io.vertx.rxjava3.ext.auth.oauth2

Class OAuth2Auth

java.lang.Object

io.vertx.rxjava3.ext.auth.authentication.AuthenticationProvider

io.vertx.rxjava3.ext.auth.oauth2.OAuth2Auth

public class OAuth2Auth
extends AuthenticationProvider

Factory interface for creating OAuth2 based AuthenticationProvider instances.

NOTE: This class has been automatically generated from the original non RX-ified interface using Vert.x codegen.

Field Summary

Fields

Modifier and Type	Field and Description
static io.vertx.lang.rx.TypeArg<OAuth2Auth>	__TYPE_ARG

Constructor Summary

Constructors

Constructor and Description
OAuth2Auth(OAuth2Auth delegate)
OAuth2Auth(Object delegate)

Method Summary

Modifier and Type	Method and Description
String	authorizeURL(JsonObject params) Deprecated.
String	authorizeURL(OAuth2AuthorizationURL url) The client sends the end-user's browser to this endpoint to request their authentication and consent.
void	close() Releases any resources or timers used by this instance.
static OAuth2Auth	create(Vertx vertx) Create a OAuth2 auth provider.
static OAuth2Auth	create(Vertx vertx, OAuth2Options config) Create a OAuth2 auth provider
String	endSessionURL(User user) The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
String	endSessionURL(User user, JsonObject params) The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
boolean	equals(Object o)
OAuth2Auth	getDelegate()
int	hashCode()
Completable	jWKSet() Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.
OAuth2Auth	missingKeyHandler(Handler<String> handler) Handled to be called when a key (mentioned on a JWT) is missing from the current config.
static OAuth2Auth	newInstance(OAuth2Auth arg)
Single<User>	refresh(User user) Refresh the current User (access token).
Completable	revoke(User user) Revoke an obtained access token.
Completable	revoke(User user, String tokenType) Revoke an obtained access or refresh token.
Completable	rxJWKSet() Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens.
Single<User>	rxRefresh(User user) Refresh the current User (access token).
Completable	rxRevoke(User user) Revoke an obtained access token.
Completable	rxRevoke(User user, String tokenType) Revoke an obtained access or refresh token.
Single<JsonObject>	rxUserInfo(User user) Retrieve profile information and other attributes for a logged-in end-user.
String	toString()
Single<JsonObject>	userInfo(User user) Retrieve profile information and other attributes for a logged-in end-user.

Methods inherited from class io.vertx.rxjava3.ext.auth.authentication.AuthenticationProvider

authenticate, authenticate, newInstance, rxAuthenticate, rxAuthenticate

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

__TYPE_ARG

public static final io.vertx.lang.rx.TypeArg<OAuth2Auth> __TYPE_ARG

Constructor Detail

OAuth2Auth

public OAuth2Auth(OAuth2Auth delegate)

OAuth2Auth

public OAuth2Auth(Object delegate)

Method Detail

toString

public String toString()

Overrides:

toString in class AuthenticationProvider

equals

public boolean equals(Object o)

Overrides:

equals in class AuthenticationProvider

hashCode

public int hashCode()

Overrides:

hashCode in class AuthenticationProvider

getDelegate

public OAuth2Auth getDelegate()

Overrides:

getDelegate in class AuthenticationProvider

create

public static OAuth2Auth create(Vertx vertx)

Create a OAuth2 auth provider.

Parameters:

vertx - the Vertx instance

Returns:

the auth provider

create

public static OAuth2Auth create(Vertx vertx,
                                OAuth2Options config)

Create a OAuth2 auth provider

Parameters:

vertx - the Vertx instance

config - the config

Returns:

the auth provider

jWKSet

public Completable jWKSet()

Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh. To avoid the refresh to happen too late, this means that they keys will be invalid, if the OAuth2Options JWTOptions config contains a positive leeway, it will be used to request the refresh ahead of time. Key rotation can be controled by OAuth2Options.

Returns:

fluent self.

rxJWKSet

public Completable rxJWKSet()

Retrieve the public server JSON Web Key (JWK) required to verify the authenticity of issued ID and access tokens. The provider will refresh the keys according to: https://openid.net/specs/openid-connect-core-1_0.html#RotateEncKeys This means that the provider will look at the cache headers and will refresh when the max-age is reached. If the server does not return any cache headers it shall be up to the end user to call this method to refresh. To avoid the refresh to happen too late, this means that they keys will be invalid, if the OAuth2Options JWTOptions config contains a positive leeway, it will be used to request the refresh ahead of time. Key rotation can be controled by OAuth2Options.

Returns:

fluent self.

missingKeyHandler

public OAuth2Auth missingKeyHandler(Handler<String> handler)

Handled to be called when a key (mentioned on a JWT) is missing from the current config. Users are advised to call jWKSet() but being careful to implement some rate limiting function. This method isn't generic for several reasons. The provider is not aware of the capabilities of the backend IdP in terms of max allowed API calls. Some validation could be done at the key id, which only the end user is aware of. A base implementation for this handler is:

// are we already updating the jwks?
   private final AtomicBoolean updating = new AtomicBoolean(false);

   // default missing key handler, will try to reload with debounce
   oauth2.missingKeyHandler(keyId -> {
     if (updating.compareAndSet(false, true)) {
       // Refreshing JWKs due missing key
       jWKSet(done -> {
         updating.compareAndSet(true, false);
         if (done.failed()) {
           done.cause().printStackTrace();
       });
     }
   });
 }

This handler will purely debounce calls and allow only a single request to jWKSet() at a time. No special handling is done to avoid requests on wrong key ids or prevent to many requests to the IdP server. Users should probably also account for the number of errors to present DDoS the IdP.

Parameters:

handler -

Returns:

Future result.

authorizeURL

@Deprecated
public String authorizeURL(JsonObject params)

Deprecated.

The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.

Parameters:

params - extra params to be included in the final URL.

Returns:

the url to be used to authorize the user.

authorizeURL

public String authorizeURL(OAuth2AuthorizationURL url)

The client sends the end-user's browser to this endpoint to request their authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction.

Parameters:

url - Base URL with path together with other parameters to be included in the final URL.

Returns:

the url to be used to authorize the user.

refresh

public Single<User> refresh(User user)

Refresh the current User (access token).

Parameters:

user - the user (access token) to be refreshed.

Returns:

fluent self.

rxRefresh

public Single<User> rxRefresh(User user)

Refresh the current User (access token).

Parameters:

user - the user (access token) to be refreshed.

Returns:

fluent self.

revoke

public Completable revoke(User user,
                          String tokenType)

Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

tokenType - the token type (either access_token or refresh_token).

Returns:

fluent self.

rxRevoke

public Completable rxRevoke(User user,
                            String tokenType)

Revoke an obtained access or refresh token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

tokenType - the token type (either access_token or refresh_token).

Returns:

fluent self.

revoke

public Completable revoke(User user)

Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

Returns:

fluent self.

rxRevoke

public Completable rxRevoke(User user)

Revoke an obtained access token. More info https://tools.ietf.org/html/rfc7009.

Parameters:

user - the user (access token) to revoke.

Returns:

fluent self.

userInfo

public Single<JsonObject> userInfo(User user)

Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:

user - the user (access token) to fetch the user info.

Returns:

fluent self.

rxUserInfo

public Single<JsonObject> rxUserInfo(User user)

Retrieve profile information and other attributes for a logged-in end-user. More info https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:

user - the user (access token) to fetch the user info.

Returns:

fluent self.

endSessionURL

public String endSessionURL(User user,
                            JsonObject params)

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.

Parameters:

user - the user to generate the url for

params - extra parameters to apply to the url

Returns:

the url to end the session.

endSessionURL

public String endSessionURL(User user)

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0. More info: https://openid.net/specs/openid-connect-session-1_0.html.

Parameters:

user - the user to generate the url for

Returns:

the url to end the session.

close

public void close()

Releases any resources or timers used by this instance. Users are expected to call this method when the provider isn't needed any more to return the used resources back to the platform.

newInstance

public static OAuth2Auth newInstance(OAuth2Auth arg)