Class OidcService
- Direct Known Subclasses:
GoogleService
public class OidcService extends OAuthService
This class implements an OpenID Connect client (core specification), which can be used to allow the user to be safely authenticated with your web application without needing to store or even handle his authorization credentials (such as a password).
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
This implementation only supports authentication using the Authorization Code Flow.
The configuration of this service is done by using the setters the service class exposes. Before the authentication process can be started these settings must be configured first and may not be changed afterwards.
The OpenID Connect protocol, including the subsequent use for authentication, consists of a
number of consecutive steps, some of which require user interaction, and some which require the
use of remote web services. The state machine for this process is implemented in an OidcProcess
. To use OpenID Connect, you need to create such a process and listen for state
changes.
-
Constructor Summary
Constructors Constructor Description OidcService(AuthService baseAuth)
Constructor. -
Method Summary
Modifier and Type Method Description OidcProcess
createProcess(java.lang.String scope)
Creates a new authentication process.java.lang.String
getAuthenticationScope()
Returns the scope needed for authentication.java.lang.String
getAuthorizationEndpoint()
Returns the authorization endpoint URL.java.lang.String
getClientId()
Returns the client ID.java.lang.String
getClientSecret()
Returns the client secret.ClientSecretMethod
getClientSecretMethod()
Returns the method to transfer the client secret.WString
getDescription()
Returns the provider description.java.lang.String
getName()
Returns the provider name.int
getPopupHeight()
Returns the desired height of the popup window.int
getPopupWidth()
Returns the desired width for the popup window.java.lang.String
getRedirectEndpoint()
Returns the redirection endpoint URL.java.lang.String
getTokenEndpoint()
Returns the token endpoint URL.java.lang.String
getUserInfoEndpoint()
Returns the user info endpoint URL.void
setAuthEndpoint(java.lang.String url)
Sets the authorization endpoint URL.void
setAuthenticationScope(java.lang.String scope)
Sets the scope needed for authentication.void
setClientId(java.lang.String id)
Sets the client ID.void
setClientSecret(java.lang.String secret)
Sets the client secret.void
setClientSecretMethod(ClientSecretMethod method)
Sets the method to transfer the client secret.void
setDescription(java.lang.String description)
Sets the provider description.void
setName(java.lang.String name)
Sets the provider name.void
setPopupHeight(int height)
Sets the desired height for the popup window.void
setPopupWidth(int width)
Sets the desired width for the popup window.void
setRedirectEndpoint(java.lang.String url)
Sets the redirection endpoint URL.void
setTokenEndpoint(java.lang.String url)
Sets the token endpoint URL.void
setUserInfoEndpoint(java.lang.String url)
Sets the user info endpoint URL.Methods inherited from class eu.webtoolkit.jwt.auth.OAuthService
configurationProperty, configureRedirectEndpoint, decodeState, encodeState, getBaseAuth, getGenerateRedirectEndpoint, getRedirectEndpointPath, getRedirectInternalPath, getTokenRequestMethod
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Constructor Details
-
OidcService
Constructor.
-
-
Method Details
-
getName
public java.lang.String getName()Returns the provider name.This is a short identifier.
- Specified by:
getName
in classOAuthService
- See Also:
getDescription()
,setName(String name)
-
getDescription
Returns the provider description.This returns a description useful for e.g. tool tips on a login icon.
- Specified by:
getDescription
in classOAuthService
- See Also:
getName()
,setDescription(String description)
-
getPopupWidth
public int getPopupWidth()Returns the desired width for the popup window.Defaults to 670 pixels.
- Specified by:
getPopupWidth
in classOAuthService
- See Also:
setPopupWidth(int width)
-
getPopupHeight
public int getPopupHeight()Returns the desired height of the popup window.Defaults to 400 pixels.
- Specified by:
getPopupHeight
in classOAuthService
- See Also:
setPopupHeight(int height)
-
getAuthenticationScope
public java.lang.String getAuthenticationScope()Returns the scope needed for authentication.This returns the scope that is needed (and sufficient) for obtaining identity information, and thus to authenticate the user.
This defaults to "openid".
- Specified by:
getAuthenticationScope
in classOAuthService
- See Also:
OidcProcess.startAuthenticate()
,createProcess(String scope)
,setAuthenticationScope(String scope)
-
getRedirectEndpoint
public java.lang.String getRedirectEndpoint()Returns the redirection endpoint URL.This is the local URL to which the browser is redirect from the service provider, after the authorization process. You need to configure this URL with the third party authentication service.
A static resource will be deployed at this URL.
- Specified by:
getRedirectEndpoint
in classOAuthService
- See Also:
setRedirectEndpoint(String url)
-
getAuthorizationEndpoint
public java.lang.String getAuthorizationEndpoint()Returns the authorization endpoint URL.This is a remote URL which hosts the OpenID Connect authorization user interface. This URL is loaded in the popup window at the start of an authorization process.
- Specified by:
getAuthorizationEndpoint
in classOAuthService
- See Also:
setAuthEndpoint(String url)
-
getTokenEndpoint
public java.lang.String getTokenEndpoint()Returns the token endpoint URL.This is a remote URL which hosts a web-service that generates access and id tokens.
- Specified by:
getTokenEndpoint
in classOAuthService
- See Also:
setTokenEndpoint(String url)
-
getUserInfoEndpoint
public java.lang.String getUserInfoEndpoint()Returns the user info endpoint URL.This is a remote URL which hosts a web-service that provides the claims that are associated with the requested scope.
- Overrides:
getUserInfoEndpoint
in classOAuthService
- See Also:
setTokenEndpoint(String url)
-
getClientId
public java.lang.String getClientId()Returns the client ID.This is the identification for this web application with the OpenID Connect provider.
- Specified by:
getClientId
in classOAuthService
- See Also:
setClientId(String id)
-
getClientSecret
public java.lang.String getClientSecret()Returns the client secret.This is the secret credentials for this web application with the OpenID Connect provider.
- Specified by:
getClientSecret
in classOAuthService
- See Also:
setClientSecret(String secret)
-
getClientSecretMethod
Returns the method to transfer the client secret.The default implementation returns HttpAuthorizationBasic (the recommended method).
- Specified by:
getClientSecretMethod
in classOAuthService
-
createProcess
Creates a new authentication process.This creates a new authentication process for the indicated scope. Valid names for the scope are service provider dependent.
The service needs to be correctly configured before being able to call this function. configure() needs to be called first to check if the configuration is valid.
- Specified by:
createProcess
in classOAuthService
- See Also:
getAuthenticationScope()
-
setRedirectEndpoint
public void setRedirectEndpoint(java.lang.String url)Sets the redirection endpoint URL. -
setClientId
public void setClientId(java.lang.String id)Sets the client ID.This setting is required.
- See Also:
getClientId()
-
setClientSecret
public void setClientSecret(java.lang.String secret)Sets the client secret.This setting is required.
- See Also:
setClientSecret(String secret)
-
setAuthEndpoint
public void setAuthEndpoint(java.lang.String url)Sets the authorization endpoint URL.This setting is required.
- See Also:
getAuthorizationEndpoint()
-
setTokenEndpoint
public void setTokenEndpoint(java.lang.String url)Sets the token endpoint URL.This setting is required.
- See Also:
getTokenEndpoint()
-
setUserInfoEndpoint
public void setUserInfoEndpoint(java.lang.String url)Sets the user info endpoint URL.This setting is required.
- See Also:
getUserInfoEndpoint()
-
setAuthenticationScope
public void setAuthenticationScope(java.lang.String scope)Sets the scope needed for authentication.This setting is required.
- See Also:
getAuthenticationScope()
-
setName
public void setName(java.lang.String name)Sets the provider name.- See Also:
getName()
-
setDescription
public void setDescription(java.lang.String description)Sets the provider description.This setting is required.
- See Also:
getName()
-
setClientSecretMethod
Sets the method to transfer the client secret.- See Also:
getName()
-
setPopupWidth
public void setPopupWidth(int width)Sets the desired width for the popup window.- See Also:
getPopupWidth()
-
setPopupHeight
public void setPopupHeight(int height)Sets the desired height for the popup window.- See Also:
getPopupHeight()
-