Class OAuth2TokenConfiguration
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
-
- net.shibboleth.idp.profile.config.AbstractProfileConfiguration
-
- net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2ClientAuthenticableProfileConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2FlowAwareProfileConfiguration
-
- net.shibboleth.oidc.profile.config.AbstractOIDCSSOConfiguration
-
- net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenConfiguration
-
- All Implemented Interfaces:
net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration,net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration,net.shibboleth.idp.profile.config.ConditionalProfileConfiguration,net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration,net.shibboleth.idp.profile.config.ProfileConfiguration,OIDCProfileConfiguration,OAuth2ProfileConfiguration,Component,DestructableComponent,IdentifiableComponent,IdentifiedComponent,InitializableComponent
public class OAuth2TokenConfiguration extends AbstractOIDCSSOConfiguration
OIDC-aware OAuth 2 token endpoint profile configuration.
-
-
Field Summary
Fields Modifier and Type Field Description private Predicate<ProfileRequestContext>enforceRefreshTokenRotationPredicateWhether always revoke the refresh_token after it's used.private Function<ProfileRequestContext,Set<String>>grantTypesLookupStrategyEnabled grant types.static StringPROFILE_IDID for this profile configuration.private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>>refreshTokenClaimsSetManipulationStrategyLookupStrategyLookup function to supply strategy bi-function for manipulating refresh token claims set.-
Fields inherited from class net.shibboleth.oidc.profile.config.AbstractOIDCSSOConfiguration
PROTOCOL_URI
-
-
Constructor Summary
Constructors Constructor Description OAuth2TokenConfiguration()Constructor.OAuth2TokenConfiguration(String profileId)Creates a new configuration instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>getGrantTypes(ProfileRequestContext profileRequestContext)Get the enabled grant types.BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>getRefreshTokenClaimsSetManipulationStrategy(ProfileRequestContext profileRequestContext)Get the bi-function for manipulating refresh token claims set.booleanisEnforceRefreshTokenRotation(ProfileRequestContext profileRequestContext)Get whether always revoke the refresh_token after it's used.voidsetEnforceRefreshTokenRotation(boolean flag)Set whether always revoke the refresh_token after it's used.voidsetEnforceRefreshTokenRotationPredicate(Predicate<ProfileRequestContext> condition)Set condition for whether always revoke the refresh_token after it's used.voidsetGrantTypes(Collection<String> types)Set the enabled grant types.voidsetGrantTypesLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the enabled grant types.voidsetRefreshTokenClaimsSetManipulationStrategy(BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)Set the bi-function for manipulating refresh token claims set.voidsetRefreshTokenClaimsSetManipulationStrategyLookupStrategy(Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)Set a lookup strategy for the bi-function for manipulating refresh token claims set.-
Methods inherited from class net.shibboleth.oidc.profile.config.AbstractOIDCSSOConfiguration
getAccessTokenClaimsSetManipulationStrategy, getAccessTokenLifetime, getAccessTokenType, getAdditionalAudiencesForIdToken, getAlwaysIncludedAttributes, getIDTokenLifetime, getIDTokenManipulationStrategy, getIssuer, getRefreshTokenLifetime, isAllowPKCEPlain, isEncryptionOptional, isForcePKCE, isResolveAttributes, setAccessTokenClaimsSetManipulationStrategy, setAccessTokenClaimsSetManipulationStrategyLookupStrategy, setAccessTokenLifetime, setAccessTokenLifetimeLookupStrategy, setAccessTokenType, setAccessTokenTypeLookupStrategy, setAdditionalAudiencesForIdToken, setAdditionalAudiencesForIdTokenLookupStrategy, setAllowPKCEPlain, setAllowPKCEPlainPredicate, setAlwaysIncludedAttributes, setAlwaysIncludedAttributesLookupStrategy, setEncryptionOptional, setEncryptionOptionalPredicate, setForcePKCE, setForcePKCEPredicate, setIDTokenLifetime, setIDTokenLifetimeLookupStrategy, setIDTokenManipulationStrategy, setIDTokenManipulationStrategyLookupStrategy, setIssuer, setIssuerLookupStrategy, setRefreshTokenLifetime, setRefreshTokenLifetimeLookupStrategy, setResolveAttributes, setResolveAttributesPredicate
-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2FlowAwareProfileConfiguration
isAuthorizationCodeFlowEnabled, isHybridFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled, setAuthorizationCodeFlowEnabled, setAuthorizationCodeFlowEnabledPredicate, setHybridFlowEnabled, setHybridFlowEnabledPredicate, setImplicitFlowEnabled, setImplicitFlowEnabledPredicate, setRefreshTokensEnabled, setRefreshTokensEnabledPredicate
-
Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.AbstractOAuth2ClientAuthenticableProfileConfiguration
getAuthenticationFlows, getClaimsValidator, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, getTokenEndpointAuthMethods, isForceAuthn, setAuthenticationFlows, setAuthenticationFlowsLookupStrategy, setClaimsValidator, setClaimsValidatorLookupStrategy, setDefaultAuthenticationMethods, setDefaultAuthenticationMethodsLookupStrategy, setForceAuthn, setForceAuthnPredicate, setPostAuthenticationFlows, setPostAuthenticationFlowsLookupStrategy, setProxyCount, setProxyCountLookupStrategy, setTokenEndpointAuthMethods, setTokenEndpointAuthMethodsLookupStrategy
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration
getActivationCondition, setActivationCondition
-
Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration
equals, getDisallowedFeatures, getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent
setId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration
getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
-
-
-
Field Detail
-
PROFILE_ID
@Nonnull @NotEmpty public static final String PROFILE_ID
ID for this profile configuration.- See Also:
- Constant Field Values
-
grantTypesLookupStrategy
@Nonnull private Function<ProfileRequestContext,Set<String>> grantTypesLookupStrategy
Enabled grant types.
-
refreshTokenClaimsSetManipulationStrategyLookupStrategy
@Nonnull private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> refreshTokenClaimsSetManipulationStrategyLookupStrategy
Lookup function to supply strategy bi-function for manipulating refresh token claims set.
-
enforceRefreshTokenRotationPredicate
@Nonnull private Predicate<ProfileRequestContext> enforceRefreshTokenRotationPredicate
Whether always revoke the refresh_token after it's used.
-
-
Method Detail
-
getGrantTypes
@Nonnull @NonnullElements @NotLive @Unmodifiable public Set<String> getGrantTypes(@Nullable ProfileRequestContext profileRequestContext)
Get the enabled grant types.- Parameters:
profileRequestContext- profile request context- Returns:
- enabled grant types
-
setGrantTypes
public void setGrantTypes(@Nonnull @NonnullElements Collection<String> types)
Set the enabled grant types.- Parameters:
types- types to enable
-
setGrantTypesLookupStrategy
public void setGrantTypesLookupStrategy(@Nonnull Function<ProfileRequestContext,Set<String>> strategy)Set a lookup strategy for the enabled grant types.- Parameters:
strategy- lookup strategy
-
getRefreshTokenClaimsSetManipulationStrategy
@Nonnull public BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> getRefreshTokenClaimsSetManipulationStrategy(@Nullable ProfileRequestContext profileRequestContext)
Get the bi-function for manipulating refresh token claims set.- Parameters:
profileRequestContext- profile request context- Returns:
- the bi-function for manipulating refresh token claims set
- Since:
- 2.1.0
-
setRefreshTokenClaimsSetManipulationStrategy
public void setRefreshTokenClaimsSetManipulationStrategy(@Nullable BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)Set the bi-function for manipulating refresh token claims set.- Parameters:
strategy- bi-function for manipulating refresh token claims set- Since:
- 2.1.0
-
setRefreshTokenClaimsSetManipulationStrategyLookupStrategy
public void setRefreshTokenClaimsSetManipulationStrategyLookupStrategy(@Nonnull Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)Set a lookup strategy for the bi-function for manipulating refresh token claims set.- Parameters:
strategy- lookup strategy- Since:
- 2.1.0
-
isEnforceRefreshTokenRotation
@Nonnull public boolean isEnforceRefreshTokenRotation(@Nullable ProfileRequestContext profileRequestContext)Get whether always revoke the refresh_token after it's used.- Parameters:
profileRequestContext- profile request context- Returns:
- whether always revoke the refresh_token after it's used
- Since:
- 2.1.0
-
setEnforceRefreshTokenRotation
public void setEnforceRefreshTokenRotation(boolean flag)
Set whether always revoke the refresh_token after it's used.- Parameters:
flag- flag to set- Since:
- 2.1.0
-
setEnforceRefreshTokenRotationPredicate
public void setEnforceRefreshTokenRotationPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Set condition for whether always revoke the refresh_token after it's used.- Parameters:
condition- condition to set- Since:
- 2.1.0
-
-