Endpoint to retrieve an access token. More...
#include <OAuthTokenEndpoint.h>
Public Member Functions | |
| OAuthTokenEndpoint (AbstractUserDatabase &db, std::string issuer) | |
| Constructor. More... | |
| virtual void | handleRequest (const Http::Request &request, Http::Response &response) override |
| Handles a request. More... | |
| void | setAccessExpSecs (int seconds) |
| Sets the amount of seconds after which generated access tokens expire. More... | |
| void | setIdExpSecs (int seconds) |
| Sets the amount of seconds after which generated id tokens expire. More... | |
 Public Member Functions inherited from Wt::WResource | |
| WResource () | |
| Creates a new resource. | |
| ~WResource () | |
| Destroys the resource. More... | |
| void | suggestFileName (const Wt::WString &name, ContentDisposition disposition=ContentDisposition::Attachment) |
| Suggests a filename to the user for the data streamed by this resource. More... | |
| const Wt::WString & | suggestedFileName () const |
| Returns the suggested file name. More... | |
| void | setDispositionType (ContentDisposition cd) |
| Configures the Content-Disposition header. More... | |
| ContentDisposition | dispositionType () const |
| Returns the currently configured content disposition. More... | |
| void | setChanged () |
| Generates a new URL for this resource and emits the changed signal. More... | |
| void | setInvalidAfterChanged (bool enabled) |
| Return "page not found" for prior resource URLs after change. More... | |
| bool | invalidAfterChanged () const |
| Should "page not found" be returned for outdated resource URLs. More... | |
| void | setInternalPath (const std::string &path) |
| Sets an internal path for this resource. More... | |
| std::string | internalPath () const |
| Returns the internal path. More... | |
| const std::string & | generateUrl () |
| Generates an URL for this resource. More... | |
| const std::string & | url () const |
| Returns the current URL for this resource. More... | |
| Signal & | dataChanged () |
| Signal emitted when the data presented in this resource has changed. More... | |
| void | setUploadProgress (bool enabled) |
| Indicate interest in upload progress. More... | |
| Signal< ::uint64_t, ::uint64_t > & | dataReceived () |
| Signal emitted when data has been received for this resource. More... | |
| void | write (std::ostream &out, const Http::ParameterMap ¶meters=Http::ParameterMap(), const Http::UploadedFileMap &files=Http::UploadedFileMap()) |
| Stream the resource to a stream. More... | |
| virtual void | handleAbort (const Http::Request &request) |
| Handles a continued request being aborted. More... | |
| void | haveMoreData () |
| Indicate that more data is available. More... | |
| void | setTakesUpdateLock (bool enabled) |
| Set whether this resource takes the WApplication's update lock. More... | |
| bool | takesUpdateLock () const |
| Returns whether this resources takes the WApplication's update lock. More... | |
| Public Member Functions inherited from Wt::WObject | |
| void | addChild (std::unique_ptr< WObject > child) |
| Add a child WObject whose lifetime is determined by this WObject. | |
| template<typename Child > | |
| Child * | addChild (std::unique_ptr< Child > child) |
| Add a child WObject, returning a raw pointer. More... | |
| std::unique_ptr< WObject > | removeChild (WObject *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| template<typename Child > | |
| std::unique_ptr< Child > | removeChild (Child *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. More... | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. More... | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. More... | |
| virtual std::string | objectName () const |
| Returns the object name. More... | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. More... | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
| void | isNotStateless () |
| Marks the current function as not stateless. More... | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. More... | |
| Public Member Functions inherited from Wt::Core::observable | |
| observable () noexcept | |
| Default constructor. | |
| virtual | ~observable () |
| Destructor. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...)) noexcept |
| Protects a method call against object destruction. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
| Protects a const method call against object destruction. More... | |
| template<typename Function > | |
| auto | bindSafe (const Function &function) noexcept |
| Protects a function against object destruction. More... | |
Private Member Functions | |
| virtual const std::string | idTokenPayload (const std::string &clientId, const std::string &scope, const User &user) |
| Is only called when scope contains openid. Generates a JSON Web Token. | |
Additional Inherited Members | |
| Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
| Protected Member Functions inherited from Wt::WResource | |
| void | beingDeleted () |
| Prepares the resource for deletion. More... | |
| Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. More... | |
Detailed Description
Endpoint to retrieve an access token.
The token endpoint is used by the client to obtain an OAuthAccessToken by presenting its authorization grant. This implementation only supports the "authorization_code" grant type. The client ID and secret can be passed with Basic auth or by POST request parameters. When something goes wrong, the reply will include a JSON object with an "error" attribute.
This endpoint is implemented as a WResource, so it's usually deployed using WServer::addResource.
For more information refer to the specification: https://tools.ietf.org/rfc/rfc6749.txt
When the scope includes "openid" an ID Token will be included as specified by the OpenID Connect standard.
This class relies on a correct implementation of several function in the AbstractUserDatabase. Namely AbstractUserDatabase::idpClientFindWithId, AbstractUserDatabase::idpClientAuthMethod, AbstractUserDatabase::idpVerifySecret, AbstractUserDatabase::idpClientId, AbstractUserDatabase::idpTokenFindWithValue, AbstractUserDatabase::idpTokenAdd, AbstractUserDatabase::idpTokenRemove, AbstractUserDatabase::idpTokenRedirectUri, AbstractUserDatabase::idpTokenAuthClient, AbstractUserDatabase::idpTokenUser, and AbstractUserDatabase::idpTokenScope.
Must be deployed using TLS.
Constructor & Destructor Documentation
◆ OAuthTokenEndpoint()
| Wt::Auth::OAuthTokenEndpoint::OAuthTokenEndpoint | ( | AbstractUserDatabase & | db, |
| std::string | issuer | ||
| ) |
Constructor.
The issuer argument is used for the "iss" attribute in the ID Token when the scope includes "openid".
Member Function Documentation
◆ handleRequest()
|
overridevirtual |
Handles a request.
Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.
A request may also concern a continuation, indicated in Http::Request::continuation(), in which case the next part for a previously created continuation should be served.
While handling a request, which may happen at any time together with event handling, the library makes sure that the resource is not being concurrently deleted, but multiple requests may happend simultaneously for a single resource.
Implements Wt::WResource.
◆ setAccessExpSecs()
| void Wt::Auth::OAuthTokenEndpoint::setAccessExpSecs | ( | int | seconds | ) |
Sets the amount of seconds after which generated access tokens expire.
Defaults to 3600 seconds.
◆ setIdExpSecs()
| void Wt::Auth::OAuthTokenEndpoint::setIdExpSecs | ( | int | seconds | ) |
Sets the amount of seconds after which generated id tokens expire.
Defaults to 3600 seconds.
