public class OAuth2Auth extends AuthenticationProvider
AuthenticationProvider
instances.
NOTE: This class has been automatically generated from the original
non RX-ified interface using Vert.x codegen.Modifier and Type | Field and Description |
---|---|
static io.vertx.lang.rx.TypeArg<OAuth2Auth> |
__TYPE_ARG |
Constructor and Description |
---|
OAuth2Auth(OAuth2Auth delegate) |
OAuth2Auth(Object delegate) |
Modifier and Type | Method and Description |
---|---|
String |
authorizeURL(JsonObject params)
The client sends the end-user's browser to this endpoint to request their
authentication and consent.
|
void |
close()
Releases any resources or timers used by this instance.
|
static OAuth2Auth |
create(Vertx vertx)
Create a OAuth2 auth provider.
|
static OAuth2Auth |
create(Vertx vertx,
OAuth2Options config)
Create a OAuth2 auth provider
|
String |
endSessionURL(User user)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
|
String |
endSessionURL(User user,
JsonObject params)
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
|
boolean |
equals(Object o) |
OAuth2Auth |
getDelegate() |
int |
hashCode() |
Completable |
jWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity
of issued ID and access tokens.
|
OAuth2Auth |
missingKeyHandler(Handler<String> handler)
Handled to be called when a key (mentioned on a JWT) is missing from the current config.
|
static OAuth2Auth |
newInstance(OAuth2Auth arg) |
Single<User> |
refresh(User user)
Refresh the current User (access token).
|
Completable |
revoke(User user)
Revoke an obtained access token.
|
Completable |
revoke(User user,
String tokenType)
Revoke an obtained access or refresh token.
|
Completable |
rxJWKSet()
Retrieve the public server JSON Web Key (JWK) required to verify the authenticity
of issued ID and access tokens.
|
Single<User> |
rxRefresh(User user)
Refresh the current User (access token).
|
Completable |
rxRevoke(User user)
Revoke an obtained access token.
|
Completable |
rxRevoke(User user,
String tokenType)
Revoke an obtained access or refresh token.
|
Single<JsonObject> |
rxUserInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user.
|
String |
toString() |
Single<JsonObject> |
userInfo(User user)
Retrieve profile information and other attributes for a logged-in end-user.
|
authenticate, authenticate, newInstance, rxAuthenticate, rxAuthenticate
public static final io.vertx.lang.rx.TypeArg<OAuth2Auth> __TYPE_ARG
public OAuth2Auth(OAuth2Auth delegate)
public OAuth2Auth(Object delegate)
public String toString()
toString
in class AuthenticationProvider
public boolean equals(Object o)
equals
in class AuthenticationProvider
public int hashCode()
hashCode
in class AuthenticationProvider
public OAuth2Auth getDelegate()
getDelegate
in class AuthenticationProvider
public static OAuth2Auth create(Vertx vertx)
vertx
- the Vertx instancepublic static OAuth2Auth create(Vertx vertx, OAuth2Options config)
vertx
- the Vertx instanceconfig
- the configpublic Completable jWKSet()
OAuth2Options
JWTOptions
config contains a
positive leeway, it will be used to request the refresh ahead of time.
Key rotation can be controled by OAuth2Options
.public Completable rxJWKSet()
OAuth2Options
JWTOptions
config contains a
positive leeway, it will be used to request the refresh ahead of time.
Key rotation can be controled by OAuth2Options
.public OAuth2Auth missingKeyHandler(Handler<String> handler)
jWKSet()
but being careful to implement
some rate limiting function.
This method isn't generic for several reasons. The provider is not aware of the capabilities
of the backend IdP in terms of max allowed API calls. Some validation could be done at the
key id, which only the end user is aware of.
A base implementation for this handler is:
// are we already updating the jwks?
private final AtomicBoolean updating = new AtomicBoolean(false);
// default missing key handler, will try to reload with debounce
oauth2.missingKeyHandler(keyId -> {
if (updating.compareAndSet(false, true)) {
// Refreshing JWKs due missing key
jWKSet(done -> {
updating.compareAndSet(true, false);
if (done.failed()) {
done.cause().printStackTrace();
});
}
});
}
This handler will purely debounce calls and allow only a single request to jWKSet()
at a time. No special handling is done to avoid requests on wrong key ids or prevent to many
requests to the IdP server. Users should probably also account for the number of errors to
present DDoS the IdP.handler
- public String authorizeURL(JsonObject params)
params
- extra params to be included in the final URL.public Single<User> refresh(User user)
user
- the user (access token) to be refreshed.public Single<User> rxRefresh(User user)
user
- the user (access token) to be refreshed.public Completable revoke(User user, String tokenType)
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).public Completable rxRevoke(User user, String tokenType)
user
- the user (access token) to revoke.tokenType
- the token type (either access_token or refresh_token).public Completable revoke(User user)
user
- the user (access token) to revoke.public Completable rxRevoke(User user)
user
- the user (access token) to revoke.public Single<JsonObject> userInfo(User user)
user
- the user (access token) to fetch the user info.public Single<JsonObject> rxUserInfo(User user)
user
- the user (access token) to fetch the user info.public String endSessionURL(User user, JsonObject params)
user
- the user to generate the url forparams
- extra parameters to apply to the urlpublic String endSessionURL(User user)
user
- the user to generate the url forpublic void close()
public static OAuth2Auth newInstance(OAuth2Auth arg)
Copyright © 2022 Eclipse. All rights reserved.