Package net.shibboleth.oidc.profile.config.impl

Class AbstractOIDCSSOConfiguration

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

net.shibboleth.idp.profile.config.AbstractProfileConfiguration

net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2ClientAuthenticableProfileConfiguration

net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2FlowAwareProfileConfiguration

net.shibboleth.oidc.profile.config.impl.AbstractOIDCSSOConfiguration

All Implemented Interfaces:

net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration, net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration, net.shibboleth.idp.profile.config.ConditionalProfileConfiguration, net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration, net.shibboleth.idp.profile.config.ProfileConfiguration, OIDCFlowAwareProfileConfiguration, OIDCIDTokenProducingProfileConfiguration, OIDCProfileConfiguration, OIDCSSOProfileConfiguration, OIDCSSOProviderConfiguration, OIDCSSORelyingPartyConfiguration, OAuth2AccessTokenProducingProfileConfiguration, OAuth2ClientAuthenticableClientProfileConfiguration, OAuth2ClientAuthenticableProfileConfiguration, OAuth2FlowAwareProfileConfiguration, OAuth2ProfileConfiguration, OAuth2RefreshTokenProducingProfileConfiguration, OAuth2TokenEncryptionProfileConfiguration, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

Direct Known Subclasses:

DefaultOAuth2TokenConfiguration, DefaultOIDCAuthorizationConfiguration

public abstract class AbstractOIDCSSOConfiguration
extends AbstractOAuth2FlowAwareProfileConfiguration
implements OIDCSSORelyingPartyConfiguration, OIDCSSOProviderConfiguration

Base class for profiles that support OIDC's concept of SSO, which spans multiple endpoints.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>>	accessTokenClaimsSetManipulationStrategyLookupStrategy	Lookup function to supply strategy bi-function for manipulating access token claims set.
private Function<ProfileRequestContext,Duration>	accessTokenLifetimeLookupStrategy	Lookup function to supply access token lifetime.
private Function<ProfileRequestContext,String>	accessTokenTypeLookupStrategy	Lookup function to supply access token type.
private Predicate<ProfileRequestContext>	allowPKCEPlainPredicate	Whether client is allowed to use PKCE code challenge method plain.
private Function<ProfileRequestContext,Set<String>>	alwaysIncludedAttributesLookupStrategy	Lookup function to supply attribute IDs to include in ID token regardless of response_type.
private Function<ProfileRequestContext,Set<String>>	assertionAudiencesLookupStrategy	Lookup function to supply additional audiences for ID token.
private Predicate<ProfileRequestContext>	encryptionOptionalPredicate	Whether encryption is optional in the face of no key, etc.
private Predicate<ProfileRequestContext>	forcePKCEPredicate	Whether client is required to use PKCE.
private Function<ProfileRequestContext,Duration>	idTokenLifetimeLookupStrategy	Lookup function to supply ID token lifetime.
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>>	idTokenManipulationStrategyLookupStrategy	Lookup function to supply strategy bi-function for manipulating id_token claims.
private Function<ProfileRequestContext,String>	issuerLookupStrategy	Lookup function to override issuer value.
private Function<ProfileRequestContext,Duration>	refreshTokenChainLifetimeLookupStrategy	Lookup function to supply refresh token chain lifetime.
private Function<ProfileRequestContext,Duration>	refreshTokenLifetimeLookupStrategy	Lookup function to supply refresh token lifetime.
private Function<ProfileRequestContext,Duration>	refreshTokenTimeoutLookupStrategy	Lookup function to supply refresh token timeout.
private Predicate<ProfileRequestContext>	resolveAttributesPredicate	Whether attributes should be resolved in the course of the profile.

Fields inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

DEFAULT_DISALLOWED_FEATURES

Fields inherited from interface net.shibboleth.oidc.profile.config.OIDCSSOProfileConfiguration

PROFILE_ID

Constructor Summary

Constructors

Constructor	Description
AbstractOIDCSSOConfiguration(String profileId)	Creates a new configuration instance.

Method Summary

Modifier and Type	Method	Description
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>	getAccessTokenClaimsSetManipulationStrategy(ProfileRequestContext profileRequestContext)
Duration	getAccessTokenLifetime(ProfileRequestContext profileRequestContext)
String	getAccessTokenType(ProfileRequestContext profileRequestContext)
Set<String>	getAdditionalAudiencesForIdToken(ProfileRequestContext profileRequestContext)
Set<String>	getAlwaysIncludedAttributes(ProfileRequestContext profileRequestContext)
Duration	getIDTokenLifetime(ProfileRequestContext profileRequestContext)
BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>	getIDTokenManipulationStrategy(ProfileRequestContext profileRequestContext)
String	getIssuer(ProfileRequestContext profileRequestContext)
Duration	getRefreshTokenChainLifetime(ProfileRequestContext profileRequestContext)
Duration	getRefreshTokenLifetime(ProfileRequestContext profileRequestContext)	Deprecated, for removal: This API element is subject to removal in a future version.
Duration	getRefreshTokenTimeout(ProfileRequestContext profileRequestContext)
boolean	isAllowPKCEPlain(ProfileRequestContext profileRequestContext)
boolean	isEncryptionOptional(ProfileRequestContext profileRequestContext)
boolean	isForcePKCE(ProfileRequestContext profileRequestContext)
boolean	isResolveAttributes(ProfileRequestContext profileRequestContext)
void	setAccessTokenClaimsSetManipulationStrategy(BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)	Set the bi-function for manipulating access token claims set.
void	setAccessTokenClaimsSetManipulationStrategyLookupStrategy(Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)	Set a lookup strategy for the bi-function for manipulating access token claims set.
void	setAccessTokenLifetime(Duration lifetime)	Set the lifetime of an access token.
void	setAccessTokenLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set a lookup strategy for the access token lifetime.
void	setAccessTokenType(String type)	Set access token type.
void	setAccessTokenTypeLookupStrategy(Function<ProfileRequestContext,String> strategy)	Set lookup strategy for access token type.
void	setAdditionalAudiencesForIdToken(Collection<String> audiences)	Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.
void	setAdditionalAudiencesForIdTokenLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)	Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.
void	setAllowPKCEPlain(boolean flag)	Set whether client is allowed to use PKCE code challenge method plain.
void	setAllowPKCEPlainPredicate(Predicate<ProfileRequestContext> condition)	Set condition for whether client is allowed to use PKCE code challenge method plain.
void	setAlwaysIncludedAttributes(Collection<String> attributes)	Set the set of attribute IDs which should be included in the ID token regardless of response_type.
void	setAlwaysIncludedAttributesLookupStrategy(Function<ProfileRequestContext,Set<String>> strategy)	Set a lookup strategy for the attribute IDs which should be included in the ID token regardless of response_type.
void	setEncryptionOptional(boolean flag)	Set whether encryption is optional in the face of a missing key, etc.
void	setEncryptionOptionalPredicate(Predicate<ProfileRequestContext> condition)	Set a condition to determine whether encryption is optional in the face of a missing key, etc.
void	setForcePKCE(boolean flag)	Set whether client is required to use PKCE.
void	setForcePKCEPredicate(Predicate<ProfileRequestContext> condition)	Set condition for whether client is required to use PKCE.
void	setIDTokenLifetime(Duration lifetime)	Set the lifetime of an id token.
void	setIDTokenLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set a lookup strategy for the ID token lifetime.
void	setIDTokenManipulationStrategy(BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)	Set the bi-function for manipulating id_token claims.
void	setIDTokenManipulationStrategyLookupStrategy(Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)	Set a lookup strategy for the bi-function for manipulating id_token claims.
void	setIssuer(String issuer)	Set overridden issuer value.
void	setIssuerLookupStrategy(Function<ProfileRequestContext,String> strategy)	Sets lookup strategy for overridden issuer value.
void	setRefreshTokenChainLifetime(Duration lifetime)	Set the lifetime of refresh token chain.
void	setRefreshTokenChainLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set a lookup strategy for the refresh token chain lifetime.
void	setRefreshTokenLifetime(Duration lifetime)	Deprecated, for removal: This API element is subject to removal in a future version. Use setRefreshTokenTimeout(Duration)
void	setRefreshTokenLifetimeLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Deprecated, for removal: This API element is subject to removal in a future version. Use setRefreshTokenTimeoutLookupStrategy(Function)
void	setRefreshTokenTimeout(Duration timeout)	Set the timeout of refresh token.
void	setRefreshTokenTimeoutLookupStrategy(Function<ProfileRequestContext,Duration> strategy)	Set a lookup strategy for the refresh token timeout.
void	setResolveAttributes(boolean flag)	Set whether attributes should be resolved during the profile.
void	setResolveAttributesPredicate(Predicate<ProfileRequestContext> condition)	Set a condition to determine whether attributes should be resolved during the profile.

Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2FlowAwareProfileConfiguration

isAuthorizationCodeFlowEnabled, isHybridFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled, setAuthorizationCodeFlowEnabled, setAuthorizationCodeFlowEnabledPredicate, setHybridFlowEnabled, setHybridFlowEnabledPredicate, setImplicitFlowEnabled, setImplicitFlowEnabledPredicate, setRefreshTokensEnabled, setRefreshTokensEnabledPredicate

Methods inherited from class net.shibboleth.oidc.profile.oauth2.config.impl.AbstractOAuth2ClientAuthenticableProfileConfiguration

getAuthenticationFlows, getClaimsValidator, getClientCredential, getClientId, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, getTokenEndpointAuthMethod, getTokenEndpointAuthMethods, isForceAuthn, setAuthenticationFlows, setAuthenticationFlowsLookupStrategy, setClaimsValidator, setClaimsValidatorLookupStrategy, setClientCredential, setClientCredentialLookupStrategy, setClientId, setClientIdLookupStrategy, setDefaultAuthenticationMethods, setDefaultAuthenticationMethodsLookupStrategy, setForceAuthn, setForceAuthnPredicate, setPostAuthenticationFlows, setPostAuthenticationFlowsLookupStrategy, setProxyCount, setProxyCountLookupStrategy, setTokenEndpointAuthMethod, setTokenEndpointAuthMethodLookupStrategy, setTokenEndpointAuthMethods, setTokenEndpointAuthMethodsLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.config.AbstractConditionalProfileConfiguration

getActivationCondition, setActivationCondition

Methods inherited from class net.shibboleth.idp.profile.config.AbstractProfileConfiguration

equals, getDisallowedFeatures, getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration, hashCode, isFeatureDisallowed, setDisallowedFeatures, setDisallowedFeaturesLookupStrategy, setInboundFlowsLookupStrategy, setInboundInterceptorFlows, setInboundInterceptorFlowsLookupStrategy, setOutboundFlowsLookupStrategy, setOutboundInterceptorFlows, setOutboundInterceptorFlowsLookupStrategy, setSecurityConfiguration, setSecurityConfigurationLookupStrategy

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

doInitialize, getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.idp.authn.config.AuthenticationProfileConfiguration

getAuthenticationFlows, getDefaultAuthenticationMethods, getPostAuthenticationFlows, getProxyCount, isForceAuthn, isLocal

Methods inherited from interface net.shibboleth.idp.profile.config.ConditionalProfileConfiguration

getActivationCondition

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableClientProfileConfiguration

getClientCredential, getClientId, getTokenEndpointAuthMethod

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2ClientAuthenticableProfileConfiguration

getClaimsValidator, getTokenEndpointAuthMethods

Methods inherited from interface net.shibboleth.oidc.profile.oauth2.config.OAuth2FlowAwareProfileConfiguration

isAuthorizationCodeFlowEnabled, isImplicitFlowEnabled, isRefreshTokensEnabled

Methods inherited from interface net.shibboleth.oidc.profile.config.OIDCFlowAwareProfileConfiguration

isHybridFlowEnabled

Methods inherited from interface net.shibboleth.idp.profile.config.ProfileConfiguration

getInboundInterceptorFlows, getOutboundInterceptorFlows, getSecurityConfiguration

Field Detail

issuerLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> issuerLookupStrategy

Lookup function to override issuer value.

resolveAttributesPredicate

@Nonnull
private Predicate<ProfileRequestContext> resolveAttributesPredicate

Whether attributes should be resolved in the course of the profile.

encryptionOptionalPredicate

@Nonnull
private Predicate<ProfileRequestContext> encryptionOptionalPredicate

Whether encryption is optional in the face of no key, etc.

forcePKCEPredicate

@Nonnull
private Predicate<ProfileRequestContext> forcePKCEPredicate

Whether client is required to use PKCE.

allowPKCEPlainPredicate

@Nonnull
private Predicate<ProfileRequestContext> allowPKCEPlainPredicate

Whether client is allowed to use PKCE code challenge method plain.

idTokenLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> idTokenLifetimeLookupStrategy

Lookup function to supply ID token lifetime.

accessTokenTypeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> accessTokenTypeLookupStrategy

Lookup function to supply access token type.

accessTokenLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> accessTokenLifetimeLookupStrategy

Lookup function to supply access token lifetime.

refreshTokenLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> refreshTokenLifetimeLookupStrategy

Lookup function to supply refresh token lifetime.

refreshTokenTimeoutLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> refreshTokenTimeoutLookupStrategy

Lookup function to supply refresh token timeout.

refreshTokenChainLifetimeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Duration> refreshTokenChainLifetimeLookupStrategy

Lookup function to supply refresh token chain lifetime.

assertionAudiencesLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Set<String>> assertionAudiencesLookupStrategy

Lookup function to supply additional audiences for ID token.

alwaysIncludedAttributesLookupStrategy

@Nonnull
private Function<ProfileRequestContext,Set<String>> alwaysIncludedAttributesLookupStrategy

Lookup function to supply attribute IDs to include in ID token regardless of response_type.

idTokenManipulationStrategyLookupStrategy

@Nonnull
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> idTokenManipulationStrategyLookupStrategy

Lookup function to supply strategy bi-function for manipulating id_token claims.

accessTokenClaimsSetManipulationStrategyLookupStrategy

@Nonnull
private Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> accessTokenClaimsSetManipulationStrategyLookupStrategy

Lookup function to supply strategy bi-function for manipulating access token claims set.

Constructor Detail

AbstractOIDCSSOConfiguration

public AbstractOIDCSSOConfiguration(@Nonnull @NotEmpty
                                    String profileId)

Creates a new configuration instance.

Parameters:

profileId - Unique profile identifier.

Method Detail

getIssuer

@Nullable
@NotEmpty
public String getIssuer(@Nullable
                        ProfileRequestContext profileRequestContext)

Specified by:

getIssuer in interface net.shibboleth.idp.profile.config.OverriddenIssuerProfileConfiguration

setIssuer

public void setIssuer(@Nullable @NotEmpty
                      String issuer)

Set overridden issuer value.

Parameters:

issuer - issuer value

setIssuerLookupStrategy

public void setIssuerLookupStrategy(@Nonnull
                                    Function<ProfileRequestContext,String> strategy)

Sets lookup strategy for overridden issuer value.

Parameters:

strategy - lookup strategy

isResolveAttributes

public boolean isResolveAttributes(@Nullable
                                   ProfileRequestContext profileRequestContext)

Specified by:

isResolveAttributes in interface net.shibboleth.idp.profile.config.AttributeResolvingProfileConfiguration

setResolveAttributes

public void setResolveAttributes(boolean flag)

Set whether attributes should be resolved during the profile.

Parameters:

flag - flag to set

setResolveAttributesPredicate

public void setResolveAttributesPredicate(@Nonnull
                                          Predicate<ProfileRequestContext> condition)

Set a condition to determine whether attributes should be resolved during the profile.

Parameters:

condition - condition to set

isEncryptionOptional

public boolean isEncryptionOptional(@Nullable
                                    ProfileRequestContext profileRequestContext)

Specified by:

isEncryptionOptional in interface OAuth2TokenEncryptionProfileConfiguration

setEncryptionOptional

public void setEncryptionOptional(boolean flag)

Set whether encryption is optional in the face of a missing key, etc.

Parameters:

flag - flag to set

setEncryptionOptionalPredicate

public void setEncryptionOptionalPredicate(@Nonnull
                                           Predicate<ProfileRequestContext> condition)

Set a condition to determine whether encryption is optional in the face of a missing key, etc.

Parameters:

condition - condition to set

isForcePKCE

public boolean isForcePKCE(@Nullable
                           ProfileRequestContext profileRequestContext)

Specified by:

isForcePKCE in interface OIDCSSOProfileConfiguration

setForcePKCE

public void setForcePKCE(boolean flag)

Set whether client is required to use PKCE.

Parameters:

flag - flag to set

setForcePKCEPredicate

public void setForcePKCEPredicate(@Nonnull
                                  Predicate<ProfileRequestContext> condition)

Set condition for whether client is required to use PKCE.

Parameters:

condition - condition to set

isAllowPKCEPlain

public boolean isAllowPKCEPlain(@Nullable
                                ProfileRequestContext profileRequestContext)

Specified by:

isAllowPKCEPlain in interface OIDCSSOProfileConfiguration

setAllowPKCEPlain

public void setAllowPKCEPlain(boolean flag)

Set whether client is allowed to use PKCE code challenge method plain.

Parameters:

flag - flag to set

setAllowPKCEPlainPredicate

public void setAllowPKCEPlainPredicate(@Nonnull
                                       Predicate<ProfileRequestContext> condition)

Set condition for whether client is allowed to use PKCE code challenge method plain.

Parameters:

condition - condition to set

getIDTokenLifetime

@Positive
@Nonnull
public Duration getIDTokenLifetime(@Nullable
                                   ProfileRequestContext profileRequestContext)

Specified by:

getIDTokenLifetime in interface OIDCIDTokenProducingProfileConfiguration

setIDTokenLifetime

public void setIDTokenLifetime(@Positive @Nonnull
                               Duration lifetime)

Set the lifetime of an id token.

Parameters:

lifetime - lifetime of an id token in milliseconds

setIDTokenLifetimeLookupStrategy

public void setIDTokenLifetimeLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,Duration> strategy)

Set a lookup strategy for the ID token lifetime.

Parameters:

strategy - lookup strategy

getAccessTokenType

@Nullable
@NotEmpty
public String getAccessTokenType(@Nullable
                                 ProfileRequestContext profileRequestContext)

Specified by:

getAccessTokenType in interface OAuth2AccessTokenProducingProfileConfiguration

setAccessTokenType

public void setAccessTokenType(@Nullable @NotEmpty
                               String type)

Set access token type.

Parameters:

type - token type, or null for unspecified/opaque

Since:

2.1.0

setAccessTokenTypeLookupStrategy

public void setAccessTokenTypeLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,String> strategy)

Set lookup strategy for access token type.

Parameters:

strategy - lookup strategy

Since:

2.1.0

getAccessTokenLifetime

@Positive
@Nonnull
public Duration getAccessTokenLifetime(@Nullable
                                       ProfileRequestContext profileRequestContext)

Specified by:

getAccessTokenLifetime in interface OAuth2AccessTokenProducingProfileConfiguration

setAccessTokenLifetime

public void setAccessTokenLifetime(@Positive @Nonnull
                                   Duration lifetime)

Set the lifetime of an access token.

Parameters:

lifetime - lifetime of an access token in milliseconds

setAccessTokenLifetimeLookupStrategy

public void setAccessTokenLifetimeLookupStrategy(@Nullable
                                                 Function<ProfileRequestContext,Duration> strategy)

Set a lookup strategy for the access token lifetime.

Parameters:

strategy - lookup strategy

getRefreshTokenLifetime

@Nonnull
@Positive
@Deprecated(since="2.2.0",
            forRemoval=true)
public Duration getRefreshTokenLifetime(@Nullable
                                        ProfileRequestContext profileRequestContext)

Deprecated, for removal: This API element is subject to removal in a future version.

Specified by:

getRefreshTokenLifetime in interface OAuth2RefreshTokenProducingProfileConfiguration

setRefreshTokenLifetime

@Deprecated(since="2.2.0",
            forRemoval=true)
public void setRefreshTokenLifetime(@Nonnull @Positive
                                    Duration lifetime)

Deprecated, for removal: This API element is subject to removal in a future version.

Use setRefreshTokenTimeout(Duration)

Set the lifetime of refresh token.

Parameters:

lifetime - lifetime of an refresh token

setRefreshTokenLifetimeLookupStrategy

@Deprecated(since="2.2.0",
            forRemoval=true)
public void setRefreshTokenLifetimeLookupStrategy(@Nullable
                                                  Function<ProfileRequestContext,Duration> strategy)

Deprecated, for removal: This API element is subject to removal in a future version.

Use setRefreshTokenTimeoutLookupStrategy(Function)

Set a lookup strategy for the refresh token lifetime.

Parameters:

strategy - lookup strategy

getRefreshTokenTimeout

@Nonnull
@Positive
public Duration getRefreshTokenTimeout(@Nullable
                                       ProfileRequestContext profileRequestContext)

Specified by:

getRefreshTokenTimeout in interface OAuth2RefreshTokenProducingProfileConfiguration

setRefreshTokenTimeout

public void setRefreshTokenTimeout(@Nonnull @Positive
                                   Duration timeout)

Set the timeout of refresh token.

Parameters:

timeout - timeout of an refresh token

Since:

2.2.0

setRefreshTokenTimeoutLookupStrategy

public void setRefreshTokenTimeoutLookupStrategy(@Nullable
                                                 Function<ProfileRequestContext,Duration> strategy)

Set a lookup strategy for the refresh token timeout.

Parameters:

strategy - lookup strategy

Since:

2.2.0

getRefreshTokenChainLifetime

@Nonnull
@Positive
public Duration getRefreshTokenChainLifetime(@Nullable
                                             ProfileRequestContext profileRequestContext)

Specified by:

getRefreshTokenChainLifetime in interface OAuth2RefreshTokenProducingProfileConfiguration

setRefreshTokenChainLifetime

public void setRefreshTokenChainLifetime(@Nonnull @Positive
                                         Duration lifetime)

Set the lifetime of refresh token chain.

Parameters:

lifetime - lifetime of a refresh token chain

Since:

2.2.0

setRefreshTokenChainLifetimeLookupStrategy

public void setRefreshTokenChainLifetimeLookupStrategy(@Nullable
                                                       Function<ProfileRequestContext,Duration> strategy)

Set a lookup strategy for the refresh token chain lifetime.

Parameters:

strategy - lookup strategy

Since:

2.2.0

getAdditionalAudiencesForIdToken

@Nonnull
@NonnullElements
@NotLive
public Set<String> getAdditionalAudiencesForIdToken(@Nullable
                                                    ProfileRequestContext profileRequestContext)

Specified by:

getAdditionalAudiencesForIdToken in interface OIDCIDTokenProducingProfileConfiguration

setAdditionalAudiencesForIdToken

public void setAdditionalAudiencesForIdToken(@Nullable @NonnullElements
                                             Collection<String> audiences)

Set the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.

Parameters:

audiences - the additional audiences

setAdditionalAudiencesForIdTokenLookupStrategy

public void setAdditionalAudiencesForIdTokenLookupStrategy(@Nonnull
                                                           Function<ProfileRequestContext,Set<String>> strategy)

Set a lookup strategy for the set of audiences, in addition to the relying party(ies) to which the IdP is issuing the ID Token, with which the token may be shared.

Parameters:

strategy - lookup strategy

getAlwaysIncludedAttributes

@Nonnull
@NonnullElements
@NotLive
public Set<String> getAlwaysIncludedAttributes(@Nullable
                                               ProfileRequestContext profileRequestContext)

Specified by:

getAlwaysIncludedAttributes in interface OIDCIDTokenProducingProfileConfiguration

setAlwaysIncludedAttributes

public void setAlwaysIncludedAttributes(@Nullable @NonnullElements
                                        Collection<String> attributes)

Set the set of attribute IDs which should be included in the ID token regardless of response_type.

Default behavior is to include claims only with the implicit id_token type only, while any use of a back-channel relies on the user_info endpoint to get the claims. This setting forces certain attributes to be added to the ID token regardless of flow.

Parameters:

attributes - the attribute IDs to include in all cases

setAlwaysIncludedAttributesLookupStrategy

public void setAlwaysIncludedAttributesLookupStrategy(@Nonnull
                                                      Function<ProfileRequestContext,Set<String>> strategy)

Set a lookup strategy for the attribute IDs which should be included in the ID token regardless of response_type.

Parameters:

strategy - lookup strategy

getIDTokenManipulationStrategy

@Nonnull
public BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> getIDTokenManipulationStrategy(@Nullable
                                                                                                                                      ProfileRequestContext profileRequestContext)

Specified by:

getIDTokenManipulationStrategy in interface OIDCIDTokenProducingProfileConfiguration

setIDTokenManipulationStrategy

public void setIDTokenManipulationStrategy(@Nullable
                                           BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)

Set the bi-function for manipulating id_token claims.

Parameters:

strategy - bi-function for manipulating id_token claims

Since:

2.1.0

setIDTokenManipulationStrategyLookupStrategy

public void setIDTokenManipulationStrategyLookupStrategy(@Nonnull
                                                         Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)

Set a lookup strategy for the bi-function for manipulating id_token claims.

Parameters:

strategy - lookup strategy

Since:

2.1.0

getAccessTokenClaimsSetManipulationStrategy

@Nonnull
public BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> getAccessTokenClaimsSetManipulationStrategy(@Nullable
                                                                                                                                                   ProfileRequestContext profileRequestContext)

Specified by:

getAccessTokenClaimsSetManipulationStrategy in interface OAuth2AccessTokenProducingProfileConfiguration

setAccessTokenClaimsSetManipulationStrategy

public void setAccessTokenClaimsSetManipulationStrategy(@Nullable
                                                        BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>> strategy)

Set the bi-function for manipulating access token claims set.

Parameters:

strategy - bi-function for manipulating access token claims set

Since:

2.1.0

setAccessTokenClaimsSetManipulationStrategyLookupStrategy

public void setAccessTokenClaimsSetManipulationStrategyLookupStrategy(@Nonnull
                                                                      Function<ProfileRequestContext,BiFunction<ProfileRequestContext,Map<String,Object>,Map<String,Object>>> strategy)

Set a lookup strategy for the bi-function for manipulating access token claims set.

Parameters:

strategy - lookup strategy

Since:

2.1.0