Package org.wildfly.security.http.oidc

Class Oidc

java.lang.Object

org.wildfly.security.http.oidc.Oidc

public class Oidc
extends Object

Constants and utility methods related to the OpenID Connect HTTP mechanism.

Author:

Marek Posolda, Farah Juma

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	Oidc.AuthenticationRequestFormat
static enum	Oidc.AuthOutcome
static enum	Oidc.ClientCredentialsProviderType
static final class	Oidc.EnvUtil	Replaces any ${} strings with their corresponding system property.
static enum	Oidc.SSLRequired
static enum	Oidc.TokenStore

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCEPT
static final String	ADAPTER_STATE_COOKIE_PATH
static final String	ALLOW_ANY_HOSTNAME
static final String	ALLOW_QUERY_PARAMS_PROPERTY_NAME
static final String	ALWAYS_REFRESH_TOKEN
static final String	AUTH_SERVER_URL
static final String	AUTHENTICATION_REQUEST_FORMAT
static final String	AUTODETECT_BEARER_ONLY
static final String	BEARER_ONLY
static final Pattern	BEARER_TOKEN_PATTERN	Bearer token pattern.
static final String	CLIENT_ID
static final String	CLIENT_ID_JSON_VALUE
static final String	CLIENT_KEY_PASSWORD
static final String	CLIENT_KEYSTORE
static final String	CLIENT_KEYSTORE_PASSWORD
static final String	CLIENTS_MANAGEMENT_REGISTER_NODE_PATH
static final String	CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH
static final String	CODE
static final String	CODE_CHALLENGE
static final String	CODE_CHALLENGE_METHOD
static final String	CODE_CHALLENGE_METHOD_S256
static final String	CODE_VERIFIER
static final String	CONFIDENTIAL_PORT
static final String	CONNECTION_POOL_SIZE
static final String	CONNECTION_TIMEOUT_MILLIS
static final String	CONNECTION_TTL_MILLIS
static final String	CORS_ALLOWED_HEADERS
static final String	CORS_ALLOWED_METHODS
static final String	CORS_EXPOSED_HEADERS
static final String	CORS_MAX_AGE
static final String	CREDENTIALS
static final String	DISABLE_TRUST_MANAGER
static final String	DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME
static final String	DISCOVERY_PATH
static final String	DOMAIN_HINT
static final String	ENABLE_BASIC_AUTH
static final String	ENABLE_CORS
static final String	ENABLE_PKCE
static final String	ERROR
static final String	ERROR_DESCRIPTION
static final String	EXPOSE_TOKEN
static final String	FACES_REQUEST
static final String	GRANT_TYPE
static final String	HTML_CONTENT_TYPE
static final String	IGNORE_OAUTH_QUERY_PARAMETER
static final int	INVALID_AT_HASH_CLAIM
static final int	INVALID_ISSUED_FOR_CLAIM
static final int	INVALID_SESSION_RANDOM_VALUE
static final String	INVALID_TOKEN
static final int	INVALID_TYPE_CLAIM
static final String	ISSUER
static final String	JSON_CONFIG_CONTEXT_PARAM
static final String	JSON_CONTENT_TYPE
static final String	KC_IDP_HINT
static final String	KEYCLOAK_REALMS_PATH
static final String	LOGIN_HINT
static final String	MAX_AGE
static final String	MIN_TIME_BETWEEN_JWKS_REQUESTS
static final String	NO_TOKEN
static final String	OIDC_CLIENT_CONTEXT_KEY
static final String	OIDC_NAME
static final String	OIDC_SCOPE
static final String	OPTIONS
static final String	PARTIAL
static final String	PASSWORD
static final String	PRINCIPAL_ATTRIBUTE
static final String	PROMPT
static final String	PROVIDER_URL
static final String	PROXY_URL
static final String	PUBLIC_CLIENT
static final String	PUBLIC_KEY_CACHE_TTL
static final String	REALM
static final String	REALM_PUBLIC_KEY
static final String	REDIRECT_REWRITE_RULES
static final String	REDIRECT_URI
static final String	REFRESH_TOKEN
static final String	REGISTER_NODE_AT_STARTUP
static final String	REGISTER_NODE_PERIOD
static final String	REQUEST
static final String	REQUEST_OBJECT_ENCRYPTION_ALG_VALUE
static final String	REQUEST_OBJECT_ENCRYPTION_ENC_VALUE
static final String	REQUEST_OBJECT_SIGNING_ALGORITHM
static final String	REQUEST_OBJECT_SIGNING_KEY_ALIAS
static final String	REQUEST_OBJECT_SIGNING_KEY_PASSWORD
static final String	REQUEST_OBJECT_SIGNING_KEYSTORE_FILE
static final String	REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD
static final String	REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE
static final String	REQUEST_URI
static final String	RESOURCE
static final String	RESPONSE_TYPE
static final String	SCOPE
static final String	SESSION_RANDOM_VALUE
static final String	SESSION_STATE
static final String	SHA256
static final String	SHA384
static final String	SHA512
static final String	SLASH
static final String	SOAP_ACTION
static final String	SOCKET_TIMEOUT_MILLIS
static final String	SSL_REQUIRED
static final String	STALE_TOKEN
static final String	STATE
static final String	TEXT_CONTENT_TYPE
static final String	TOKEN_MINIMUM_TIME_TO_LIVE
static final String	TOKEN_SIGNATURE_ALGORITHM
static final String	TOKEN_STORE
static final String	TRUSTSTORE
static final String	TRUSTSTORE_PASSWORD
static final String	TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN
static final String	UI_LOCALES
static final String	USE_REALM_ROLE_MAPPINGS
static final String	USE_RESOURCE_ROLE_MAPPINGS
static final String	USERNAME
static final String	VERIFY_TOKEN_AUDIENCE
static final String	WILDCARD_CONTENT_TYPE
static final String	X_REQUESTED_WITH
static final String	XML_HTTP_REQUEST

Constructor Summary

Constructors

Constructor	Description
Oidc()

Method Summary

Modifier and Type	Method	Description
protected static boolean	checkCachedAccountMatchesRequest(OidcAccount account, OidcClientConfiguration deployment)
static String	generateId()
protected static String	getCryptographicValue(String src)
static String	getJavaAlgorithm(String algorithm)
static String	getJavaAlgorithmForHash(String algorithm)
static String	getQueryParamValue(OidcHttpFacade facade, String paramName)
static boolean	isOpaqueToken(String token)
static void	logToken(String name, String token)
protected static String	stripQueryParam(String url, String paramName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ACCEPT

public static final String ACCEPT

See Also:

• Constant Field Values

ADAPTER_STATE_COOKIE_PATH

public static final String ADAPTER_STATE_COOKIE_PATH

See Also:

• Constant Field Values

ALLOW_ANY_HOSTNAME

public static final String ALLOW_ANY_HOSTNAME

See Also:

• Constant Field Values

ALWAYS_REFRESH_TOKEN

public static final String ALWAYS_REFRESH_TOKEN

See Also:

• Constant Field Values

AUTH_SERVER_URL

public static final String AUTH_SERVER_URL

See Also:

• Constant Field Values

AUTHENTICATION_REQUEST_FORMAT

public static final String AUTHENTICATION_REQUEST_FORMAT

See Also:

• Constant Field Values

AUTODETECT_BEARER_ONLY

public static final String AUTODETECT_BEARER_ONLY

See Also:

• Constant Field Values

BEARER_ONLY

public static final String BEARER_ONLY

See Also:

• Constant Field Values

OIDC_NAME

public static final String OIDC_NAME

See Also:

• Constant Field Values

JSON_CONTENT_TYPE

public static final String JSON_CONTENT_TYPE

See Also:

• Constant Field Values

HTML_CONTENT_TYPE

public static final String HTML_CONTENT_TYPE

See Also:

• Constant Field Values

WILDCARD_CONTENT_TYPE

public static final String WILDCARD_CONTENT_TYPE

See Also:

• Constant Field Values

TEXT_CONTENT_TYPE

public static final String TEXT_CONTENT_TYPE

See Also:

• Constant Field Values

DISCOVERY_PATH

public static final String DISCOVERY_PATH

See Also:

• Constant Field Values

KEYCLOAK_REALMS_PATH

public static final String KEYCLOAK_REALMS_PATH

See Also:

• Constant Field Values

JSON_CONFIG_CONTEXT_PARAM

public static final String JSON_CONFIG_CONTEXT_PARAM

See Also:

• Constant Field Values

CORS_MAX_AGE

public static final String CORS_MAX_AGE

See Also:

• Constant Field Values

CORS_ALLOWED_HEADERS

public static final String CORS_ALLOWED_HEADERS

See Also:

• Constant Field Values

CORS_ALLOWED_METHODS

public static final String CORS_ALLOWED_METHODS

See Also:

• Constant Field Values

CORS_EXPOSED_HEADERS

public static final String CORS_EXPOSED_HEADERS

See Also:

• Constant Field Values

CONNECTION_POOL_SIZE

public static final String CONNECTION_POOL_SIZE

See Also:

• Constant Field Values

CONNECTION_TIMEOUT_MILLIS

public static final String CONNECTION_TIMEOUT_MILLIS

See Also:

• Constant Field Values

CONNECTION_TTL_MILLIS

public static final String CONNECTION_TTL_MILLIS

See Also:

• Constant Field Values

SOCKET_TIMEOUT_MILLIS

public static final String SOCKET_TIMEOUT_MILLIS

See Also:

• Constant Field Values

CLIENTS_MANAGEMENT_REGISTER_NODE_PATH

public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH

See Also:

• Constant Field Values

CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH

public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH

See Also:

• Constant Field Values

CREDENTIALS

public static final String CREDENTIALS

See Also:

• Constant Field Values

DISABLE_TRUST_MANAGER

public static final String DISABLE_TRUST_MANAGER

See Also:

• Constant Field Values

SLASH

public static final String SLASH

See Also:

• Constant Field Values

OIDC_CLIENT_CONTEXT_KEY

public static final String OIDC_CLIENT_CONTEXT_KEY

CLIENT_ID

public static final String CLIENT_ID

See Also:

• Constant Field Values

CLIENT_ID_JSON_VALUE

public static final String CLIENT_ID_JSON_VALUE

See Also:

• Constant Field Values

CLIENT_KEYSTORE

public static final String CLIENT_KEYSTORE

See Also:

• Constant Field Values

CLIENT_KEYSTORE_PASSWORD

public static final String CLIENT_KEYSTORE_PASSWORD

See Also:

• Constant Field Values

CLIENT_KEY_PASSWORD

public static final String CLIENT_KEY_PASSWORD

See Also:

• Constant Field Values

CODE

public static final String CODE

See Also:

• Constant Field Values

ENABLE_CORS

public static final String ENABLE_CORS

See Also:

• Constant Field Values

ERROR

public static final String ERROR

See Also:

• Constant Field Values

ERROR_DESCRIPTION

public static final String ERROR_DESCRIPTION

See Also:

• Constant Field Values

EXPOSE_TOKEN

public static final String EXPOSE_TOKEN

See Also:

• Constant Field Values

FACES_REQUEST

public static final String FACES_REQUEST

See Also:

• Constant Field Values

GRANT_TYPE

public static final String GRANT_TYPE

See Also:

• Constant Field Values

INVALID_TOKEN

public static final String INVALID_TOKEN

See Also:

• Constant Field Values

ISSUER

public static final String ISSUER

See Also:

• Constant Field Values

LOGIN_HINT

public static final String LOGIN_HINT

See Also:

• Constant Field Values

DOMAIN_HINT

public static final String DOMAIN_HINT

See Also:

• Constant Field Values

MAX_AGE

public static final String MAX_AGE

See Also:

• Constant Field Values

NO_TOKEN

public static final String NO_TOKEN

See Also:

• Constant Field Values

OPTIONS

public static final String OPTIONS

See Also:

• Constant Field Values

PARTIAL

public static final String PARTIAL

See Also:

• Constant Field Values

PASSWORD

public static final String PASSWORD

See Also:

• Constant Field Values

PRINCIPAL_ATTRIBUTE

public static final String PRINCIPAL_ATTRIBUTE

See Also:

• Constant Field Values

PROMPT

public static final String PROMPT

See Also:

• Constant Field Values

PROXY_URL

public static final String PROXY_URL

See Also:

• Constant Field Values

PUBLIC_CLIENT

public static final String PUBLIC_CLIENT

See Also:

• Constant Field Values

REALM

public static final String REALM

See Also:

• Constant Field Values

REALM_PUBLIC_KEY

public static final String REALM_PUBLIC_KEY

See Also:

• Constant Field Values

REGISTER_NODE_AT_STARTUP

public static final String REGISTER_NODE_AT_STARTUP

See Also:

• Constant Field Values

REGISTER_NODE_PERIOD

public static final String REGISTER_NODE_PERIOD

See Also:

• Constant Field Values

REQUEST

public static final String REQUEST

See Also:

• Constant Field Values

REQUEST_URI

public static final String REQUEST_URI

See Also:

• Constant Field Values

RESOURCE

public static final String RESOURCE

See Also:

• Constant Field Values

SCOPE

public static final String SCOPE

See Also:

• Constant Field Values

UI_LOCALES

public static final String UI_LOCALES

See Also:

• Constant Field Values

USERNAME

public static final String USERNAME

See Also:

• Constant Field Values

OIDC_SCOPE

public static final String OIDC_SCOPE

See Also:

• Constant Field Values

REDIRECT_URI

public static final String REDIRECT_URI

See Also:

• Constant Field Values

REFRESH_TOKEN

public static final String REFRESH_TOKEN

See Also:

• Constant Field Values

RESPONSE_TYPE

public static final String RESPONSE_TYPE

See Also:

• Constant Field Values

SESSION_RANDOM_VALUE

public static final String SESSION_RANDOM_VALUE

See Also:

• Constant Field Values

SESSION_STATE

public static final String SESSION_STATE

See Also:

• Constant Field Values

CODE_VERIFIER

public static final String CODE_VERIFIER

See Also:

• Constant Field Values

CODE_CHALLENGE

public static final String CODE_CHALLENGE

See Also:

• Constant Field Values

CODE_CHALLENGE_METHOD

public static final String CODE_CHALLENGE_METHOD

See Also:

• Constant Field Values

CODE_CHALLENGE_METHOD_S256

public static final String CODE_CHALLENGE_METHOD_S256

See Also:

• Constant Field Values

SOAP_ACTION

public static final String SOAP_ACTION

See Also:

• Constant Field Values

SSL_REQUIRED

public static final String SSL_REQUIRED

See Also:

• Constant Field Values

STALE_TOKEN

public static final String STALE_TOKEN

See Also:

• Constant Field Values

STATE

public static final String STATE

See Also:

• Constant Field Values

INVALID_ISSUED_FOR_CLAIM

public static final int INVALID_ISSUED_FOR_CLAIM

See Also:

• Constant Field Values

INVALID_AT_HASH_CLAIM

public static final int INVALID_AT_HASH_CLAIM

See Also:

• Constant Field Values

INVALID_TYPE_CLAIM

public static final int INVALID_TYPE_CLAIM

See Also:

• Constant Field Values

INVALID_SESSION_RANDOM_VALUE

public static final int INVALID_SESSION_RANDOM_VALUE

See Also:

• Constant Field Values

SHA256

public static final String SHA256

See Also:

• Constant Field Values

SHA384

public static final String SHA384

See Also:

• Constant Field Values

SHA512

public static final String SHA512

See Also:

• Constant Field Values

DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME

public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME

See Also:

• Constant Field Values

ALLOW_QUERY_PARAMS_PROPERTY_NAME

public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME

See Also:

• Constant Field Values

TOKEN_MINIMUM_TIME_TO_LIVE

public static final String TOKEN_MINIMUM_TIME_TO_LIVE

See Also:

• Constant Field Values

TOKEN_SIGNATURE_ALGORITHM

public static final String TOKEN_SIGNATURE_ALGORITHM

See Also:

• Constant Field Values

TOKEN_STORE

public static final String TOKEN_STORE

See Also:

• Constant Field Values

TRUSTSTORE

public static final String TRUSTSTORE

See Also:

• Constant Field Values

TRUSTSTORE_PASSWORD

public static final String TRUSTSTORE_PASSWORD

See Also:

• Constant Field Values

TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN

public static final String TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN

See Also:

• Constant Field Values

USE_RESOURCE_ROLE_MAPPINGS

public static final String USE_RESOURCE_ROLE_MAPPINGS

See Also:

• Constant Field Values

USE_REALM_ROLE_MAPPINGS

public static final String USE_REALM_ROLE_MAPPINGS

See Also:

• Constant Field Values

X_REQUESTED_WITH

public static final String X_REQUESTED_WITH

See Also:

• Constant Field Values

XML_HTTP_REQUEST

public static final String XML_HTTP_REQUEST

See Also:

• Constant Field Values

MIN_TIME_BETWEEN_JWKS_REQUESTS

public static final String MIN_TIME_BETWEEN_JWKS_REQUESTS

See Also:

• Constant Field Values

PUBLIC_KEY_CACHE_TTL

public static final String PUBLIC_KEY_CACHE_TTL

See Also:

• Constant Field Values

IGNORE_OAUTH_QUERY_PARAMETER

public static final String IGNORE_OAUTH_QUERY_PARAMETER

See Also:

• Constant Field Values

VERIFY_TOKEN_AUDIENCE

public static final String VERIFY_TOKEN_AUDIENCE

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_ALGORITHM

public static final String REQUEST_OBJECT_SIGNING_ALGORITHM

See Also:

• Constant Field Values

REQUEST_OBJECT_ENCRYPTION_ALG_VALUE

public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUE

See Also:

• Constant Field Values

REQUEST_OBJECT_ENCRYPTION_ENC_VALUE

public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUE

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_KEYSTORE_FILE

public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD

public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_KEY_PASSWORD

public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_KEY_ALIAS

public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS

See Also:

• Constant Field Values

REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE

public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE

See Also:

• Constant Field Values

REDIRECT_REWRITE_RULES

public static final String REDIRECT_REWRITE_RULES

See Also:

• Constant Field Values

ENABLE_PKCE

public static final String ENABLE_PKCE

See Also:

• Constant Field Values

CONFIDENTIAL_PORT

public static final String CONFIDENTIAL_PORT

See Also:

• Constant Field Values

ENABLE_BASIC_AUTH

public static final String ENABLE_BASIC_AUTH

See Also:

• Constant Field Values

PROVIDER_URL

public static final String PROVIDER_URL

See Also:

• Constant Field Values

BEARER_TOKEN_PATTERN

public static final Pattern BEARER_TOKEN_PATTERN

Bearer token pattern. The Bearer token authorization header is of the form "Bearer", followed by optional whitespace, followed by the token itself, followed by optional whitespace. The token itself must be one or more characters and must not contain any whitespace.

KC_IDP_HINT

public static final String KC_IDP_HINT

See Also:

• Constant Field Values

Constructor Details

Oidc

public Oidc()

Method Details

getJavaAlgorithm

public static String getJavaAlgorithm(String algorithm)

getJavaAlgorithmForHash

public static String getJavaAlgorithmForHash(String algorithm)

generateId

public static String generateId()

getQueryParamValue

public static String getQueryParamValue(OidcHttpFacade facade,
 String paramName)

stripQueryParam

protected static String stripQueryParam(String url,
 String paramName)

isOpaqueToken

public static boolean isOpaqueToken(String token)

logToken

public static void logToken(String name,
 String token)

checkCachedAccountMatchesRequest

protected static boolean checkCachedAccountMatchesRequest(OidcAccount account,
 OidcClientConfiguration deployment)

getCryptographicValue

protected static String getCryptographicValue(String src)