Package org.forgerock.oauth.resolvers

Class BaseOpenIdResolver

java.lang.Object

org.forgerock.oauth.resolvers.BaseOpenIdResolver

All Implemented Interfaces:

GenericOpenIdResolver<SignedJwt>, OpenIdResolver

Direct Known Subclasses:

JWKOpenIdResolverImpl, PublicKeyOpenIdResolverImpl, SharedSecretOpenIdResolverImpl

public abstract class BaseOpenIdResolver
extends Object
implements OpenIdResolver

Implementation of the OpenIdResolver interface. Comments in the specific verify methods are taken directly from OpenID Connect Basic Client Implementer's Guide 1.0, section 2.2.1 - ID Token Validation Currently we do NO validation against the client ID/intended audience.

See Also:

• http://openid.net/specs/openid-connect-basic-1_0.html

Field Summary

Fields inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

CLIENT_SECRET_KEY, ISSUER_KEY, JWK, KEY_ALIAS_KEY, KEYSTORE_LOCATION_KEY, KEYSTORE_PASS_KEY, KEYSTORE_TYPE_KEY, WELL_KNOWN_CONFIGURATION

Constructor Summary

Constructors

Constructor	Description
BaseOpenIdResolver(String issuer)	Abstract constructor for setting the issuer's identity.
BaseOpenIdResolver(BiPredicate<String,String> issuerComparator, String issuer)	Abstract constructor for setting the issuer's identity.

Method Summary

Modifier and Type	Method	Description
String	getIssuer()	Returns the issuer (IdP) for which this resolver will resolve identities.
void	validateIdentity(SignedJwt idClaim)	Validates the supplied Jwt against this OpenId Connect Idp.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.oauth.resolvers.OpenIdResolver

getExpectedJwtType

Constructor Details

BaseOpenIdResolver

public BaseOpenIdResolver(String issuer)

Abstract constructor for setting the issuer's identity. Uses IssuerComparators.DEFAULT for comparing issuer values by exact string comparison.

Parameters:

issuer - The issuer (provider) of the Open Id Connect id token

BaseOpenIdResolver

public BaseOpenIdResolver(BiPredicate<String,String> issuerComparator,
 String issuer)

Abstract constructor for setting the issuer's identity.

Parameters:

issuerComparator - The comparator for comparing the incoming issuer value against the expected value.

issuer - The issuer (provider) of the Open Id Connect id token

Method Details

validateIdentity

public void validateIdentity(SignedJwt idClaim)
                      throws OpenIdConnectVerificationException

Validates the supplied Jwt against this OpenId Connect Idp.

Specified by:

validateIdentity in interface GenericOpenIdResolver<SignedJwt>

Parameters:

idClaim - The Jwt to test is authenticated

Throws:

OpenIdConnectVerificationException - If the Jwt is unable to be verified

getIssuer

public String getIssuer()

Returns the issuer (IdP) for which this resolver will resolve identities.

Specified by:

getIssuer in interface OpenIdResolver

Returns:

the name of the issuer