tenduke.sdk.core.auth.AbstractOAuthClient Class Reference

Detailed Description

Base class for OAuth client implementations.

Note: the second phase construction method init() must be used prior to running an OAuth flow.

Inheritance diagram for tenduke.sdk.core.auth.AbstractOAuthClient:

Public Member Functions
	AbstractOAuthClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper)
	Class constructor.
void	init ()
	Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration.
VerifiedOAuthTokenResponse	refreshToken (final String refreshToken) throws IOException
	Makes an access token refresh request to the authorization server.
boolean	checkIfJwksUriIsConfigured ()
	Checks if this client instance has configuration for the JWKS endpoint.
boolean	reloadJwks ()
	Requests this client instance to reload keys from the JWKS endpoint and persistent storage.
boolean	reloadOnlineJwks ()
	Requests this client instance to reload keys from the JWKS endpoint and persistent storage.
boolean	reloadPersistentJwks ()
	Requests this client instance to reload keys from the JWKS persistent storage, if available.

Protected Member Functions
VerifiedOAuthTokenResponse	parseTokenResponse (final Response response)
	Parses a token response received from the authorization server (Identity Provider).
void	assertStateIsValid ()
	Analyzes state and configuration.
void	loadOpenIdConnectConfiguration ()
	Loads OpenId configuration from configured URL (only if discovery URL is available in configuration).
String	formatConfigMissingMessage (final String formatValue)
	Formats a message for a missing configuration value.
String	formatRuntimeDependencyMissingMessage (final String formatValue)
	Formats a message for a missing configuration value.
abstract boolean	supportsTokenRefresh ()
	Returns flag that tells if the OAuth client implementation supports token refresh.
boolean	updateSigningKeys (final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp)
	Updates signing keys based on OpenIdConfiguration that has been loaded or changed.
boolean	reloadOnlineSigningKeys (final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp)
	Reloads signing keys based on OpenIdConfiguration that has been loaded or changed.
boolean	reloadPersistentSigningKeys (final JwtServiceProvider jwtSp)
	Reloads signing keys based on persistence, if available.

Constructor & Destructor Documentation

AbstractOAuthClient()

tenduke.sdk.core.auth.AbstractOAuthClient.AbstractOAuthClient	(	final AuthConfig	config,
		final OkHttpProvider	okHttpProvider,
		final JwtServiceProvider	jwtServiceProvider,
		final ObjectMapper	mapper )

Class constructor.

Parameters

config	The configuration to use for OAuth client_id and endpoints at the authorization provider,
okHttpProvider	Provides OkHttpClient instance(s).
jwtServiceProvider	Provides JwtService instances.
mapper	Jackson object mapper, needed for parsing access token response JSON.

Member Function Documentation

assertStateIsValid()

void tenduke.sdk.core.auth.AbstractOAuthClient.assertStateIsValid ( )

protected

Analyzes state and configuration.

Throws IllegalStateException if:

• runtime dependencies have not been provided
• missing or invalid configuration is encountered

Required values are checked to ensure they are not null and conform to expected grammar (for example URIs are formatted correctly).

Reimplemented in tenduke.sdk.core.auth.AbstractPkceClient, tenduke.sdk.core.auth.DeviceFlowClient, and tenduke.sdk.core.auth.WebAppPkceClient.

checkIfJwksUriIsConfigured()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.checkIfJwksUriIsConfigured

(

)

Checks if this client instance has configuration for the JWKS endpoint.

Returns

true if this client instance has configuration for the JWKS endpoint, false otherwise.

formatConfigMissingMessage()

String tenduke.sdk.core.auth.AbstractOAuthClient.formatConfigMissingMessage ( final String formatValue )

protected

Formats a message for a missing configuration value.

The message takes shape: "{0} is not configured."

Parameters

formatValue

The value for the single format element.

Returns

The formatted message.

formatRuntimeDependencyMissingMessage()

String tenduke.sdk.core.auth.AbstractOAuthClient.formatRuntimeDependencyMissingMessage ( final String formatValue )

protected

Formats a message for a missing configuration value.

The message takes shape: "{0} is not configured."

Parameters

formatValue

The value for the single format element.

Returns

The formatted message.

init()

void tenduke.sdk.core.auth.AbstractOAuthClient.init

(

)

Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration.

Calling this method will induce an HTTP request if the AuthConfig#idpOidcDiscoveryUrl() is configured. Otherwise the provided AuthConfig is used as such.

Reimplemented in tenduke.sdk.core.auth.DesktopPkceClient.

parseTokenResponse()

VerifiedOAuthTokenResponse tenduke.sdk.core.auth.AbstractOAuthClient.parseTokenResponse ( final Response response )

protected

Parses a token response received from the authorization server (Identity Provider).

Parameters

response

The HTTP response object.

Returns

A token response object with success vs. error information.

refreshToken()

VerifiedOAuthTokenResponse tenduke.sdk.core.auth.AbstractOAuthClient.refreshToken

(

final String

refreshToken

)

throws IOException

Makes an access token refresh request to the authorization server.

Parameters

refreshToken

The client's current refresh token.

Returns

The token response provided by the authorization server. Note: The return value may be null, which happens if no response body is provided by the access token request to the authorization server. For not null return values you may use the OAuthTokenResponse#checkIsSuccess() and OAuthTokenResponse#checkIsError() methods of OAuthTokenResponse to determine if getting the id token or error handling is the next step.

Exceptions

java.io.IOException

if the request could not be executed due to cancellation, a connectivity problem or timeout.

reloadJwks()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.reloadJwks

(

)

Requests this client instance to reload keys from the JWKS endpoint and persistent storage.

If the JWT service provider supports persistent storage, this method will also ensure that newly loaded keys are persisted for future use.

Returns

true if key loading is possible based on configuration and supported by the JwtServiceProvider, false otherwise.

reloadOnlineJwks()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.reloadOnlineJwks

(

)

Requests this client instance to reload keys from the JWKS endpoint and persistent storage.

If the JWT service provider supports persistent storage, this method will also ensure that newly loaded keys are persisted for future use.

Returns

true if key loading is possible based on configuration and supported by the JwtServiceProvider, false otherwise.

reloadOnlineSigningKeys()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.reloadOnlineSigningKeys ( final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp )

protected

Reloads signing keys based on OpenIdConfiguration that has been loaded or changed.

This method will load keys from the JWKS endpoint if supported. If the JWT service provider supports persistent storage, the keys will be automatically persisted during the loading process.

Parameters

effectiveOidcConfig	The OpenIdConfiguration containing an optional JWKS URL.
jwtSp	The JWT service provider to trigger key update for.

Returns

true if key loading is possible based on configuration and supported by the JwtServiceProvider, false otherwise.

reloadPersistentJwks()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.reloadPersistentJwks

(

)

Requests this client instance to reload keys from the JWKS persistent storage, if available.

Returns

true if key loading is possible based on configuration and supported by the JwtServiceProvider, false otherwise.

reloadPersistentSigningKeys()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.reloadPersistentSigningKeys ( final JwtServiceProvider jwtSp )

protected

Reloads signing keys based on persistence, if available.

Parameters

jwtSp

The JWT service provider to trigger key update for.

Returns

true if key loading is possible based on configuration and supported by the JwtServiceProvider, false otherwise.

supportsTokenRefresh()

abstract boolean tenduke.sdk.core.auth.AbstractOAuthClient.supportsTokenRefresh ( )

abstractprotected

Returns flag that tells if the OAuth client implementation supports token refresh.

Returns

true if token refresh is supported, false otherwise

Reimplemented in tenduke.sdk.core.auth.AbstractPkceClient, and tenduke.sdk.core.auth.DeviceFlowClient.

updateSigningKeys()

boolean tenduke.sdk.core.auth.AbstractOAuthClient.updateSigningKeys ( final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp )

protected

Updates signing keys based on OpenIdConfiguration that has been loaded or changed.

This method will load keys from the JWKS endpoint if supported. If the JWT service provider supports persistent storage, the keys will be automatically persisted during the loading process.

This method also reloads persistent keys, if available.

Parameters

effectiveOidcConfig	The OpenIdConfiguration containing an optional JWKS URL.
jwtSp	The JWT service provider to trigger key update for.

Returns

true if key loading is possible based either in online or persistent manner.

---

The documentation for this class was generated from the following file:

• auth/src/main/java/tenduke/sdk/core/auth/AbstractOAuthClient.java