fish.payara.security.openid.api

Interface OpenIdContext

All Superinterfaces:

Serializable

All Known Implementing Classes:

OpenIdContextImpl

public interface OpenIdContext
extends Serializable

An injectable interface that provides access to access token, identity token, claims and OpenId Connect provider related information.

Author:

Gaurav Gupta

Method Summary

Modifier and Type	Method and Description
AccessToken	getAccessToken() Gets the authorization token that was received from the OpenId Connect provider
Set<String>	getCallerGroups() Gets the groups associated with the caller
String	getCallerName() Gets the caller name of the validated caller
OpenIdClaims	getClaims() Gets the User Claims that was received from the userinfo endpoint
javax.json.JsonObject	getClaimsJson() Gets the User Claims that was received from the userinfo endpoint
Optional<Long>	getExpiresIn() Return the time that the access token is granted for, if it is set to expire
IdentityToken	getIdentityToken() Gets the identity token that was received from the OpenId Connect provider
javax.json.JsonObject	getProviderMetadata() The OpenId Connect Provider's metadata document fetched via provider URI.
Optional<RefreshToken>	getRefreshToken() Returns the refresh token that can be used to get a new access token
String	getSubject() Subject Identifier.
String	getTokenType() Gets the token type value.
void	logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Invalidates the RP's active OpenId Connect session and if LogoutDefinition.notifyProvider() set to true then redirect the End-User's User Agent to the end_session_endpoint to notify the OP that the user has logged out of the RP's application and ask the user whether they want to logout from the OP as well.

Method Detail

getCallerName

String getCallerName()

Gets the caller name of the validated caller

Returns:

getCallerGroups

Set<String> getCallerGroups()

Gets the groups associated with the caller

Returns:

getSubject

String getSubject()

Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client

Returns:

getTokenType

String getTokenType()

Gets the token type value. The value MUST be Bearer or another token_type value that the Client has negotiated with the Authorization Server.

Returns:

getAccessToken

AccessToken getAccessToken()

Gets the authorization token that was received from the OpenId Connect provider

Returns:

getIdentityToken

IdentityToken getIdentityToken()

Gets the identity token that was received from the OpenId Connect provider

Returns:

getRefreshToken

Optional<RefreshToken> getRefreshToken()

Returns the refresh token that can be used to get a new access token

Returns:

getExpiresIn

Optional<Long> getExpiresIn()

Return the time that the access token is granted for, if it is set to expire

Returns:

getClaimsJson

javax.json.JsonObject getClaimsJson()

Gets the User Claims that was received from the userinfo endpoint

Returns:

the claims json

getClaims

OpenIdClaims getClaims()

Gets the User Claims that was received from the userinfo endpoint

Returns:

the OpenIdClaims instance

getProviderMetadata

javax.json.JsonObject getProviderMetadata()

The OpenId Connect Provider's metadata document fetched via provider URI.

Returns:

logout

void logout(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)

Invalidates the RP's active OpenId Connect session and if LogoutDefinition.notifyProvider() set to true then redirect the End-User's User Agent to the end_session_endpoint to notify the OP that the user has logged out of the RP's application and ask the user whether they want to logout from the OP as well. After successful logout, the End-User's User Agent redirect back to the RP's post_redirect_uri configured via LogoutDefinition.redirectURI()

Parameters:

request -

response -