Package net.shibboleth.idp.plugin.oidc.op.profile.impl

Class SetRefreshTokenToResponseContext

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCResponseAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.SetRefreshTokenToResponseContext

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class SetRefreshTokenToResponseContext
extends AbstractOIDCResponseAction

Action that creates a Refresh Token, and sets it to work context OIDCAuthenticationResponseContext.getRefreshToken() located under InOutOperationContext.getOutboundMessageContext(). The refresh_token is created only if the request contains offline_access - scope.

Field Summary

Fields

Modifier and Type	Field	Description
private DataSealer	dataSealer	Data sealer for handling access token.
private Predicate<ProfileRequestContext>	enforceRefreshTokenRotationCondition	Strategy used to determine whether to revoke refresh tokens once they're used.
private IdentifierGenerationStrategy	idGenerator	The generator to use.
private Function<ProfileRequestContext,IdentifierGenerationStrategy>	idGeneratorLookupStrategy	Strategy used to locate the IdentifierGenerationStrategy to use.
private org.slf4j.Logger	log	Class logger.
private BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>	manipulationStrategy	The strategy used for manipulating the token claims set.
private Duration	refreshTokenLifetime	Refresh Token lifetime.
private Function<ProfileRequestContext,Duration>	refreshTokenLifetimeLookupStrategy	Strategy used to obtain the refresh token lifetime.
private RevocationCache	revocationCache	Message revocation cache instance to use.
private TokenClaimsSet	tokenClaimsSet	Authorize Code / Refresh Token the refresh token will be based on.
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>>	tokenClaimsSetManipulationStrategyLookupStrategy	Lookup function to supply strategy bi-function for manipulating token claims set.
private Function<com.nimbusds.jwt.JWTClaimsSet,Duration>	tokenRevocationLifetimeLookupStrategy	Lookup function to supply token revocation lifetime.

Constructor Summary

Constructors

Constructor	Description
SetRefreshTokenToResponseContext(DataSealer sealer)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setEnforceRefreshTokenRotationCondition(Predicate<ProfileRequestContext> condition)	Set the condition used to determine whether to revoke refresh tokens once they're used.
void	setIdentifierGeneratorLookupStrategy(Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)	Set the strategy used to locate the IdentifierGenerationStrategy to use.
void	setRefreshTokenLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set the strategy used to obtain the access token lifetime.
void	setRevocationCache(RevocationCache cache)	Set the revocation cache instance to use.
void	setTokenClaimsSetManipulationStrategyLookupStrategy(Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)	Set the lookup function to supply strategy bi-function for manipulating token claims set.
void	setTokenRevocationLifetimeLookupStrategy(Function<com.nimbusds.jwt.JWTClaimsSet,Duration> strategy)	Set a lookup strategy for the token revocation lifetime.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCResponseAction

getMetadataContext, getOidcResponseContext

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Class logger.

dataSealer

@Nonnull
private final DataSealer dataSealer

Data sealer for handling access token.

revocationCache

@NonnullAfterInit
private RevocationCache revocationCache

Message revocation cache instance to use.

refreshTokenLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> refreshTokenLifetimeLookupStrategy

Strategy used to obtain the refresh token lifetime.

tokenClaimsSetManipulationStrategyLookupStrategy

@Nonnull
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> tokenClaimsSetManipulationStrategyLookupStrategy

Lookup function to supply strategy bi-function for manipulating token claims set.

manipulationStrategy

@Nullable
private BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> manipulationStrategy

The strategy used for manipulating the token claims set.

idGeneratorLookupStrategy

@Nonnull
private Function<ProfileRequestContext,IdentifierGenerationStrategy> idGeneratorLookupStrategy

Strategy used to locate the IdentifierGenerationStrategy to use.

enforceRefreshTokenRotationCondition

@Nonnull
private Predicate<ProfileRequestContext> enforceRefreshTokenRotationCondition

Strategy used to determine whether to revoke refresh tokens once they're used.

tokenRevocationLifetimeLookupStrategy

@Nonnull
private Function<com.nimbusds.jwt.JWTClaimsSet,Duration> tokenRevocationLifetimeLookupStrategy

Lookup function to supply token revocation lifetime.

tokenClaimsSet

@Nullable
private TokenClaimsSet tokenClaimsSet

Authorize Code / Refresh Token the refresh token will be based on.

refreshTokenLifetime

@Nullable
private Duration refreshTokenLifetime

Refresh Token lifetime.

idGenerator

@Nullable
private IdentifierGenerationStrategy idGenerator

The generator to use.

Constructor Detail

SetRefreshTokenToResponseContext

public SetRefreshTokenToResponseContext(@Nonnull @ParameterName(name="sealer")
                                        DataSealer sealer)

Constructor.

Parameters:

sealer - sealer to encrypt/hmac refresh token.

Method Detail

setRevocationCache

public void setRevocationCache(@Nonnull
                               RevocationCache cache)

Set the revocation cache instance to use.

Parameters:

cache - The revocationCache to set.

setRefreshTokenLifetimeLookupStrategy

public void setRefreshTokenLifetimeLookupStrategy(@Nonnull
                                                  Function<ProfileRequestContext,Duration> strategy)

Set the strategy used to obtain the access token lifetime.

Parameters:

strategy - lookup strategy

setTokenClaimsSetManipulationStrategyLookupStrategy

public void setTokenClaimsSetManipulationStrategyLookupStrategy(@Nonnull
                                                                Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)

Set the lookup function to supply strategy bi-function for manipulating token claims set.

Parameters:

strategy - What to set

setIdentifierGeneratorLookupStrategy

public void setIdentifierGeneratorLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,IdentifierGenerationStrategy> strategy)

Set the strategy used to locate the IdentifierGenerationStrategy to use.

Parameters:

strategy - lookup strategy

setEnforceRefreshTokenRotationCondition

public void setEnforceRefreshTokenRotationCondition(@Nonnull
                                                    Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to revoke refresh tokens once they're used.

Parameters:

condition - condition to apply

setTokenRevocationLifetimeLookupStrategy

public void setTokenRevocationLifetimeLookupStrategy(@Nullable
                                                     Function<com.nimbusds.jwt.JWTClaimsSet,Duration> strategy)

Set a lookup strategy for the token revocation lifetime.

Parameters:

strategy - What to set.

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractOIDCResponseAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction