Package net.shibboleth.oidc.profile.oauth2.config

Interface OAuth2TokenConfiguration

All Superinterfaces:

net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration, net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration, Component, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, IdentifiedComponent, OAuth2AccessTokenProducingProfileConfiguration, OAuth2ClientAuthenticableProfileConfiguration, OAuth2FlowAwareProfileConfiguration, OAuth2ProfileConfiguration, OAuth2RefreshTokenProducingProfileConfiguration, OAuth2TokenEncryptionProfileConfiguration, OIDCFlowAwareProfileConfiguration, OIDCIDTokenProducingProfileConfiguration, OIDCProfileConfiguration, OIDCSSOProfileConfiguration, OIDCSSOProviderConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration

public interface OAuth2TokenConfiguration
extends OIDCSSOProviderConfiguration

OIDC-aware OAuth 2.0 token endpoint profile configuration.

Field Summary

Fields

Modifier and Type	Field	Description
static String	PROFILE_ID	ID for this profile configuration.

Method Summary

Modifier and Type	Method	Description
Set<String>	getGrantTypes(ProfileRequestContext profileRequestContext)	Get the enabled grant types.
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>	getRefreshTokenClaimsSetManipulationStrategy(ProfileRequestContext profileRequestContext)	Get the bi-function for manipulating refresh token claims set.
boolean	isEnforceRefreshTokenRotation(ProfileRequestContext profileRequestContext)	Get whether always revoke the refresh_token after it's used.
boolean	isIssueIdTokenViaRefreshToken(ProfileRequestContext profileRequestContext)	Get whether the id_token is issued when refresh token grant is used.

Methods inherited from interface net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration

isResolveAttributes

Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration

getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal

Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration

getActivationCondition

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2AccessTokenProducingProfileConfiguration

getAccessTokenClaimsSetManipulationStrategy, getAccessTokenLifetime, getAccessTokenType

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableProfileConfiguration

getClaimsValidator, getTokenEndpointAuthMethods

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2FlowAwareProfileConfiguration

isAuthorizationCodeFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2RefreshTokenProducingProfileConfiguration

getRefreshTokenChainLifetime, getRefreshTokenLifetime, getRefreshTokenTimeout

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2TokenEncryptionProfileConfiguration

isEncryptionOptional

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCFlowAwareProfileConfiguration

isHybridFlowEnabled

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCIDTokenProducingProfileConfiguration

getAdditionalAudiencesForIdToken, getAlwaysIncludedAttributes, getIDTokenLifetime, getIDTokenManipulationStrategy

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCSSOProfileConfiguration

isAllowPKCEPlain, isForcePKCE

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Field Detail

PROFILE_ID

@Nonnull
@NotEmpty
static final String PROFILE_ID

ID for this profile configuration.

See Also:

Constant Field Values

Method Detail

getGrantTypes

@Nonnull
@NonnullElements
@NotLive
@Unmodifiable
Set<String> getGrantTypes(@Nullable
                          ProfileRequestContext profileRequestContext)

Get the enabled grant types.

Parameters:

profileRequestContext - profile request context

Returns:

enabled grant types

isEnforceRefreshTokenRotation

boolean isEnforceRefreshTokenRotation(@Nullable
                                      ProfileRequestContext profileRequestContext)

Get whether always revoke the refresh_token after it's used.

Parameters:

profileRequestContext - profile request context

Returns:

whether always revoke the refresh_token after it's used

Since:

2.1.0

getRefreshTokenClaimsSetManipulationStrategy

@Nonnull
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> getRefreshTokenClaimsSetManipulationStrategy(@Nullable
                                                                                                                                             ProfileRequestContext profileRequestContext)

Get the bi-function for manipulating refresh token claims set.

Parameters:

profileRequestContext - profile request context

Returns:

the bi-function for manipulating refresh token claims set

Since:

2.1.0

isIssueIdTokenViaRefreshToken

boolean isIssueIdTokenViaRefreshToken(@Nullable
                                      ProfileRequestContext profileRequestContext)

Get whether the id_token is issued when refresh token grant is used.

Parameters:

profileRequestContext - profile request context

Returns:

whether id_token is issued when refresh token grant is used

Since:

2.2.0