Package io.camunda.identity.sdk.authentication

Class AbstractAuthentication

java.lang.Object
io.camunda.identity.sdk.authentication.AbstractAuthentication
All Implemented Interfaces:
Authentication
Direct Known Subclasses:
Auth0Authentication, GenericAuthentication
public abstract class AbstractAuthentication extends Object implements Authentication
The Authentication class provides functionality to authenticate a user with Identity and verify access tokens.

  • Field Details

  • Constructor Details

  • Method Details

    • isAvailable

      public boolean isAvailable()
      Description copied from interface: Authentication
      Returns a true/false indicating if authentication is available or not.
      Specified by:
      isAvailable in interface Authentication
      Returns:
      the availability of authentication

    • requestToken

      public Tokens requestToken(String audience)
      Requests a client token from the cache if available. If no token is found with the required audience, a new token will be requested from the authentication provider and stored.
      Specified by:
      requestToken in interface Authentication
      Parameters:
      audience - the audience of the resource server
      Returns:
      the tokens
      Throws:
      IdentityException - if case of a failure

    • decodeJWT

      public com.auth0.jwt.interfaces.DecodedJWT decodeJWT(String token)
      Decodes a token. Can be used to access tokens data without validation
      Specified by:
      decodeJWT in interface Authentication
      Parameters:
      token - token in JWT format
      Returns:
      decoded token
      Throws:
      TokenDecodeException - the token can not be decoded

    • verifyTokenIgnoringAudience

      public AccessToken verifyTokenIgnoringAudience(String token)
      Description copied from interface: Authentication
      Verifies the validity of the passed token. Following checks will be performed:
      • The token is correctly signed
      • The token has not expired
      Specified by:
      verifyTokenIgnoringAudience in interface Authentication
      Parameters:
      token - the token
      Returns:
      the decoded jwt

    • verifyToken

      public AccessToken verifyToken(String token)
      Verifies the validity of the passed token. Following checks will be performed:
      • The token is correctly signed
      • The token has not expired
      • Token's audience (aud claim) matches application's audience
      Specified by:
      verifyToken in interface Authentication
      Parameters:
      token - the token
      Returns:
      the decoded jwt
      Throws:
      TokenDecodeException - the token can not be decoded
      InvalidSignatureException - the token's signature is invalid
      TokenExpiredException - the token has expired
      InvalidClaimException - the provided claim is invalid
      JsonWebKeyException - the JWK needed to verify token's signature can not be retrieved

    • verifyToken

      protected AccessToken verifyToken(String token, String audience)
      Verifies the validity of the passed token. Following checks will be performed:
      • The token is correctly signed
      • The token has not expired
      • Token's audience (aud claim) matches provided audience
      Parameters:
      token - the token
      audience - token's aud claim must match provided audience
      Returns:
      the decoded jwt
      Throws:
      TokenDecodeException - the token can not be decoded
      InvalidSignatureException - the token's signature is invalid
      TokenExpiredException - the token has expired
      InvalidClaimException - the provided claim is invalid
      JsonWebKeyException - the JWK needed to verify token's signature can not be retrieved

    • getUserDetails

      protected UserDetails getUserDetails(com.auth0.jwt.interfaces.DecodedJWT token)

    • getPermissions

      protected abstract List<String> getPermissions(com.auth0.jwt.interfaces.DecodedJWT token, String audience)

    • getGroups

      protected abstract List<String> getGroups(com.auth0.jwt.interfaces.DecodedJWT token)

    • getAssignedOrganizations

      protected abstract Map<String,Set<String>> getAssignedOrganizations(com.auth0.jwt.interfaces.DecodedJWT token)

    • jwkProvider

      protected abstract com.auth0.jwk.JwkProvider jwkProvider()

    • wellKnownConfiguration

      protected abstract WellKnownConfiguration wellKnownConfiguration()

    • requestFreshToken

      protected abstract Tokens requestFreshToken(String audience)