Package net.shibboleth.oidc.profile.oauth2.config

Class OAuth2TokenAudienceConfiguration

  • All Implemented Interfaces:
    net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration, OAuth2ProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
    public class OAuth2TokenAudienceConfiguration
extends net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
implements OAuth2ProfileConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration
    Interface for OAuth 2 token "audience" profile configuration.

    This applies to behavior controlling the characteristics of tokens issued to the parties intended to process them, as distinct from the clients that use them.

    • Constructor Detail

      • OAuth2TokenAudienceConfiguration

        public OAuth2TokenAudienceConfiguration()
        Constructor.

      • OAuth2TokenAudienceConfiguration

        public OAuth2TokenAudienceConfiguration​(@Nonnull @NotEmpty
                                        String profileId)
        Creates a new configuration instance.
        Parameters:
        profileId - Unique profile identifier.

    • Method Detail

      • getIssuer

        @Nullable
@NotEmpty
public String getIssuer​(@Nullable
                        ProfileRequestContext profileRequestContext)
        Specified by:
        getIssuer in interface net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration

      • setIssuer

        public void setIssuer​(@Nullable @NotEmpty
                      String issuer)
        Set overridden issuer value.
        Parameters:
        issuer - issuer value

      • setIssuerLookupStrategy

        public void setIssuerLookupStrategy​(@Nonnull
                                    Function<ProfileRequestContext,​String> strategy)
        Sets lookup strategy for overridden issuer value.
        Parameters:
        strategy - lookup strategy

      • isResolveAttributes

        public boolean isResolveAttributes​(@Nullable
                                   ProfileRequestContext profileRequestContext)
        Specified by:
        isResolveAttributes in interface net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration

      • setResolveAttributes

        public void setResolveAttributes​(boolean flag)
        Set whether attributes should be resolved during the profile.
        Parameters:
        flag - flag to set

      • setResolveAttributesPredicate

        public void setResolveAttributesPredicate​(@Nonnull
                                          Predicate<ProfileRequestContext> condition)
        Set a condition to determine whether attributes should be resolved during the profile.
        Parameters:
        condition - condition to set

      • isEncryptionOptional

        public boolean isEncryptionOptional​(@Nullable
                                    ProfileRequestContext profileRequestContext)
        Get whether encryption is optional in the face of a missing key, etc.
        Parameters:
        profileRequestContext - current profile request context
        Returns:
        true iff encryption is optional

      • setEncryptionOptional

        public void setEncryptionOptional​(boolean flag)
        Set whether encryption is optional in the face of a missing key, etc.
        Parameters:
        flag - flag to set

      • setEncryptionOptionalPredicate

        public void setEncryptionOptionalPredicate​(@Nonnull
                                           Predicate<ProfileRequestContext> condition)
        Set a condition to determine whether encryption is optional in the face of a missing key, etc.
        Parameters:
        condition - condition to set

      • getAccessTokenType

        @Nullable
@NotEmpty
public String getAccessTokenType​(@Nullable
                                 ProfileRequestContext profileRequestContext)
        Get access token type.
        Parameters:
        profileRequestContext - profile request context
        Returns:
        access token type, or null for unspecified/opaque

      • setAccessTokenType

        public void setAccessTokenType​(@Nullable @NotEmpty
                               String type)
        Set access token type.
        Parameters:
        type - token type, or null for unspecified/opaque

      • setAccessTokenTypeLookupStrategy

        public void setAccessTokenTypeLookupStrategy​(@Nonnull
                                             Function<ProfileRequestContext,​String> strategy)
        Set lookup strategy for access token type.
        Parameters:
        strategy - lookup strategy

      • getAccessTokenLifetime

        @Positive
@Nonnull
public Duration getAccessTokenLifetime​(@Nullable
                                       ProfileRequestContext profileRequestContext)
        Get access token lifetime.

        Defaults to 10 minutes.

        Parameters:
        profileRequestContext - profile request context
        Returns:
        access token lifetime

      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(@Positive @Nonnull
                                   Duration lifetime)
        Set the lifetime of an access token.
        Parameters:
        lifetime - lifetime of an access token in milliseconds

      • setAccessTokenLifetimeLookupStrategy

        public void setAccessTokenLifetimeLookupStrategy​(@Nullable
                                                 Function<ProfileRequestContext,​Duration> strategy)
        Set a lookup strategy for the access token lifetime.
        Parameters:
        strategy - lookup strategy