Module org.eclipse.jetty.security.openid

Package org.eclipse.jetty.security.openid

Class OpenIdConfiguration

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.security.openid.OpenIdConfiguration

All Implemented Interfaces:

org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle

public class OpenIdConfiguration
extends org.eclipse.jetty.util.component.ContainerLifeCycle

Holds the configuration for an OpenID Connect service.

This uses the OpenID Provider URL with the path CONFIG_PATH to discover the required information about the OIDC service.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OpenIdConfiguration.Builder	Builder for OpenIdConfiguration.

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.Dumpable.DumpAppendable

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

LEGEND

Constructor Summary

Constructors

Constructor	Description
OpenIdConfiguration(String provider, String clientId, String clientSecret)	Deprecated, for removal: This API element is subject to removal in a future version. Use OpenIdConfiguration.Builder instead.
OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String endSessionEndpoint, String clientId, String clientSecret, String authenticationMethod, org.eclipse.jetty.client.HttpClient httpClient)	Deprecated, for removal: This API element is subject to removal in a future version. Use OpenIdConfiguration.Builder instead.
OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String clientId, String clientSecret, String authenticationMethod, org.eclipse.jetty.client.HttpClient httpClient)	Deprecated, for removal: This API element is subject to removal in a future version. Use OpenIdConfiguration.Builder instead.
OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String clientId, String clientSecret, org.eclipse.jetty.client.HttpClient httpClient)	Deprecated, for removal: This API element is subject to removal in a future version. Use OpenIdConfiguration.Builder instead.

Method Summary

Modifier and Type	Method	Description
void	addScopes(String... scopes)	Deprecated, for removal: This API element is subject to removal in a future version. use OpenIdConfiguration.Builder to configure the OpenID Configuration.
protected void	doStart()
protected Map<String,Object>	fetchOpenIdConnectMetadata()	Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint.
String	getAuthEndpoint()	Deprecated, for removal: This API element is subject to removal in a future version. use getAuthorizationEndpoint() instead.
String	getAuthenticationMethod()
String	getAuthorizationEndpoint()
String	getClientId()
String	getClientSecret()
String	getEndSessionEndpoint()
org.eclipse.jetty.client.HttpClient	getHttpClient()
String	getIssuer()
List<String>	getScopes()
String	getTokenEndpoint()
boolean	isAuthenticateNewUsers()
boolean	isLogoutWhenIdTokenIsExpired()
protected void	processMetadata(Map<String,Object> discoveryDocument)	Process the OpenID Connect metadata discovered by fetchOpenIdConnectMetadata().
void	setAuthenticateNewUsers(boolean authenticateNewUsers)	Deprecated, for removal: This API element is subject to removal in a future version. use OpenIdConfiguration.Builder to configure the OpenID Configuration.
void	setLogoutWhenIdTokenIsExpired(boolean logoutWhenIdTokenIsExpired)	Deprecated, for removal: This API element is subject to removal in a future version. use OpenIdConfiguration.Builder to configure the OpenID Configuration.
String	toString()

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.Container

getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

isDumpable

Constructor Details

OpenIdConfiguration

@Deprecated(since="12.1.0",
            forRemoval=true)
public OpenIdConfiguration(String provider,
 String clientId,
 String clientSecret)

Deprecated, for removal: This API element is subject to removal in a future version.

Use OpenIdConfiguration.Builder instead.

Create an OpenID configuration for a specific OIDC provider.

Parameters:

provider - The URL of the OpenID provider.

clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.

clientSecret - The client secret known only by the Client and the Authorization Server.

OpenIdConfiguration

@Deprecated(since="12.1.0",
            forRemoval=true)
public OpenIdConfiguration(String issuer,
 String authorizationEndpoint,
 String tokenEndpoint,
 String clientId,
 String clientSecret,
 org.eclipse.jetty.client.HttpClient httpClient)

Deprecated, for removal: This API element is subject to removal in a future version.

Use OpenIdConfiguration.Builder instead.

Create an OpenID configuration for a specific OIDC provider.

Parameters:

issuer - The URL of the OpenID provider.

authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.

tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.

clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.

clientSecret - The client secret known only by the Client and the Authorization Server.

httpClient - The HttpClient instance to use.

OpenIdConfiguration

@Deprecated(since="12.1.0",
            forRemoval=true)
public OpenIdConfiguration(@Name("issuer")
 String issuer,
 @Name("authorizationEndpoint")
 String authorizationEndpoint,
 @Name("tokenEndpoint")
 String tokenEndpoint,
 @Name("clientId")
 String clientId,
 @Name("clientSecret")
 String clientSecret,
 @Name("authenticationMethod")
 String authenticationMethod,
 @Name("httpClient")
 org.eclipse.jetty.client.HttpClient httpClient)

Deprecated, for removal: This API element is subject to removal in a future version.

Use OpenIdConfiguration.Builder instead.

Create an OpenID configuration for a specific OIDC provider.

Parameters:

issuer - The URL of the OpenID provider.

authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.

tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.

clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.

clientSecret - The client secret known only by the Client and the Authorization Server.

authenticationMethod - Authentication method to use with the Token Endpoint.

httpClient - The HttpClient instance to use.

OpenIdConfiguration

@Deprecated(since="12.1.0",
            forRemoval=true)
public OpenIdConfiguration(@Name("issuer")
 String issuer,
 @Name("authorizationEndpoint")
 String authorizationEndpoint,
 @Name("tokenEndpoint")
 String tokenEndpoint,
 @Name("endSessionEndpoint")
 String endSessionEndpoint,
 @Name("clientId")
 String clientId,
 @Name("clientSecret")
 String clientSecret,
 @Name("authenticationMethod")
 String authenticationMethod,
 @Name("httpClient")
 org.eclipse.jetty.client.HttpClient httpClient)

Deprecated, for removal: This API element is subject to removal in a future version.

Use OpenIdConfiguration.Builder instead.

Create an OpenID configuration for a specific OIDC provider.

Parameters:

issuer - The URL of the OpenID provider.

authorizationEndpoint - the URL of the OpenID provider's authorization endpoint if configured.

tokenEndpoint - the URL of the OpenID provider's token endpoint if configured.

endSessionEndpoint - the URL of the OpenID provider's end session endpoint if configured.

clientId - OAuth 2.0 Client Identifier valid at the Authorization Server.

clientSecret - The client secret known only by the Client and the Authorization Server.

authenticationMethod - Authentication method to use with the Token Endpoint.

httpClient - The HttpClient instance to use.

Method Details

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class org.eclipse.jetty.util.component.ContainerLifeCycle

Throws:

Exception

processMetadata

protected void processMetadata(Map<String,Object> discoveryDocument)

Process the OpenID Connect metadata discovered by fetchOpenIdConnectMetadata(). By default, only the AUTHORIZATION_ENDPOINT and TOKEN_ENDPOINT claims are extracted.

Throws:

IllegalStateException - if a required field is not present in the metadata.

See Also:

• OpenID Connect Discovery 1.0

fetchOpenIdConnectMetadata

protected Map<String,Object> fetchOpenIdConnectMetadata()

Obtain the JSON metadata from OpenID Connect Discovery Configuration Endpoint.

Returns:

a set of Claims about the OpenID Provider's configuration in JSON format.

Throws:

IllegalStateException - if metadata could not be fetched from the OP.

getHttpClient

public org.eclipse.jetty.client.HttpClient getHttpClient()

getAuthorizationEndpoint

public String getAuthorizationEndpoint()

getClientId

public String getClientId()

getClientSecret

public String getClientSecret()

getIssuer

public String getIssuer()

getTokenEndpoint

public String getTokenEndpoint()

getEndSessionEndpoint

public String getEndSessionEndpoint()

getAuthenticationMethod

public String getAuthenticationMethod()

getScopes

public List<String> getScopes()

isAuthenticateNewUsers

public boolean isAuthenticateNewUsers()

isLogoutWhenIdTokenIsExpired

public boolean isLogoutWhenIdTokenIsExpired()

getAuthEndpoint

@Deprecated(since="12.1.0",
            forRemoval=true)
public String getAuthEndpoint()

Deprecated, for removal: This API element is subject to removal in a future version.

use getAuthorizationEndpoint() instead.

setAuthenticateNewUsers

@Deprecated(since="12.1.0",
            forRemoval=true)
public void setAuthenticateNewUsers(boolean authenticateNewUsers)

Deprecated, for removal: This API element is subject to removal in a future version.

use OpenIdConfiguration.Builder to configure the OpenID Configuration.

addScopes

@Deprecated(since="12.1.0",
            forRemoval=true)
public void addScopes(String... scopes)

Deprecated, for removal: This API element is subject to removal in a future version.

use OpenIdConfiguration.Builder to configure the OpenID Configuration.

setLogoutWhenIdTokenIsExpired

@Deprecated(since="12.1.0",
            forRemoval=true)
public void setLogoutWhenIdTokenIsExpired(boolean logoutWhenIdTokenIsExpired)

Deprecated, for removal: This API element is subject to removal in a future version.

use OpenIdConfiguration.Builder to configure the OpenID Configuration.

toString

public String toString()

Overrides:

toString in class org.eclipse.jetty.util.component.AbstractLifeCycle