Package org.forgerock.openig.filter.oauth2.client

Class ClientCredentialsOAuth2ClientFilterHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.filter.oauth2.client.ClientCredentialsOAuth2ClientFilterHeaplet

All Implemented Interfaces:

Heaplet

public class ClientCredentialsOAuth2ClientFilterHeaplet
extends GenericHeaplet

Creates and initializes a Filter supporting the transformation of client credentials to an access_token. This filter also supports refresh of the access_token as required. The configured client credentials are used to obtain the access_token, which is then added into the request's Authorization header.

The ClientCredentialsOAuth2ClientFilterHeaplet has the following configuration:

 {
      "type": "ClientCredentialsOAuth2ClientFilter",
      "config": {
        <inherited configuration settings from BearerTokenOAuth2ClientFilterHeaplet>
        "clientSecretId"      : secret-id         [Deprecated since 7.2 - see (1).]
        "secretsProvider"     : secrets provider  [Deprecated since 7.2 - see (1).]
        "handler"             : handler           [Deprecated since 7.2 - see (2).]
      }
 }
 
 

1. clientSecretId and secretsProvider are deprecated and supplied for backward compatibility only. If used, then both must be provided to obtain the client secret which authenticates using client_secret_basic. Please prefer adding a client authentication filter to your handler configuration instead. See client-secret based authentication filter heaplets ClientSecretBasicAuthenticationFilterHeaplet and ClientSecretPostAuthenticationFilterHeaplet
2. handler has been deprecated and supplied for backward compatibility only. Please prefer to use endpointHandler instead.

See Also:

RFC 6749 - Client Credentials Grant

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
ClientCredentialsOAuth2ClientFilterHeaplet()

Method Summary

Modifier and Type	Method	Description
protected String	clientId()
Object	create()	Called to request the heaplet create an object.
protected GrantTypeHandler	createGrantTypeHandler()
protected JsonValue	getEndpointHandlerConfig()
protected Handler	getOrDefaultEndpointHandler()
protected Set<String>	scopes()

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientCredentialsOAuth2ClientFilterHeaplet

public ClientCredentialsOAuth2ClientFilterHeaplet()

Method Detail

createGrantTypeHandler

protected GrantTypeHandler createGrantTypeHandler()

getEndpointHandlerConfig

protected JsonValue getEndpointHandlerConfig()

getOrDefaultEndpointHandler

protected Handler getOrDefaultEndpointHandler()
                                       throws HeapException

Throws:

HeapException

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.

clientId

protected String clientId()

scopes

protected Set<String> scopes()