Package co.elastic.clients.elasticsearch.security

Class OidcPrepareAuthenticationRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.OidcPrepareAuthenticationRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class OidcPrepareAuthenticationRequest extends RequestBase implements JsonpSerializable
Prepare OpenID connect authentication.

Create an oAuth 2.0 authentication request as a URL string based on the configuration of the OpenID Connect authentication realm in Elasticsearch.

The response of this API is a URL pointing to the Authorization Endpoint of the configured OpenID Connect Provider, which can be used to redirect the browser of the user in order to continue the authentication process.

Elasticsearch exposes all the necessary OpenID Connect related functionality with the OpenID Connect APIs. These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.

See Also:

  • Field Details

  • Method Details

    • of

      public static OidcPrepareAuthenticationRequest of(Function<OidcPrepareAuthenticationRequest.Builder,ObjectBuilder<OidcPrepareAuthenticationRequest>> fn)

    • iss

      @Nullable public final String iss()
      In the case of a third party initiated single sign on, this is the issuer identifier for the OP that the RP is to send the authentication request to. It cannot be specified when realm is specified. One of realm or iss is required.

      API name: iss

    • loginHint

      @Nullable public final String loginHint()
      In the case of a third party initiated single sign on, it is a string value that is included in the authentication request as the login_hint parameter. This parameter is not valid when realm is specified.

      API name: login_hint

    • nonce

      @Nullable public final String nonce()
      The value used to associate a client session with an ID token and to mitigate replay attacks. If the caller of the API does not provide a value, Elasticsearch will generate one with sufficient entropy and return it in the response.

      API name: nonce

    • realm

      @Nullable public final String realm()
      The name of the OpenID Connect realm in Elasticsearch the configuration of which should be used in order to generate the authentication request. It cannot be specified when iss is specified. One of realm or iss is required.

      API name: realm

    • state

      @Nullable public final String state()
      The value used to maintain state between the authentication request and the response, typically used as a Cross-Site Request Forgery mitigation. If the caller of the API does not provide a value, Elasticsearch will generate one with sufficient entropy and return it in the response.

      API name: state

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupOidcPrepareAuthenticationRequestDeserializer

      protected static void setupOidcPrepareAuthenticationRequestDeserializer(ObjectDeserializer<OidcPrepareAuthenticationRequest.Builder> op)