io.vertx.ext.auth.oauth2

Interface OAuth2Auth

All Superinterfaces:

AuthenticationProvider

public interface OAuth2Auth
extends AuthenticationProvider

Factory interface for creating OAuth2 based AuthenticationProvider instances.

Author:

Paulo Lopes

Method Summary

Modifier and Type	Method and Description
String	authorizeURL(JsonObject params) The client sends the end-user's browser to this endpoint to request their authentication and consent.
static OAuth2Auth	create(Vertx vertx) Create a OAuth2 auth provider
static OAuth2Auth	create(Vertx vertx, OAuth2Options config) Create a OAuth2 auth provider
default Future<AccessToken>	decodeToken(String token) Deprecated.
OAuth2Auth	decodeToken(String token, Handler<AsyncResult<AccessToken>> handler) Deprecated.
default String	endSessionURL(User user) The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
String	endSessionURL(User user, JsonObject params) The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
OAuth2FlowType	getFlowType() Deprecated.
default Future<AccessToken>	introspectToken(String token) Deprecated.
default OAuth2Auth	introspectToken(String token, Handler<AsyncResult<AccessToken>> handler) Deprecated.
default Future<AccessToken>	introspectToken(String token, String tokenType) Deprecated.
OAuth2Auth	introspectToken(String token, String tokenType, Handler<AsyncResult<AccessToken>> handler) Deprecated.
default Future<Void>	jWKSet() Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.
OAuth2Auth	jWKSet(Handler<AsyncResult<Void>> handler) Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.
default Future<Void>	loadJWK() Deprecated. Use jWKSet()
default OAuth2Auth	loadJWK(Handler<AsyncResult<Void>> handler) Deprecated. Use jWKSet(Handler)
OAuth2Auth	missingKeyHandler(Handler<String> handler) Handled to be called when a key (mentioned on a JWT) is missing from the current config.
OAuth2Auth	rbacHandler(OAuth2RBAC rbac) Deprecated.
default Future<User>	refresh(User user) Refresh the current User (access token).
OAuth2Auth	refresh(User user, Handler<AsyncResult<User>> handler) Refresh the current User (access token).
default Future<Void>	revoke(User user) Revoke an obtained access token.
default OAuth2Auth	revoke(User user, Handler<AsyncResult<Void>> handler) Revoke an obtained access token.
default Future<Void>	revoke(User user, String tokenType) Revoke an obtained access or refresh token.
OAuth2Auth	revoke(User user, String tokenType, Handler<AsyncResult<Void>> handler) Revoke an obtained access or refresh token.
default Future<JsonObject>	userInfo(User user) Retrieve profile information and other attributes for a logged-in end-user.
OAuth2Auth	userInfo(User user, Handler<AsyncResult<JsonObject>> handler) Retrieve profile information and other attributes for a logged-in end-user.

Methods inherited from interface io.vertx.ext.auth.authentication.AuthenticationProvider

authenticate, authenticate, authenticate, authenticate

Method Detail

create

static OAuth2Auth create(Vertx vertx)

Create a OAuth2 auth provider

Parameters:

vertx - the Vertx instance

Returns:

the auth provider

create

static OAuth2Auth create(Vertx vertx,
                         OAuth2Options config)

Create a OAuth2 auth provider

Parameters:

vertx - the Vertx instance

config - the config

Returns:

the auth provider

jWKSet

OAuth2Auth jWKSet(Handler<AsyncResult<Void>> handler)

Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh.

Parameters:

handler - the handler success/failure.

Returns:

fluent self.

jWKSet

default Future<Void> jWKSet()

Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.

Returns:

Future result.

See Also:

jWKSet(Handler)

missingKeyHandler

OAuth2Auth missingKeyHandler(Handler<String> handler)

Handled to be called when a key (mentioned on a JWT) is missing from the current config. Users are advised to call jWKSet(Handler) but being careful to implement some rate limiting function. This method isn't generic for several reasons. The provider is not aware of the capabilities of the backend IdP in terms of max allowed API calls. Some validation could be done at the key id, which only the end user is aware of.

Returns:

Future result.

See Also:

missingKeyHandler(Handler)

authorizeURL

String authorizeURL(JsonObject params)

The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.

Parameters:

params - extra params to be included in the final URL.

Returns:

the url to be used to authorize the user.

refresh

OAuth2Auth refresh(User user,
                   Handler<AsyncResult<User>> handler)

Refresh the current User (access token).

Parameters:

user - the user (access token) to be refreshed.

handler - the handler success/failure.

Returns:

fluent self.

refresh

default Future<User> refresh(User user)

Refresh the current User (access token).

Parameters:

user - the user (access token) to be refreshed.

Returns:

future result

See Also:

userInfo(User, Handler)

revoke

OAuth2Auth revoke(User user,
                  String tokenType,
                  Handler<AsyncResult<Void>> handler)

Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

tokenType - the token type (either access_token or refresh_token).

handler - the handler success/failure.

Returns:

fluent self.

revoke

default OAuth2Auth revoke(User user,
                          Handler<AsyncResult<Void>> handler)

Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

handler - the handler success/failure.

Returns:

fluent self.

revoke

default Future<Void> revoke(User user,
                            String tokenType)

Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

tokenType - the token type (either access_token or refresh_token).

Returns:

future result

See Also:

revoke(User, String, Handler)

revoke

default Future<Void> revoke(User user)

Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

Returns:

future result

See Also:

revoke(User, Handler)

userInfo

OAuth2Auth userInfo(User user,
                    Handler<AsyncResult<JsonObject>> handler)

Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:

user - the user (access token) to fetch the user info.

handler - the handler success/failure.

Returns:

fluent self.

userInfo

default Future<JsonObject> userInfo(User user)

Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:

user - the user (access token) to fetch the user info.

Returns:

future result

See Also:

userInfo(User, Handler)

endSessionURL

String endSessionURL(User user,
                     JsonObject params)

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.

Parameters:

user - the user to generate the url for

params - extra parameters to apply to the url

Returns:

the url to end the session.

endSessionURL

default String endSessionURL(User user)

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.

Parameters:

user - the user to generate the url for

Returns:

the url to end the session.

decodeToken

@Deprecated
OAuth2Auth decodeToken(String token,
                                   Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Parameters:

token - the access token (base64 string)

handler - A handler to receive the event

Returns:

self

decodeToken

@Deprecated
default Future<AccessToken> decodeToken(String token)

Deprecated.

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Parameters:

token - the access token (base64 string)

Returns:

future result

See Also:

decodeToken(String, Handler)

introspectToken

@Deprecated
default OAuth2Auth introspectToken(String token,
                                               Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:

token - the access token (base64 string)

handler - A handler to receive the event

Returns:

self

introspectToken

@Deprecated
default Future<AccessToken> introspectToken(String token)

Deprecated.

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:

token - the access token (base64 string)

Returns:

future result

See Also:

introspectToken(String, Handler)

introspectToken

@Deprecated
OAuth2Auth introspectToken(String token,
                                       String tokenType,
                                       Handler<AsyncResult<AccessToken>> handler)

Deprecated.

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:

token - the access token (base64 string)

tokenType - hint to the token type e.g.: `access_token`

handler - A handler to receive the event

Returns:

self

introspectToken

@Deprecated
default Future<AccessToken> introspectToken(String token,
                                                        String tokenType)

Deprecated.

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:

token - the access token (base64 string)

tokenType - hint to the token type e.g.: `access_token`

Returns:

future result

getFlowType

@Deprecated
OAuth2FlowType getFlowType()

Deprecated.

Returns the configured flow type for the Oauth2 provider.

Returns:

the flow type.

loadJWK

@Deprecated
default OAuth2Auth loadJWK(Handler<AsyncResult<Void>> handler)

Deprecated. Use jWKSet(Handler)

Loads a JWK Set from the remote provider. When calling this method several times, the loaded JWKs are updated in the underlying JWT object.

loadJWK

@Deprecated
default Future<Void> loadJWK()

Deprecated. Use jWKSet()

Loads a JWK Set from the remote provider. When calling this method several times, the loaded JWKs are updated in the underlying JWT object.

See Also:

loadJWK(Handler)

rbacHandler

@Deprecated
OAuth2Auth rbacHandler(OAuth2RBAC rbac)

Deprecated.