in Wt::Auth::OidcProcess.

◆ parseTokenResponse()

OAuthAccessToken Wt::Auth::OAuthProcess::parseTokenResponse ( const Http::Message response)
protectedvirtual

Parses the response for a token request.

Throws a TokenError when the response indicates an error, or when the response could not be properly parsed.

Some OAuth implementations may uses a non-standard encoding of the token.

◆ scope()

const std::string& Wt::Auth::OAuthProcess::scope ( ) const

Returns the scope for which this process was created.

The scope represents how much protected information the web application wants to access, and in what way.

See also
OAuthService::createProcess(), OAuthService::authenticationScope()

◆ service()

const OAuthService& Wt::Auth::OAuthProcess::service ( ) const

Returns the OAuth service which spawned this process.

See also
OAuthService::createProcess()

◆ setError()

void Wt::Auth::OAuthProcess::setError ( const WString e)
protectedvirtual

Sets the error.

This should be used in getIdentity() implementations to set the error, before emitting authenticated() with an invalid Identity.

◆ startAuthenticate()

void Wt::Auth::OAuthProcess::startAuthenticate ( )
virtual

Starts an authorization and authentication process.

This is startAuthorize() followed by getIdentity().

This requires that the process is created with an authorization scope that includes sufficient rights for authentication (at least OAuthService::authenticationScope())

The authentication process ends with the authenticated() signal which signals the obtained identity.

Note
To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.

Reimplemented in Wt::Auth::OidcProcess.

◆ startAuthorize()

void Wt::Auth::OAuthProcess::startAuthorize ( )
virtual

Starts an authorization process.

This starts an authorization process to request an accesstoken to access protected information within the process scope.

The authorization process ends with the authorized() signal which signals the obtained token.

Note
To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.

◆ token()

const OAuthAccessToken& Wt::Auth::OAuthProcess::token ( ) const

Returns the access token.

This returns the access token that was obtained in the last authorization cycle.