- java.lang.Object
-
- net.trajano.ms.authz.TokenResource
-
@Configuration @Component @Path(value="/token") @PermitAll public class TokenResource extends Object
-
-
Field Summary
Fields Modifier and Type Field and Description private ClientValidatorclientValidatorprivate net.trajano.ms.core.CryptoOpscryptoOpsprivate InternalClaimsBuilderinternalClaimsBuilderprivate URIissuerprivate ConcurrentMap<URI,org.jose4j.jwk.HttpsJwks>jwksMapprivate intjwtMaximumLifetimeInSecondsMaximum life of a JWT token.private static org.slf4j.LoggerLOGprivate StringrealmNameprivate TokenCachetokenCache
-
Constructor Summary
Constructors Constructor and Description TokenResource()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method and Description OAuthTokenResponsedispatch(String grantType, String code, String assertion, String audience, String refreshToken, URI jwksUri, String authorization)Performs client credential validation then dispatches to the appropriate handler for a given grant type.private IdTokenResponsehandleAuthorizationCodeGrant(String accessToken)private OAuthTokenResponsehandleJwtAssertionGrant(String assertion, String clientId, String audience)Takes an assertion and converts it using anInternalClaimsBuilderto a JWT used internallyprivate OAuthTokenResponsehandleRefreshGrant(String refreshToken, String clientId)
-
-
-
Field Detail
-
LOG
private static final org.slf4j.Logger LOG
-
clientValidator
@Autowired private ClientValidator clientValidator
-
cryptoOps
@Autowired private net.trajano.ms.core.CryptoOps cryptoOps
-
internalClaimsBuilder
@Autowired private InternalClaimsBuilder internalClaimsBuilder
-
issuer
@Value(value="${issuer}") private URI issuer
-
jwksMap
private final ConcurrentMap<URI,org.jose4j.jwk.HttpsJwks> jwksMap
-
jwtMaximumLifetimeInSeconds
@Value(value="${token.jwtMaximumLifetime:86400}") private int jwtMaximumLifetimeInSecondsMaximum life of a JWT token. Past that period, it is expected to no longer be used.
-
realmName
@Value(value="${realmName:client_credentials}") private String realmName
-
tokenCache
@Autowired private TokenCache tokenCache
-
-
Method Detail
-
dispatch
@POST @Consumes(value="application/x-www-form-urlencoded") @Produces(value="application/json") public OAuthTokenResponse dispatch(@FormParam(value="grant_type") String grantType, @FormParam(value="code") String code, @FormParam(value="assertion") String assertion, @FormParam(value="aud") String audience, @FormParam(value="refresh_token") String refreshToken, @FormParam(value="jwks_uri") URI jwksUri, @HeaderParam(value="Authorization") String authorization)
Performs client credential validation then dispatches to the appropriate handler for a given grant type.
-
handleAuthorizationCodeGrant
private IdTokenResponse handleAuthorizationCodeGrant(String accessToken)
-
handleJwtAssertionGrant
private OAuthTokenResponse handleJwtAssertionGrant(String assertion, String clientId, String audience)
Takes an assertion and converts it using anInternalClaimsBuilderto a JWT used internally- Parameters:
assertion- an external JWT assertionclientId- client ID- Returns:
- OAuth response
-
handleRefreshGrant
private OAuthTokenResponse handleRefreshGrant(String refreshToken, String clientId)
-
-