All Classes and Interfaces
Class
Description
Builds an absolute URL for the current server.
A base class for authorization responses to extend from.
Abstract class to create a Client for client credentials grant.
Base class for
SecureGrant implementations.Base class for condition implementations.
Base configuration for
CookieConfiguration implementations.A base class to extend from to log out of an OpenID provider.
A base class that provides getters for common context properties.
Representation of an Address Claim which represents a physical mailing address.
A contract for a class convertible to a map.
ID Token Audience validator.
Provides specific configuration to logout from Auth0.
Client Authentication methods that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint.
Authorization Code Grant Request.
OAuth 2.0 authorization endpoint configuration.
Error codes for an Authentication Error Response message returned from the OP's Authorization Endpoint in response to the Authorization Request message sent by the RP.
Open ID Connect Authentication Error Response.
A runtime exception thrown when a Oauth 2.
An exception handler for
AuthorizationErrorResponseException.Responsible for redirecting to an OAuth 2.0 provider
for authentication.
OAuth 2.0 Authorization Request.
OAuth 2.0 Authentication Response.
Authorization Servers.
Authorized party claim validation.
Provides specific configuration to logout from AWS Cognito.
Client credentials configuration.
Condition to determine if the client credentials grant is enabled
for a given OAuth 2.0 client.
Factory to create
ClientCredentialsClient beans.Client Credentials Grant.
Propagates a token obtained via client credentials based off of a header.
HTTP header client credentials token propagation configuration.
An
HttpClientFilter to add an access token to outgoing request thanks to a Client Credentials request.Responsible for retrieving and writing tokens obtained via a client credentials request.
A token request context for sending a client credentials request to an OAuth 2.0 provider.
Generates a Code Verifier for PKCE.
Nonce persistence with a cookie.
Utility Abstract class for Cookie Persistence.
Persists the Proof of Key Exchange (PKCE) code_verifier value in a cookie.
Persists the state value in a cookie.
Default implementation of
AuthorizationErrorResponse.Builds an authorization redirect url.
ClientCredentialsClient for OAuth 2.0 clients which configures the token endpoint information directly.Client for Client Credentials for OAuth 2.0 clients which user open id configuration.
The default token propagator that uses the default header configuration.
DefaultImplementation of CodeVerifierGenerator which generates a random code verifier using PkceConfiguration.getEntropy().Default implementation of
EndpointConfiguration.The default implementation of
EndSessionCallbackUrlBuilder.A controller for the end session endpoint.
Configuration properties implementation of nonce validation configuration.
Generates a random UUID nonce.
The default implementation of
AuthorizationResponse for
OAuth 2.0 provider authorization responses.Default implementation of
OauthAuthorizationResponseHandler.The default implementation of
OauthClient.Default implementation of
OauthController.Default implementation of
OauthRouteUrlBuilder.The default implementation of
OpenIdAuthenticationMapper that uses
the subject claim for the username and populates the attributes with the
non JWT standard claims.Default implementation of
OpenIdAuthorizationResponseHandler.The default implementation of
OpenIdClient.Builder.
Default implementation of
OpenIdProviderMetadataFetcher.AOT Optimizations.
Default implementation of
OpenIdTokenResponseValidator.Generates a Proof Key for Code Exchange and persists.
Default implementation of
ProviderResolver.The default implementation of
SecureEndpoint.Default implementation of
SecureEndpointConfiguration.Default state implementation.
Configuration properties implementation of state validation configuration.
A default state provider that stores the original
request URI to redirect back to after authentication.
State validator implementation.
The default implementation of
TokenEndpointClient.OpenID connect Display parameter.
An OAuth 2.0 provider endpoint.
Endpoint configuration contract.
A contract for generating the URL used by OpenID
providers to redirect back to after logging the user out.
OpenID end session configuration.
Handles a log out request that redirects to an OpenID provider.
Represents the end session endpoint of an OpenID provider.
End session endpoint configuration.
Responsible for resolving which end session request to use for a given OpenID client configuration.
The OAuth 2.0 grant types.
For
AuthenticationMode.IDTOKEN authentication mode performs the following verification as described in the OpenID Connect Spec.Resolves a Id Token Hint.
Sets
CookieLoginHandler`s cookie value to the idtoken received from an authentication provider.Introspection endpoint configuration.
Exception thrown if authorization response state parameter validation fails.
The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
Jackson based implementation for state serdes.
Factory to create
JwksSignature beans for the OpenIdProviderMetadata.getJwksUri() of OpenID clients.JWT bearer assertion grant.
An implementation of
OpenIdClaims backed by an JWTClaimsSet.Provides specific configuration to logout from Keycloak.
Resolves a LoginHint.
Represents a mutable state object.
Responsible for validating the nonce claim.
Configuration options for nonce validation.
Generates a nonce.
Persists the nonce for later retrieval necessary for validation.
A contract for mapping an OAuth 2.0 token endpoint response to a
AuthenticationResponse object.Configuration for Authorization Endpoint Configuration.
A marker contract to denote a given authorization request is
not part of the OpenID standard.
A marker interface for normal OAuth 2.0 authorization responses.
Responsible for handling the authorization callback response
from an OAuth 2.0 provider.
A contract for an OAuth 2.0 client.
Condition to create an
OauthClient.OAuth 2.0 client configuration.
Stores configuration of each configured OAuth 2.0 client.
OAuth 2.0 authorization endpoint configuration.
Client credentials configuration.
Client credentials http header token propagation configuration.
Introspection endpoint configuration.
OpenID client configuration.
Authorization endpoint configuration.
End session endpoint configuration.
Registration endpoint configuration.
Token endpoint configuration.
User info endpoint configuration.
Revocation endpoint configuration.
OAuth 2.0 token endpoint configuration.
A token request context for sending an authorization
code grant request to an OAuth 2.0 provider.
OAuth 2.0 Configuration.
ConfigurationProperties implementation of OauthClientConfiguration.OpenID configuration.
Claims configuration.
Claims Validator configuration.
End session configuration.
Responsible for OAuth 2.0 authorization redirect, authorization
callback, and end session redirects.
An
AuthenticationProvider that delegates to an OAuth 2.0 provider using the
password grant flow.A token request context for sending a password grant
request to an OAuth 2.0 provider.
Responsible for building URLs to routes the client will receive.
Provides specific configuration to logout from Okta.
Configuration for additional claims to be added to the
resulting JWT created from an OpenID authentication.
Responsible for converting an OpenID token response to
a
Authentication representing the authenticated user.The OpenID extensions to the standard OAuth 2.0 authorization request.
An extension of
AuthorizationResponse that allows for
retrieval of the persisted nonce value.Responsible for handling the authorization callback response
from an OpenID provider.
ID Token.
Configuration to determine if a claim validation is enabled.
JWT Claims Validator for ID Token.
Extends the
OauthClient with OpenID specific functionality.Condition to create an
OpenIdClient.Configuration for an OpenID client.
A token request context for sending an authorization
code grant request to an OpenID provider.
Configuration for OpenID not specific to a client.
An
AuthenticationProvider that delegates to an OpenID provider using the
password grant flow.A token request context for sending a password grant
request to an OpenID provider.
Metadata describing the configuration of OpenID Providers.
Fetches OpenIdProviderMetadata for a
OpenIdClientConfiguration.OpenID Connect scope values.
Id Token Access Token Response.
Validates an OpenID token response.
Resource Owner Password Credentials Grant.
Condition to enable the password grant authentication flow for an OAuth provider.
Base configuration for persistable endpoints.
Proof Key for Code Exchange.
Proof Key for Code Exchange Challenge.
Configuration for PKCE.
Configuration properties implementation of PKCE.
API to Build/Persist a PKCE (Proof Key for Code Exchange).
Persists the Proof of Key Exchange (PKCE) for later retrieval.
Pkce generator for plain challenge method.
OpenID connect prompt parameter.
Resolves the OAuth 2.0 provider that authenticated the logged in user.
Refresh Token Grant.
Authentication Flows response types.
Revocation endpoint configuration.
SHA-256 based PKCE Generator.
SAML 2.0 bearer assertion grant.
A contract for an endpoint that requires authentication.
Configuration extension of
EndpointConfiguration for endpoints which require authentication.A contract for a grant that requires authentication.
An implementation of
HashMap that also implements SecureGrant.Persists the state in the session.
Persists the Proof of Key Exchange (PKCE) code_verifier in the session.
Persists the state in the session.
Condition which evaluates to true if SHA-256 algorithm is supported.Represents the state sent in the authorization request and returned in the authorization response.
State retrieval.
Base class to extend from that handles state retrieval and caching.
Generates a state parameter.
Persists the state for later retrieval necessary for validation.
Responsible for serialization and de-serialization of the state.
Configuration options for state validation.
Validates a state parameter.
Responsible for sending requests to a token endpoint.
TokenEndpoint Configuration.
Represent the response of an authorization server to an invalid access token request.
Represents the context of a token endpoint request.
Represent the response of an authorization server to a valid access token request.