Package de.guh.plugin.oauth2
Class OAuth2Commands
- java.lang.Object
-
- de.guh.plugin.oauth2.OAuth2Commands
-
public class OAuth2Commands extends Object
-
-
Constructor Summary
Constructors Constructor Description OAuth2Commands()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static com.nimbusds.oauth2.sdk.TokenIntrospectionResponseaccessTokenIntrospection(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)static com.nimbusds.oauth2.sdk.token.BearerAccessTokengetAccessTokenFromRequest(de.guh.gadget.GadgetRequest gdRequest)Returns Access Token found in the request's header or in the request's query parameters.static com.nimbusds.oauth2.sdk.token.BearerAccessTokengetAccessTokenFromRequest(de.guh.gadget.GadgetRequest gdRequest, de.guh.gadget.GadgetSession gdSession)Returns Access Token found in the request's header, in the request's query parameters or in the session.static com.nimbusds.oauth2.sdk.AuthorizationCodegetAuthorizationCodeFromRequest(de.guh.gadget.GadgetRequest gdRequest, de.guh.gadget.GadgetSession gdSession)Tries to get the Authorization Code after being redirected from authorization endpoint.static com.nimbusds.openid.connect.sdk.token.OIDCTokensgetOIDCTokens(com.nimbusds.oauth2.sdk.AuthorizationCode code, String clientIDString, String clientSecretString, URI tokenEndpointURI, URI redirectURI, de.guh.gadget.GadgetLogger log)Request the OIDC Tokens (ID Token, Access Token and Refresh Token) from token endpoint URL using the authorization code.static longgetTokenExpirationTime(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)Return the UNIX timestamp after which the token will be expired.static longgetTokenLifetime(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)returns the number of seconds until the token will be expiredstatic com.nimbusds.openid.connect.sdk.claims.UserInfogetUserInfo(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken, URI userInfoEndpointURL, de.guh.gadget.GadgetLogger log)Requests the UserInfo object at the user info endpoint using the Access Tokenstatic voidinvalidateTokenInSession(de.guh.gadget.GadgetSession gdSession)Removes accesstoken and idtoken from session.static booleanisExpired(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)Returns whether the given Access Token is expired by reading its "exp" value.static booleantestAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken, URI userInfoEndpointURL)Tests if the given token is valid by trying to query the user info endpoint.static booleanvalidateToken(com.nimbusds.jwt.JWT idToken, com.nimbusds.jose.JWSAlgorithm jwsAlg, String issuerURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)Validates the given JWT token.
-
-
-
Method Detail
-
getAuthorizationCodeFromRequest
public static com.nimbusds.oauth2.sdk.AuthorizationCode getAuthorizationCodeFromRequest(de.guh.gadget.GadgetRequest gdRequest, de.guh.gadget.GadgetSession gdSession)Tries to get the Authorization Code after being redirected from authorization endpoint. Returns null if no code is received from gdRequest, invalid code, or error.
-
getOIDCTokens
public static com.nimbusds.openid.connect.sdk.token.OIDCTokens getOIDCTokens(com.nimbusds.oauth2.sdk.AuthorizationCode code, String clientIDString, String clientSecretString, URI tokenEndpointURI, URI redirectURI, de.guh.gadget.GadgetLogger log) throws com.nimbusds.oauth2.sdk.ParseException, IOExceptionRequest the OIDC Tokens (ID Token, Access Token and Refresh Token) from token endpoint URL using the authorization code. For public clients clientSecretString parameter may be empty.- Throws:
com.nimbusds.oauth2.sdk.ParseExceptionIOException
-
getUserInfo
public static com.nimbusds.openid.connect.sdk.claims.UserInfo getUserInfo(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken, URI userInfoEndpointURL, de.guh.gadget.GadgetLogger log)Requests the UserInfo object at the user info endpoint using the Access Token- Parameters:
accessToken-userInfoEndpointURL-log-- Returns:
-
testAccessToken
public static boolean testAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken, URI userInfoEndpointURL)Tests if the given token is valid by trying to query the user info endpoint.- Returns:
- true if token is valid, false if user endpoint denies request
-
accessTokenIntrospection
public static com.nimbusds.oauth2.sdk.TokenIntrospectionResponse accessTokenIntrospection(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)
-
getTokenExpirationTime
public static long getTokenExpirationTime(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)Return the UNIX timestamp after which the token will be expired. Tries to get token expiration time by executing one of the following commands: 1. If introspectionEndpointURL is defined check token and get lifetime from introspection endpoint (most secure way) 2. Decode token and read expiration time from "exp" parameter (most unreliable way)- Parameters:
accessToken- the token whose lifetime will be returnedintrospectionEndpointURL- optional URL to introspection endpointclientIDString- optional client ID as string (if introspection is to be used)clientSecretString- optional client secret as string (if introspection is to be used)log- optional logger object to log errors- Returns:
- the token's expiration time as a UNIX timestamp in seconds, 0 if error
-
getTokenLifetime
public static long getTokenLifetime(com.nimbusds.oauth2.sdk.token.AccessToken accessToken, URI introspectionEndpointURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)returns the number of seconds until the token will be expired
-
isExpired
public static boolean isExpired(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)
Returns whether the given Access Token is expired by reading its "exp" value.- Parameters:
accessToken-- Returns:
- true if token is expired, false if not expired or expiration date can not be found
-
validateToken
public static boolean validateToken(com.nimbusds.jwt.JWT idToken, com.nimbusds.jose.JWSAlgorithm jwsAlg, String issuerURL, String clientIDString, String clientSecretString, de.guh.gadget.GadgetLogger log)Validates the given JWT token.- Returns:
- true if token was successfully validated, false if validation failed
-
getAccessTokenFromRequest
public static com.nimbusds.oauth2.sdk.token.BearerAccessToken getAccessTokenFromRequest(de.guh.gadget.GadgetRequest gdRequest)
Returns Access Token found in the request's header or in the request's query parameters.- Parameters:
gdRequest-- Returns:
- the Access Token or null if no token found.
-
getAccessTokenFromRequest
public static com.nimbusds.oauth2.sdk.token.BearerAccessToken getAccessTokenFromRequest(de.guh.gadget.GadgetRequest gdRequest, de.guh.gadget.GadgetSession gdSession)Returns Access Token found in the request's header, in the request's query parameters or in the session.- Parameters:
gdRequest-gdSession-- Returns:
- the Access Token or null if no token found.
-
invalidateTokenInSession
public static void invalidateTokenInSession(de.guh.gadget.GadgetSession gdSession)
Removes accesstoken and idtoken from session.- Parameters:
gdSession-
-
-