public interface OAuth2Auth extends AuthenticationProvider
AuthenticationProvider
instances.Modifier and Type | Method and Description |
---|---|
String |
authorizeURL(JsonObject params)
Deprecated.
For type safety this method should be avoided and
authorizeURL(OAuth2AuthorizationURL) should be
used instead. |
String |
authorizeURL(OAuth2AuthorizationURL url)
The client sends the end-user's browser to this endpoint to request their
authentication and consent.
|
void |
close()
Releases any resources or timers used by this instance.
|
static OAuth2Auth |
create(Vertx vertx)
Create a OAuth2 auth provider.
|
static OAuth2Auth |
create(Vertx vertx,
OAuth2Options config)
Create a OAuth2 auth provider
|
default String |
endSessionURL(User user)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
|
String |
endSessionURL(User user,
JsonObject params)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
|
Future<Void> |
jWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity
of issued ID and access tokens.
|
default OAuth2Auth |
jWKSet(Handler<AsyncResult<Void>> handler)
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity
of issued ID and access tokens.
|
OAuth2Auth |
missingKeyHandler(Handler<String> handler)
Handled to be called when a key (mentioned on a JWT) is missing from the current config.
|
Future<User> |
refresh(User user)
Refresh the current User (access token).
|
default OAuth2Auth |
refresh(User user,
Handler<AsyncResult<User>> handler)
Refresh the current User (access token).
|
default Future<Void> |
revoke(User user)
Revoke an obtained access token.
|
default OAuth2Auth |
revoke(User user,
Handler<AsyncResult<Void>> handler)
Revoke an obtained access token.
|
Future<Void> |
revoke(User user,
String tokenType)
Revoke an obtained access or refresh token.
|
default OAuth2Auth |
revoke(User user,
String tokenType,
Handler<AsyncResult<Void>> handler)
Revoke an obtained access or refresh token.
|
Future<JsonObject> |
userInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user.
|
default OAuth2Auth |
userInfo(User user,
Handler<AsyncResult<JsonObject>> handler)
Retrieve profile information and other attributes for a logged-in end-user.
|
authenticate, authenticate, authenticate, authenticate
static OAuth2Auth create(Vertx vertx)
vertx
- the Vertx instancestatic OAuth2Auth create(Vertx vertx, OAuth2Options config)
vertx
- the Vertx instanceconfig
- the configdefault OAuth2Auth jWKSet(Handler<AsyncResult<Void>> handler)
OAuth2Options
JWTOptions
config contains a
positive leeway, it will be used to request the refresh ahead of time.
Key rotation can be controled by OAuth2Options.setRotateJWKs(boolean)
.handler
- the handler success/failure.Future<Void> jWKSet()
jWKSet(Handler)
OAuth2Auth missingKeyHandler(Handler<String> handler)
jWKSet(Handler)
but being careful to implement
some rate limiting function.
This method isn't generic for several reasons. The provider is not aware of the capabilities
of the backend IdP in terms of max allowed API calls. Some validation could be done at the
key id, which only the end user is aware of.
A base implementation for this handler is:
// are we already updating the jwks?
private final AtomicBoolean updating = new AtomicBoolean(false);
// default missing key handler, will try to reload with debounce
oauth2.missingKeyHandler(keyId -> {
if (updating.compareAndSet(false, true)) {
// Refreshing JWKs due missing key
jWKSet(done -> {
updating.compareAndSet(true, false);
if (done.failed()) {
done.cause().printStackTrace();
}
});
}
});
This handler will purely debounce calls and allow only a single request to jWKSet()
at a time. No special handling is done to avoid requests on wrong key ids or prevent to many
requests to the IdP server. Users should probably also account for the number of errors to
present DDoS the IdP.missingKeyHandler(Handler)
@Deprecated String authorizeURL(JsonObject params)
authorizeURL(OAuth2AuthorizationURL)
should be
used instead.params
- extra params to be included in the final URL.String authorizeURL(OAuth2AuthorizationURL url)
url
- Base URL with path together with other parameters to be included in the final URL.default OAuth2Auth refresh(User user, Handler<AsyncResult<User>> handler)
user
- the user (access token) to be refreshed.handler
- the handler success/failure.Future<User> refresh(User user)
user
- the user (access token) to be refreshed.userInfo(User, Handler)
default OAuth2Auth revoke(User user, String tokenType, Handler<AsyncResult<Void>> handler)
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).handler
- the handler success/failure.default OAuth2Auth revoke(User user, Handler<AsyncResult<Void>> handler)
user
- the user (access token) to revoke.handler
- the handler success/failure.Future<Void> revoke(User user, String tokenType)
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).revoke(User, String, Handler)
default Future<Void> revoke(User user)
user
- the user (access token) to revoke.revoke(User, Handler)
default OAuth2Auth userInfo(User user, Handler<AsyncResult<JsonObject>> handler)
user
- the user (access token) to fetch the user info.handler
- the handler success/failure.Future<JsonObject> userInfo(User user)
user
- the user (access token) to fetch the user info.userInfo(User, Handler)
String endSessionURL(User user, JsonObject params)
user
- the user to generate the url forparams
- extra parameters to apply to the urldefault String endSessionURL(User user)
user
- the user to generate the url forvoid close()
Copyright © 2024 Eclipse. All rights reserved.