Class OAuth2Auth
- java.lang.Object
-
- io.vertx.reactivex.ext.auth.authentication.AuthenticationProvider
-
- io.vertx.reactivex.ext.auth.oauth2.OAuth2Auth
-
public class OAuth2Auth extends AuthenticationProvider
Factory interface for creating OAuth2 basedAuthenticationProvider
instances. NOTE: This class has been automatically generated from theoriginal
non RX-ified interface using Vert.x codegen.
-
-
Field Summary
Fields Modifier and Type Field Description static TypeArg<OAuth2Auth>
__TYPE_ARG
-
Constructor Summary
Constructors Constructor Description OAuth2Auth(OAuth2Auth delegate)
OAuth2Auth(Object delegate)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description String
authorizeURL(JsonObject params)
Deprecated.String
authorizeURL(OAuth2AuthorizationURL url)
The client sends the end-user's browser to this endpoint to request their authentication and consent.void
close()
Releases any resources or timers used by this instance.static OAuth2Auth
create(Vertx vertx)
Create a OAuth2 auth provider.static OAuth2Auth
create(Vertx vertx, OAuth2Options config)
Create a OAuth2 auth providerString
endSessionURL(User user)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.String
endSessionURL(User user, JsonObject params)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.boolean
equals(Object o)
OAuth2Auth
getDelegate()
int
hashCode()
OAuth2Auth
jWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.OAuth2Auth
jWKSet(Handler<AsyncResult<Void>> handler)
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.OAuth2Auth
missingKeyHandler(Handler<String> handler)
Handled to be called when a key (mentioned on a JWT) is missing from the current config.static OAuth2Auth
newInstance(OAuth2Auth arg)
OAuth2Auth
refresh(User user)
Refresh the current User (access token).OAuth2Auth
refresh(User user, Handler<AsyncResult<User>> handler)
Refresh the current User (access token).OAuth2Auth
revoke(User user)
Revoke an obtained access token.OAuth2Auth
revoke(User user, Handler<AsyncResult<Void>> handler)
Revoke an obtained access token.OAuth2Auth
revoke(User user, String tokenType)
Revoke an obtained access or refresh token.OAuth2Auth
revoke(User user, String tokenType, Handler<AsyncResult<Void>> handler)
Revoke an obtained access or refresh token.io.reactivex.Completable
rxJWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.io.reactivex.Single<User>
rxRefresh(User user)
Refresh the current User (access token).io.reactivex.Completable
rxRevoke(User user)
Revoke an obtained access token.io.reactivex.Completable
rxRevoke(User user, String tokenType)
Revoke an obtained access or refresh token.io.reactivex.Single<JsonObject>
rxUserInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user.String
toString()
OAuth2Auth
userInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user.OAuth2Auth
userInfo(User user, Handler<AsyncResult<JsonObject>> handler)
Retrieve profile information and other attributes for a logged-in end-user.-
Methods inherited from class io.vertx.reactivex.ext.auth.authentication.AuthenticationProvider
authenticate, authenticate, authenticate, authenticate, newInstance, rxAuthenticate, rxAuthenticate
-
-
-
-
Field Detail
-
__TYPE_ARG
public static final TypeArg<OAuth2Auth> __TYPE_ARG
-
-
Constructor Detail
-
OAuth2Auth
public OAuth2Auth(OAuth2Auth delegate)
-
OAuth2Auth
public OAuth2Auth(Object delegate)
-
-
Method Detail
-
toString
public String toString()
- Overrides:
toString
in classAuthenticationProvider
-
equals
public boolean equals(Object o)
- Overrides:
equals
in classAuthenticationProvider
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classAuthenticationProvider
-
getDelegate
public OAuth2Auth getDelegate()
- Overrides:
getDelegate
in classAuthenticationProvider
-
create
public static OAuth2Auth create(Vertx vertx)
Create a OAuth2 auth provider.- Parameters:
vertx
- the Vertx instance- Returns:
- the auth provider
-
create
public static OAuth2Auth create(Vertx vertx, OAuth2Options config)
Create a OAuth2 auth provider- Parameters:
vertx
- the Vertx instanceconfig
- the config- Returns:
- the auth provider
-
jWKSet
public OAuth2Auth jWKSet(Handler<AsyncResult<Void>> handler)
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh. To avoid the refresh to happen too late, this means that they keys will be invalid, if theOAuth2Options
JWTOptions
config contains a positive leeway, it will be used to request the refresh ahead of time. Key rotation can be controled byOAuth2Options
.- Parameters:
handler
- the handler success/failure.- Returns:
- fluent self.
-
jWKSet
public OAuth2Auth jWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh. To avoid the refresh to happen too late, this means that they keys will be invalid, if theOAuth2Options
JWTOptions
config contains a positive leeway, it will be used to request the refresh ahead of time. Key rotation can be controled byOAuth2Options
.- Returns:
- fluent self.
-
rxJWKSet
public io.reactivex.Completable rxJWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh. To avoid the refresh to happen too late, this means that they keys will be invalid, if theOAuth2Options
JWTOptions
config contains a positive leeway, it will be used to request the refresh ahead of time. Key rotation can be controled byOAuth2Options
.- Returns:
- fluent self.
-
missingKeyHandler
public OAuth2Auth missingKeyHandler(Handler<String> handler)
Handled to be called when a key (mentioned on a JWT) is missing from the current config. Users are advised to calljWKSet(io.vertx.core.Handler<io.vertx.core.AsyncResult<java.lang.Void>>)
but being careful to implement some rate limiting function. This method isn't generic for several reasons. The provider is not aware of the capabilities of the backend IdP in terms of max allowed API calls. Some validation could be done at the key id, which only the end user is aware of. A base implementation for this handler is:
This handler will purely debounce calls and allow only a single request to// are we already updating the jwks? private final AtomicBoolean updating = new AtomicBoolean(false); // default missing key handler, will try to reload with debounce oauth2.missingKeyHandler(keyId -> { if (updating.compareAndSet(false, true)) { // Refreshing JWKs due missing key jWKSet(done -> { updating.compareAndSet(true, false); if (done.failed()) { done.cause().printStackTrace();
}); } }); }jWKSet(io.vertx.core.Handler<io.vertx.core.AsyncResult<java.lang.Void>>)
at a time. No special handling is done to avoid requests on wrong key ids or prevent to many requests to the IdP server. Users should probably also account for the number of errors to present DDoS the IdP.- Parameters:
handler
-- Returns:
- Future result.
-
authorizeURL
@Deprecated public String authorizeURL(JsonObject params)
Deprecated.The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.- Parameters:
params
- extra params to be included in the final URL.- Returns:
- the url to be used to authorize the user.
-
authorizeURL
public String authorizeURL(OAuth2AuthorizationURL url)
The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.- Parameters:
url
- Base URL with path together with other parameters to be included in the final URL.- Returns:
- the url to be used to authorize the user.
-
refresh
public OAuth2Auth refresh(User user, Handler<AsyncResult<User>> handler)
Refresh the current User (access token).- Parameters:
user
- the user (access token) to be refreshed.handler
- the handler success/failure.- Returns:
- fluent self.
-
refresh
public OAuth2Auth refresh(User user)
Refresh the current User (access token).- Parameters:
user
- the user (access token) to be refreshed.- Returns:
- fluent self.
-
rxRefresh
public io.reactivex.Single<User> rxRefresh(User user)
Refresh the current User (access token).- Parameters:
user
- the user (access token) to be refreshed.- Returns:
- fluent self.
-
revoke
public OAuth2Auth revoke(User user, String tokenType, Handler<AsyncResult<Void>> handler)
Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).handler
- the handler success/failure.- Returns:
- fluent self.
-
revoke
public OAuth2Auth revoke(User user, String tokenType)
Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).- Returns:
- fluent self.
-
rxRevoke
public io.reactivex.Completable rxRevoke(User user, String tokenType)
Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).- Returns:
- fluent self.
-
revoke
public OAuth2Auth revoke(User user, Handler<AsyncResult<Void>> handler)
Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.handler
- the handler success/failure.- Returns:
- fluent self.
-
revoke
public OAuth2Auth revoke(User user)
Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.- Returns:
- fluent self.
-
rxRevoke
public io.reactivex.Completable rxRevoke(User user)
Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.- Parameters:
user
- the user (access token) to revoke.- Returns:
- fluent self.
-
userInfo
public OAuth2Auth userInfo(User user, Handler<AsyncResult<JsonObject>> handler)
Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo- Parameters:
user
- the user (access token) to fetch the user info.handler
- the handler success/failure.- Returns:
- fluent self.
-
userInfo
public OAuth2Auth userInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo- Parameters:
user
- the user (access token) to fetch the user info.- Returns:
- fluent self.
-
rxUserInfo
public io.reactivex.Single<JsonObject> rxUserInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo- Parameters:
user
- the user (access token) to fetch the user info.- Returns:
- fluent self.
-
endSessionURL
public String endSessionURL(User user, JsonObject params)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.- Parameters:
user
- the user to generate the url forparams
- extra parameters to apply to the url- Returns:
- the url to end the session.
-
endSessionURL
public String endSessionURL(User user)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.- Parameters:
user
- the user to generate the url for- Returns:
- the url to end the session.
-
close
public void close()
Releases any resources or timers used by this instance. Users are expected to call this method when the provider isn't needed any more to return the used resources back to the platform.
-
newInstance
public static OAuth2Auth newInstance(OAuth2Auth arg)
-
-