Package org.forgerock.openig.filter.oauth2.client

Class Issuer

java.lang.Object
org.forgerock.openig.filter.oauth2.client.Issuer
public final class Issuer extends Object
A configuration for an OpenID Connect Issuer. Two approaches to create the Issuer:

With an OpenId well-known end-point: 

 
 {
   "wellKnownEndpoint"            : uriExpression,   [REQUIRED]
   "issuerHandler"                : handler          [OPTIONAL - by default it uses the 'ForgeRockClientHandler'
                                                                 provided in heap.]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
The 'supportedDomains' are the other domain names supported by this issuer, their format can include use of regular-expression patterns. Nota: Declaring these domains in the configuration should be as simple as possible, without any schemes or end slash i.e.: 

 GOOD: [ "openam.com", "openam.com:8092", "register.server.com", "allopenamdomains.*" ]
 BAD : [ "http://openam.com", "openam.com:8092/", "http://openam.com/" ]

For example, use this kind of configuration if the end-points are not known: 

 
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "wellKnownEndpoint": "http://openam.example.com:8081/openam/oauth2/.well-known/openid-configuration"
          "supportedDomains" : [ "openam.com", "openam.com:8092", "register.server.com" ]
     }
 }

Use this configuration if the end-points are known. The well-known end-point is optional as the value will be saved but no request will be performed on this end-point. 

 
 {
   "authorizeEndpoint"            : uriExpression,   [REQUIRED]
   "tokenEndpoint"                : uriExpression,   [REQUIRED]
   "registrationEndpoint"         : uriExpression,   [OPTIONAL - allows dynamic client registration]
   "userInfoEndpoint"             : uriExpression    [OPTIONAL - default is no user info]
   "revocationEndpoint"           : uriExpression    [OPTIONAL]
   "endSessionEndpoint"           : uriExpression    [OPTIONAL]
   "wellKnownEndpoint"            : uriExpression    [OPTIONAL]
   "supportedDomains"             : [ patterns ]     [OPTIONAL - if this issuer supports other domain names]
 }
For example: 
 
 {
     "name": "openam",
     "type": "Issuer",
     "config": {
          "authorizeEndpoint": "http://openam.example.com:8081/openam/oauth2/authorize",
          "tokenEndpoint": "http://openam.example.com:8081/openam/oauth2/access_token",
          "userInfoEndpoint": "http://openam.example.com:8081/openam/oauth2/userinfo"
     }
 }

  • Field Details

  • Constructor Details

    • Issuer

      public Issuer(String name, JsonValue config)
      Creates an issuer with the specified name and configuration.
      Parameters:
      name - The name of this Issuer. When the issuer is created by discovery, the issuer name is given by the metadata "issuer", not null.
      config - The configuration of this issuer, not null.

  • Method Details

    • getName

      public String getName()
      Returns the name of this issuer.
      Returns:
      the name of this issuer.

    • getAuthorizeEndpoint

      public URI getAuthorizeEndpoint()
      Returns the authorize end-point of this issuer.
      Returns:
      the authorize end-point of this issuer.

    • getTokenEndpoint

      public URI getTokenEndpoint()
      Returns the token end-point of this issuer.
      Returns:
      the token end-point of this issuer.

    • getRegistrationEndpoint

      public URI getRegistrationEndpoint()
      Returns the registration end-point of this issuer.
      Returns:
      the registration end-point of this issuer.

    • getUserInfoEndpoint

      public URI getUserInfoEndpoint()
      Returns the user end-point of this issuer.
      Returns:
      the user end-point of this issuer.

    • getRevocationEndpoint

      public URI getRevocationEndpoint()
      Returns the revocation end-point of this issuer.
      Returns:
      the revocation end-point of this issuer.

    • getEndSessionEndpoint

      public URI getEndSessionEndpoint()
      Returns the end_session end-point of this issuer.
      Returns:
      the end_session end-point of this issuer.

    • getWellKnownEndpoint

      public URI getWellKnownEndpoint()
      Returns the well-known end-point of this issuer.
      Returns:
      the well-known end-point of this issuer.

    • hasUserInfoEndpoint

      public boolean hasUserInfoEndpoint()
      Returns true if this issuer has a user info end-point.
      Returns:
      true if this issuer has a user info end-point.

    • hasRevocationEndpoint

      public boolean hasRevocationEndpoint()
      Returns true if this issuer has a revocation end-point.
      Returns:
      true if this issuer has a revocation end-point.

    • hasEndSessionEndpoint

      public boolean hasEndSessionEndpoint()
      Returns true if this issuer has an end_session end-point.
      Returns:
      true if this issuer has an end_session end-point.

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object