Package eu.webtoolkit.jwt.auth

Class OAuthTokenEndpoint

java.lang.Object

eu.webtoolkit.jwt.WObject

eu.webtoolkit.jwt.WResource

eu.webtoolkit.jwt.auth.OAuthTokenEndpoint

public class OAuthTokenEndpoint
extends WResource

Endpoint to retrieve an access token.

The token endpoint is used by the client to obtain an OAuthAccessToken by presenting its authorization grant. This implementation only supports the "authorization_code" grant type. The client ID and secret can be passed with Basic auth or by POST request parameters. When something goes wrong, the reply will include a JSON object with an "error" attribute.

This endpoint is implemented as a WResource, so it's usually deployed using WServer#addResource().

For more information refer to the specification: https://tools.ietf.org/rfc/rfc6749.txt

When the scope includes "openid" an ID Token will be included as specified by the OpenID Connect standard.

This class relies on a correct implementation of several function in the AbstractUserDatabase. Namely AbstractUserDatabase#idpClientFindWithId(), AbstractUserDatabase#idpClientAuthMethod(), AbstractUserDatabase#idpVerifySecret(), AbstractUserDatabase#idpClientId(), AbstractUserDatabase#idpTokenFindWithValue(), AbstractUserDatabase#idpTokenAdd(), AbstractUserDatabase#idpTokenRemove(), AbstractUserDatabase#idpTokenRedirectUri(), AbstractUserDatabase::idpTokenAuthClient, AbstractUserDatabase#idpTokenUser(), and AbstractUserDatabase#idpTokenScope().

Must be deployed using TLS.

Nested Class Summary

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WResource

WResource.DispositionType

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject

WObject.FormData

Constructor Summary

Constructors

Constructor	Description
OAuthTokenEndpoint(AbstractUserDatabase db, java.lang.String issuer)	Constructor.

Method Summary

Modifier and Type	Method	Description
void	handleRequest(WebRequest request, WebResponse response)	Handles a request.
void	setAccessExpSecs(int seconds)	Sets the amount of seconds after which generated access tokens expire.
void	setIdExpSecs(int seconds)	Sets the amount of seconds after which generated id tokens expire.

Methods inherited from class eu.webtoolkit.jwt.WResource

dataChanged, dataExceeded, dataReceived, generateUrl, getDispositionType, getInternalPath, getSuggestedFileName, getUrl, setChanged, setDispositionType, setInternalPath, setTakesUpdateLock, setUploadProgress, suggestFileName, suggestFileName, takesUpdateLock, write, write

Methods inherited from class eu.webtoolkit.jwt.WObject

addChild, getId, getObjectName, remove, setFormData, setObjectName, tr

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuthTokenEndpoint

public OAuthTokenEndpoint(AbstractUserDatabase db,
java.lang.String issuer)

Constructor.

The issuer argument is used for the "iss" attribute in the ID Token when the scope includes "openid".

Method Details

handleRequest

public void handleRequest(WebRequest request,
WebResponse response)

Description copied from class: WResource

Handles a request.

Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.

Specified by:

handleRequest in class WResource

Parameters:

request - The request information

response - The response object

setAccessExpSecs

public void setAccessExpSecs(int seconds)

Sets the amount of seconds after which generated access tokens expire.

Defaults to 3600 seconds.

setIdExpSecs

public void setIdExpSecs(int seconds)

Sets the amount of seconds after which generated id tokens expire.

Defaults to 3600 seconds.