Wt  4.10.4
Public Member Functions | List of all members
Wt::Auth::OidcService Class Reference

An OpenId Connect authentication service provider. More...

#include <Wt/Auth/OidcService.h>

Inheritance diagram for Wt::Auth::OidcService:
[legend]

Public Member Functions

 OidcService (const AuthService &baseAuth)
 Constructor.
 
virtual std::string name () const override
 Returns the provider name. More...
 
virtual WString description () const override
 Returns the provider description. More...
 
virtual int popupWidth () const override
 Returns the desired width for the popup window. More...
 
virtual int popupHeight () const override
 Returns the desired height of the popup window. More...
 
virtual std::string authenticationScope () const override
 Returns the scope needed for authentication. More...
 
virtual std::string redirectEndpoint () const override
 Returns the redirection endpoint URL. More...
 
virtual std::string authorizationEndpoint () const override
 Returns the authorization endpoint URL. More...
 
virtual std::string tokenEndpoint () const override
 Returns the token endpoint URL. More...
 
virtual std::string userInfoEndpoint () const override
 Returns the user info endpoint URL. More...
 
virtual std::string clientId () const override
 Returns the client ID. More...
 
virtual std::string clientSecret () const override
 Returns the client secret. More...
 
virtual ClientSecretMethod clientSecretMethod () const override
 Returns the method to transfer the client secret. More...
 
virtual std::unique_ptr< OAuthProcesscreateProcess (const std::string &scope) const override
 Creates a new authentication process. More...
 
void setRedirectEndpoint (const std::string &url)
 Sets the redirection endpoint URL. More...
 
void setClientId (const std::string &id)
 Sets the client ID. More...
 
void setClientSecret (const std::string &secret)
 Sets the client secret. More...
 
void setAuthEndpoint (const std::string &url)
 Sets the authorization endpoint URL. More...
 
void setTokenEndpoint (const std::string &url)
 Sets the token endpoint URL. More...
 
void setUserInfoEndpoint (const std::string &url)
 Sets the user info endpoint URL. More...
 
void setAuthenticationScope (const std::string &scope)
 Sets the scope needed for authentication. More...
 
void setName (const std::string &name)
 Sets the provider name. More...
 
void setDescription (const std::string &description)
 Sets the provider description. More...
 
void setClientSecretMethod (ClientSecretMethod method)
 Sets the method to transfer the client secret. More...
 
void setPopupWidth (int width)
 Sets the desired width for the popup window. More...
 
void setPopupHeight (int height)
 Sets the desired height for the popup window. More...
 
- Public Member Functions inherited from Wt::Auth::OAuthService
 OAuthService (const AuthService &baseAuth)
 Constructor. More...
 
virtual ~OAuthService ()
 Destructor.
 
const AuthServicebaseAuth () const
 Returns the basic authentication service.
 
void setPopupEnabled (bool enable)
 Configure if a popup should be used for the login. More...
 
bool popupEnabled () const
 Returns if a popup is used for the login.
 
virtual std::string redirectEndpointPath () const
 Returns the deployment path of the redirection endpoint. More...
 
virtual std::string encodeState (const std::string &sessionId) const
 Derives a state value from the session ID. More...
 
virtual std::string decodeState (const std::string &state) const
 Validates and decodes a state parameter. More...
 
virtual Http::Method tokenRequestMethod () const
 Returns the HTTP method used for the token request. More...
 
void configureRedirectEndpoint () const
 Configures the static resource implementing the redirect endpoint. More...
 

Detailed Description

An OpenId Connect authentication service provider.

This class implements an OpenID Connect client (core specification), which can be used to allow the user to be safely authenticated with your web application without needing to store or even handle his authorization credentials (such as a password).

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

This implementation only supports authentication using the Authorization Code Flow.

The configuration of this service is done by using the setters the service class exposes. Before the authentication process can be started these settings must be configured first and may not be changed afterwards. A "const OidcService" object is thread-safe.

The OpenID Connect protocol, including the subsequent use for authentication, consists of a number of consecutive steps, some of which require user interaction, and some which require the use of remote web services. The state machine for this process is implemented in an OidcProcess. To use OpenID Connect, you need to create such a process and listen for state changes.

Member Function Documentation

◆ authenticationScope()

virtual std::string Wt::Auth::OidcService::authenticationScope ( ) const
overridevirtual

Returns the scope needed for authentication.

This returns the scope that is needed (and sufficient) for obtaining identity information, and thus to authenticate the user.

This defaults to "openid".

See also
OidcProcess::startAuthenticate()
OidcService::createProcess()
OidcService::setAuthenticationScope()

Implements Wt::Auth::OAuthService.

◆ authorizationEndpoint()

virtual std::string Wt::Auth::OidcService::authorizationEndpoint ( ) const
overridevirtual

Returns the authorization endpoint URL.

This is a remote URL which hosts the OpenID Connect authorization user interface. This URL is loaded in the popup window at the start of an authorization process.

See also
setAuthEndpoint()

Implements Wt::Auth::OAuthService.

◆ clientId()

virtual std::string Wt::Auth::OidcService::clientId ( ) const
overridevirtual

Returns the client ID.

This is the identification for this web application with the OpenID Connect provider.

See also
setClientId()

Implements Wt::Auth::OAuthService.

◆ clientSecret()

virtual std::string Wt::Auth::OidcService::clientSecret ( ) const
overridevirtual

Returns the client secret.

This is the secret credentials for this web application with the OpenID Connect provider.

See also
setClientSecret()

Implements Wt::Auth::OAuthService.

◆ clientSecretMethod()

virtual ClientSecretMethod Wt::Auth::OidcService::clientSecretMethod ( ) const
overridevirtual

Returns the method to transfer the client secret.

The default implementation returns HttpAuthorizationBasic (the recommended method).

Implements Wt::Auth::OAuthService.

◆ createProcess()

std::unique_ptr< OAuthProcess > Wt::Auth::OidcService::createProcess ( const std::string &  scope) const
overridevirtual

Creates a new authentication process.

This creates a new authentication process for the indicated scope. Valid names for the scope are service provider dependent.

The service needs to be correctly configured before being able to call this function. configure() needs to be called first to check if the configuration is valid.

Note
The returned process will be an instance of OidcService
See also
configure()
authenticationScope()

Implements Wt::Auth::OAuthService.

◆ description()

virtual WString Wt::Auth::OidcService::description ( ) const
overridevirtual

Returns the provider description.

This returns a description useful for e.g. tool tips on a login icon.

See also
name()
setDescription()

Implements Wt::Auth::OAuthService.

◆ name()

virtual std::string Wt::Auth::OidcService::name ( ) const
overridevirtual

Returns the provider name.

This is a short identifier.

See also
Identify::provider()
description()
setName()

Implements Wt::Auth::OAuthService.

◆ popupHeight()

virtual int Wt::Auth::OidcService::popupHeight ( ) const
overridevirtual

Returns the desired height of the popup window.

Defaults to 400 pixels.

See also
setPopupHeight()

Implements Wt::Auth::OAuthService.

◆ popupWidth()

virtual int Wt::Auth::OidcService::popupWidth ( ) const
overridevirtual

Returns the desired width for the popup window.

Defaults to 670 pixels.

See also
setPopupWidth()

Implements Wt::Auth::OAuthService.

◆ redirectEndpoint()

virtual std::string Wt::Auth::OidcService::redirectEndpoint ( ) const
overridevirtual

Returns the redirection endpoint URL.

This is the local URL to which the browser is redirect from the service provider, after the authorization process. You need to configure this URL with the third party authentication service.

A static resource will be deployed at this URL.

See also
setRedirectEndpoint()
WServer::addResource()

Implements Wt::Auth::OAuthService.

◆ setAuthEndpoint()

void Wt::Auth::OidcService::setAuthEndpoint ( const std::string &  url)

Sets the authorization endpoint URL.

This setting is required.

See also
authorizationEndpoint()

◆ setAuthenticationScope()

void Wt::Auth::OidcService::setAuthenticationScope ( const std::string &  scope)

Sets the scope needed for authentication.

This setting is required.

See also
authenticationScope()

◆ setClientId()

void Wt::Auth::OidcService::setClientId ( const std::string &  id)

Sets the client ID.

This setting is required.

See also
clientId()

◆ setClientSecret()

void Wt::Auth::OidcService::setClientSecret ( const std::string &  secret)

Sets the client secret.

This setting is required.

See also
setClientSecret()

◆ setClientSecretMethod()

void Wt::Auth::OidcService::setClientSecretMethod ( ClientSecretMethod  method)

Sets the method to transfer the client secret.

See also
name()

◆ setDescription()

void Wt::Auth::OidcService::setDescription ( const std::string &  description)

Sets the provider description.

This setting is required.

See also
name()

◆ setName()

void Wt::Auth::OidcService::setName ( const std::string &  name)

Sets the provider name.

See also
name()

◆ setPopupHeight()

void Wt::Auth::OidcService::setPopupHeight ( int  height)

Sets the desired height for the popup window.

See also
popupHeight()

◆ setPopupWidth()

void Wt::Auth::OidcService::setPopupWidth ( int  width)

Sets the desired width for the popup window.

See also
popupWidth()

◆ setRedirectEndpoint()

void Wt::Auth::OidcService::setRedirectEndpoint ( const std::string &  url)

Sets the redirection endpoint URL.

See also
redirectEndoint()

◆ setTokenEndpoint()

void Wt::Auth::OidcService::setTokenEndpoint ( const std::string &  url)

Sets the token endpoint URL.

This setting is required.

See also
tokenEndpoint()

◆ setUserInfoEndpoint()

void Wt::Auth::OidcService::setUserInfoEndpoint ( const std::string &  url)

Sets the user info endpoint URL.

This setting is required.

See also
userInfoEndpoint()

◆ tokenEndpoint()

virtual std::string Wt::Auth::OidcService::tokenEndpoint ( ) const
overridevirtual

Returns the token endpoint URL.

This is a remote URL which hosts a web-service that generates access and id tokens.

See also
setTokenEndpoint()

Implements Wt::Auth::OAuthService.

◆ userInfoEndpoint()

virtual std::string Wt::Auth::OidcService::userInfoEndpoint ( ) const
overridevirtual

Returns the user info endpoint URL.

This is a remote URL which hosts a web-service that provides the claims that are associated with the requested scope.

See also
setTokenEndpoint()

Reimplemented from Wt::Auth::OAuthService.