Package net.shibboleth.oidc.profile.encoding.impl

Class AbstractOIDCMessageEncoder

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Class logger.

      • authorizationParamsAreValidPredicate

        @Nonnull
private Predicate<List<Pair<String,​String>>> authorizationParamsAreValidPredicate
        A hook to allow additional checking of the authorization parameters after it is built.

    • Constructor Detail

      • AbstractOIDCMessageEncoder

        protected AbstractOIDCMessageEncoder()

    • Method Detail

      • setAuthorizationParamsAreValidPredicate

        public void setAuthorizationParamsAreValidPredicate​(@Nullable
                                                    Predicate<List<Pair<String,​String>>> predicate)
        Set a hook that allows the built authorization parameters to be validated before they are used. This is run in addition too, but before, the built in validation taken from the specification. If this returns false, the built in validation is not run, and validation fails.
        Parameters:
        predicate - the hook to run

      • serializeAuthorizationParamsToUrl

        protected void serializeAuthorizationParamsToUrl​(@Nonnull
                                                 OIDCAuthenticationRequest request,
                                                 @Nonnull
                                                 URLBuilder builder)
                                          throws MessageEncodingException
        Serialize OAuth 2.0 authorization parameters from the authentication request to the query string of the URL.
        Parameters:
        request - the authentication request.
        builder - the URL builder to add the query parameters to.
        Throws:
        MessageEncodingException - on error building the parameters

      • serializeAuthorizationParamsToQueryString

        protected String serializeAuthorizationParamsToQueryString​(@Nonnull
                                                           OIDCAuthenticationRequest request)
                                                    throws MessageEncodingException
        Serialize OAuth 2.0 authorization parameters from the authentication request to a query string.
        Parameters:
        request - the authentication request query string.
        Returns:
        the query string.
        Throws:
        MessageEncodingException - on error building the parameters

      • createParametersFromRequestWithRequestObject

        private void createParametersFromRequestWithRequestObject​(@Nonnull
                                                          List<Pair<String,​String>> params,
                                                          @Nonnull
                                                          OIDCAuthenticationRequest req)
                                                   throws MessageEncodingException
        Create the set of OAuth2.0 authorization and and OIDC authentication request parameters when a RequestObject is present.
        Parameters:
        params - the OAuth2.0 authorization and and OIDC authentication request parameters to set
        req - the current authentication request
        Throws:
        MessageEncodingException - if there is an error building the parameters

      • createParametersFromRequestWithoutRequestObject

        private void createParametersFromRequestWithoutRequestObject​(@Nonnull
                                                             List<Pair<String,​String>> params,
                                                             @Nonnull
                                                             OIDCAuthenticationRequest req)
                                                      throws MessageEncodingException
        Create the set of OAuth2.0 authorization and and OIDC authentication request parameters when no RequestObject has been built. Note, ACRs are encoded into the requested claims as essential claims, the acr_values parameter is not used.
        Parameters:
        params - the OAuth2.0 authorization and and OIDC authentication request parameters to set
        req - the current authentication request
        Throws:
        MessageEncodingException - if there is an error building the parameters

      • validateParams

        protected boolean validateParams​(List<Pair<String,​String>> params)
        Ensure the authorization parameters are valid.
        Parameters:
        params - the parameters
        Returns:
        true if the authorization parameters are valid, false otherwise

      • pairFirstEquals

        private boolean pairFirstEquals​(@Nonnull
                                String value,
                                List<Pair<String,​String>> params)
        Check if the value is contained (exact string match) in the parameter map as the first item of any pair.
        Parameters:
        value - the value to check exists
        params - the parameters to check
        Returns:
        true iff the value exists as the first item of any pair, false otherwise

      • pairSecondContains

        private boolean pairSecondContains​(@Nonnull
                                   String key,
                                   @Nonnull
                                   String value,
                                   List<Pair<String,​String>> params)
        Check if the value is contained (string containment) in the parameter map as the second item of a pair. The pair is chosen using the first parameter as a key. If they key does not exist in the list, false is returned.
        Parameters:
        key - the key used to find the pair that should contain the value
        value - the value to check exists
        params - the parameters to check
        Returns:
        true iff the value is contained in the second item of the pair referenced by the key, false otherwise