Package net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl

Class RevokeToken

  • All Implemented Interfaces:
    Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
    public class RevokeToken
extends net.shibboleth.idp.profile.AbstractProfileAction
    Action that revokes a single token or the full chain of tokens, depending on the result of the configured lookup strategy for the revocation method. The full chain of tokens refer to the token that is fed to this action together with all other tokens related to the same root token identifier. For legacy reasons, if the root token identifier is not existing in the claims set but the full chain is to be revoked, the JWT identifier (jti) from the claims set is used as the root token identifier.
    Event:
    EventIds.PROCEED_EVENT_ID, OidcEventIds.REVOCATION_FAILED

    • Field Detail

      • log

        @Nonnull
private org.slf4j.Logger log
        Class logger.

      • revocationMethodLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenRevocationConfiguration.OAuth2TokenRevocationMethod> revocationMethodLookupStrategy
        Which revocation method should be used when revoking a token. Supported values are CHAIN and TOKEN. The default is CHAIN.

      • chainRevocationLifetimeLookupStrategy

        @Nonnull
private Function<ProfileRequestContext,​Duration> chainRevocationLifetimeLookupStrategy
        Lookup function to supply chain revocation lifetime.

      • tokenRevocationLifetimeLookupStrategy

        @Nonnull
private Function<com.nimbusds.jwt.JWTClaimsSet,​Duration> tokenRevocationLifetimeLookupStrategy
        Lookup function to supply token revocation lifetime.

      • rootTokenIdentifierLookupStrategy

        @Nonnull
private Function<com.nimbusds.jwt.JWTClaimsSet,​String> rootTokenIdentifierLookupStrategy
        Lookup function to supply root token identifier.

      • revocationMethod

        private net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenRevocationConfiguration.OAuth2TokenRevocationMethod revocationMethod
        Revocation method used when revoking a token.

      • revocationLifetime

        private Duration revocationLifetime
        Revocation lifetime to use.

      • claimsSet

        private com.nimbusds.jwt.JWTClaimsSet claimsSet
        The claims set to operate on.

    • Constructor Detail

      • RevokeToken

        public RevokeToken()
        Constructor.

    • Method Detail

      • setRevocationCache

        public void setRevocationCache​(@Nonnull
                               RevocationCache cache)
        Set the revocation cache instance to use.
        Parameters:
        cache - The revocationCache to set.

      • setRevocationMethodLookupStrategy

        public void setRevocationMethodLookupStrategy​(@Nonnull
                                              Function<ProfileRequestContext,​net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenRevocationConfiguration.OAuth2TokenRevocationMethod> strategy)
        Set strategy for looking up which revocation method should be used when revoking a token.
        Parameters:
        strategy - What to set.

      • setChainRevocationLifetimeLookupStrategy

        public void setChainRevocationLifetimeLookupStrategy​(@Nullable
                                                     Function<ProfileRequestContext,​Duration> strategy)
        Set a lookup strategy for the chain revocation lifetime.
        Parameters:
        strategy - What to set.

      • setTokenRevocationLifetimeLookupStrategy

        public void setTokenRevocationLifetimeLookupStrategy​(@Nullable
                                                     Function<com.nimbusds.jwt.JWTClaimsSet,​Duration> strategy)
        Set a lookup strategy for the token revocation lifetime.
        Parameters:
        strategy - What to set.

      • setRootTokenIdentifierLookupStrategy

        public void setRootTokenIdentifierLookupStrategy​(@Nullable
                                                 Function<com.nimbusds.jwt.JWTClaimsSet,​String> strategy)
        Set a lookup strategy for the root token identifier.
        Parameters:
        strategy - What to set.