Package org.forgerock.openig.filter.oauth2.client

Class DiscoveryFilter

java.lang.Object

org.forgerock.openig.filter.oauth2.client.DiscoveryFilter

All Implemented Interfaces:

Filter

public class DiscoveryFilter
extends Object
implements Filter

In order for an OpenID Connect Relying Party to utilize OpenID Connect services for an End-User, the RP needs to know where the OpenID Provider is. OpenID Connect uses WebFinger [RFC7033] to locate the OpenID Provider for an End-User.

This class performs OpenID Provider Issuer discovery : determine the location of the OpenID Provider based on a given End-User input which can be an e-mail address or a URL Syntax or even a HostName and Port Syntax.

The user input is given from the query parameters '?discovery=<userInput>'.
Discovery is in two parts. The first extracts the host name and a normalized user input from the given input.
Then, IG verifies if an existing Issuer already exists in the issuer's repository matching the extracted host name. If it exists, reuse it. If not, IG verifies this host name is not part of an Issuer "supportedDomain". If the host name belongs to an Issuer supported Domain, this Issuer is used. Otherwise, discovery process continues...
In the second part, the WebFinger uses the extracted host name, to get the corresponding OpenID Issuer location which match the selected type of service ("http://openid.net/specs/connect/1.0/issuer") if it exists.
Based on the returned OpenID Issuer's location, the OpenID well-known end-point is extracted and the filter builds a Issuer which is placed in the context and in the issuer's repository to be reused if needed.

See Also:

OpenID Connect Dynamic Client Registration 1.0, WebFinger

Method Summary

Modifier and Type	Method	Description
Promise<Response,NeverThrowsException>	filter(Context context, Request request, Handler next)	Filters the request and/or response of an exchange.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

filter

public Promise<Response,NeverThrowsException> filter(Context context,
                                                           Request request,
                                                           Handler next)

Description copied from interface: Filter

Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

Specified by:

filter in interface Filter

Parameters:

context - The request context.

request - The request.

next - The next filter or handler in the chain to handle the request.

Returns:

A Promise representing the response to be returned to the client.