Package org.forgerock.oauth.resolvers.service

Interface OpenIdResolverService

All Known Implementing Classes:

OpenIdResolverServiceImpl

public interface OpenIdResolverService

Interface through which OpenIdResolvers are obtained, and the service providing them is configured. A resolver can be configured through a number of configurations, each of which results in the generation of a key which can be used to perform cryptographic verification of the JWS which will be provided to the resolver once it is configured inside the service. The service will then provide access to the specific resolver needed at the point of verification by keying on its OpenIdResolver.getIssuer() value. Resolvers can be configured by supplying one of the following configurations: - The issuer's name, along with the specific location of the public key to use when performing verification as drawn from a standard trust store. - The issuer's name, along with a shared secret which can be used to create an HMAC which will verify the signature in the provided JWS. - The issuer's name, along with the URL of a JWK set, which provides keys through a public exposure point. - A .well-known configuration URL, which provides both the issuer name and location of the corresponding JWK set which it should use to configure the resolver.

Method Summary

Modifier and Type	Method	Description
boolean	configureResolverWithJWK(String issuer, URL jwkUrl)	Configures a new resolver implementation using the given parameters for this service which is later retrievable.
boolean	configureResolverWithKey(String issuer, String keyAlias, String keystoreLocation, String keystoreType, String keystorePassword)	Configures a new resolver implementation using the given parameters for this service which is later retrievable.
boolean	configureResolverWithSecret(String issuer, String sharedSecret)	Configures a new resolver implementation using the given parameters for this service which is later retrievable.
boolean	configureResolverWithWellKnownOpenIdConfiguration(String issuer, URL configUrl)	Configures a new resolver implementation using the given configUrl as the location from which to draw all necessary information pertaining to the resolver.
Optional<EncryptedOpenIdResolver>	getEncryptedResolverForIssuer(String issuer)	Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed and encrypted JWTs.
Optional<OpenIdResolver>	getResolverForIssuer(String issuer)	Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed JWTs.

Method Detail

getResolverForIssuer

Optional<OpenIdResolver> getResolverForIssuer(String issuer)

Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed JWTs. The OpenId Connect JWT's "iss" field MUST be identical to the issuer param.

Parameters:

issuer - Reference to the issuer of the OpenID Connect JWT

Returns:

an Optional containing the OpenIdResolver for the corresponding provider if found

getEncryptedResolverForIssuer

Optional<EncryptedOpenIdResolver> getEncryptedResolverForIssuer(String issuer)

Returns the appropriate OpenId Connect resolver for the issuer capable of handling signed and encrypted JWTs. The OpenId Connect JWT's "iss" field MUST be identical to the issuer param.

Parameters:

issuer - Reference to the issuer of the OpenID Connect JWT

Returns:

an Optional containing the EncryptedOpenIdResolver for the corresponding provider if found

configureResolverWithKey

boolean configureResolverWithKey(String issuer,
                                 String keyAlias,
                                 String keystoreLocation,
                                 String keystoreType,
                                 String keystorePassword)

Configures a new resolver implementation using the given parameters for this service which is later retrievable.

Parameters:

issuer - issuer's name - the OpenID Connect "iss" field

keyAlias - alias inside the keystore of the public key for this resolver

keystoreLocation - location of the keystore from which to retrieve the key

keystoreType - the type of keystore to connect to

keystorePassword - password for connecting to the keystore

Returns:

true if resolver configured successfully, false otherwise

configureResolverWithSecret

boolean configureResolverWithSecret(String issuer,
                                    String sharedSecret)

Configures a new resolver implementation using the given parameters for this service which is later retrievable.

Parameters:

issuer - issuer's name - the OpenID Connect "iss" field

sharedSecret - secret shared between client and provider

Returns:

true if resolver configured successfully, false otherwise

configureResolverWithJWK

boolean configureResolverWithJWK(String issuer,
                                 URL jwkUrl)

Configures a new resolver implementation using the given parameters for this service which is later retrievable.

Parameters:

issuer - issuer's name - the OpenID Connect "iss" field

jwkUrl - location from which to determine which public key to use

Returns:

true if resolver configured successfully, false otherwise

configureResolverWithWellKnownOpenIdConfiguration

boolean configureResolverWithWellKnownOpenIdConfiguration(String issuer,
                                                          URL configUrl)

Configures a new resolver implementation using the given configUrl as the location from which to draw all necessary information pertaining to the resolver. Specifically and minimally this means the issuer value and the location of the JWK url

Parameters:

issuer - issuer's name - the OpenID Connect "iss" field

configUrl - The well-known Open Id Connect configuration url

Returns:

true if resolver configured successfully, false otherwise