de.enflexit.oidc

Class SimpleOIDCClient

java.lang.Object

de.enflexit.oidc.SimpleOIDCClient

public class SimpleOIDCClient
extends java.lang.Object

This very simple OpenID Connect (OIDC) Public Client implementation is built after the official cookbook at https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/23e6a6c5b751fadd79938859def37ff7a0d05c24/docs/cookbook_client.md The original code was used and altered to create an easy to use native application client for some simple and common use cases. It implements only a small subset of OIDC primitives and is therefore not a feature complete wrapper around the connect2id/nimbusds library. It has been proven to work as a client to keycloak.

Constructor Summary

Constructors

Constructor and Description
SimpleOIDCClient()

Method Summary

Modifier and Type	Method and Description
java.net.URI	buildAuthorizationCodeRequest() Authentication request The authentication request is done by redirecting the end user to the provider, for more details see the OIDC specification.
void	dumpTokenInfo() Dump token info.
com.nimbusds.oauth2.sdk.token.AccessToken	getAccessToken() Gets the access token.
com.nimbusds.jwt.JWTClaimsSet	getIdClaims() Gets the id claims.
java.net.URI	getRedirectURI() Gets the redirect URI.
com.nimbusds.oauth2.sdk.id.State	getState() Gets the state.
net.minidev.json.JSONObject	getUserInfoJSON() Gets the user info JSON.
void	lookupOpenIDProvider() Issuer discovery The WebFinger protocol is used to find the OpenID Provider (OP).
void	parseAuthenticationDataFromRedirect(java.lang.String redirectionURL, boolean overrideClient) Parses the authentication data from redirect.
void	processAuthenticationResponse(java.lang.String responseURL) Receive the Authentication Response The authentication response is sent from the provider by redirecting the end user to the redirect URI specified in the initial authentication request from the client.
void	registerClient(com.nimbusds.oauth2.sdk.token.BearerAccessToken initialAccessToken) Client registration If the provider supports dynamic registration, a new client can be registered using the client registration process:.
void	requestToken() Token Request When an authorization code (using code or hybrid flow) has been obtained, a token request can made to get the access token and the id token:.
void	requestUserInfo() UserInfo Request Using the access token, information about the end user can be obtained by making a user info request.
void	reset() Reset.
void	retrieveProviderMetadata() Retrieve provider metadata.
void	setAuthorizationEndpointURI(java.net.URI endpointURI) Sets the authorization endpoint URI.
void	setClientID(java.lang.String clientIDString, java.lang.String clientSecret) Sets the client ID.
void	setClientMetadata(java.lang.String allowedClientRedirectURI) Sets the client metadata.
void	setClientRegistrationMetadata(java.lang.String allowedClientRedirectURI) Sets the client registration metadata.
void	setIssuerURI(java.lang.String issuerURIString) Sets the issuer URI.
void	setRedirectURI(java.lang.String redirectURIString) Sets the redirect URI.
void	setResourceOwnerCredentials(java.lang.String user, java.lang.String password) Sets the resource owner credentials.
void	setTrustStore(java.io.File trustStoreFile) Sets the trust store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimpleOIDCClient

public SimpleOIDCClient()

Method Detail

reset

public void reset()

Reset.

lookupOpenIDProvider

public void lookupOpenIDProvider()

Issuer discovery The WebFinger protocol is used to find the OpenID Provider (OP). The library does not have any out-of-the box support for WebFinger, so in the following example we assume you already have acquired the issuer URL of the OP (possibly from developer documentation).

setIssuerURI

public void setIssuerURI(java.lang.String issuerURIString)
                  throws java.net.URISyntaxException

Sets the issuer URI.

Parameters:

issuerURIString - the new issuer URI

Throws:

java.net.URISyntaxException - the URI syntax exception

setAuthorizationEndpointURI

public void setAuthorizationEndpointURI(java.net.URI endpointURI)

Sets the authorization endpoint URI.

Parameters:

endpointURI - the new authorization endpoint URI

retrieveProviderMetadata

public void retrieveProviderMetadata()
                              throws java.io.IOException,
                                     com.nimbusds.oauth2.sdk.ParseException,
                                     java.security.KeyManagementException,
                                     java.security.NoSuchAlgorithmException,
                                     java.security.cert.CertificateException,
                                     java.security.KeyStoreException

Retrieve provider metadata. Provider configuration information Obtaining the provider configuration information can be done either out-of-band or using the optional discovery process:

Throws:

java.io.IOException - Signals that an I/O exception has occurred.

com.nimbusds.oauth2.sdk.ParseException - the parse exception

java.security.KeyManagementException - the key management exception

java.security.NoSuchAlgorithmException - the no such algorithm exception

java.security.cert.CertificateException - the certificate exception

java.security.KeyStoreException - the key store exception

setClientID

public void setClientID(java.lang.String clientIDString,
                        java.lang.String clientSecret)

Sets the client ID. If the provider does not support dynamic client registration, set client ID and client secret with the client credentials received out-of-band.

Parameters:

clientIDString - the client ID string

clientSecret - the client secret

setClientRegistrationMetadata

public void setClientRegistrationMetadata(java.lang.String allowedClientRedirectURI)
                                   throws com.nimbusds.oauth2.sdk.ParseException

Sets the client registration metadata.

Parameters:

allowedClientRedirectURI - the new client registration metadata

Throws:

com.nimbusds.oauth2.sdk.ParseException - the parse exception

setClientMetadata

public void setClientMetadata(java.lang.String allowedClientRedirectURI)
                       throws com.nimbusds.oauth2.sdk.ParseException

Sets the client metadata.

Parameters:

allowedClientRedirectURI - the new client metadata

Throws:

com.nimbusds.oauth2.sdk.ParseException - the parse exception

registerClient

public void registerClient(com.nimbusds.oauth2.sdk.token.BearerAccessToken initialAccessToken)
                    throws com.nimbusds.oauth2.sdk.SerializeException,
                           java.io.IOException,
                           com.nimbusds.oauth2.sdk.ParseException,
                           java.security.KeyManagementException,
                           java.security.NoSuchAlgorithmException,
                           java.security.cert.CertificateException,
                           java.security.KeyStoreException

Client registration If the provider supports dynamic registration, a new client can be registered using the client registration process:.

Parameters:

initialAccessToken - the initial access token

Throws:

com.nimbusds.oauth2.sdk.SerializeException - the serialize exception

java.io.IOException - Signals that an I/O exception has occurred.

com.nimbusds.oauth2.sdk.ParseException - the parse exception

java.security.KeyManagementException - the key management exception

java.security.NoSuchAlgorithmException - the no such algorithm exception

java.security.cert.CertificateException - the certificate exception

java.security.KeyStoreException - the key store exception

setRedirectURI

public void setRedirectURI(java.lang.String redirectURIString)
                    throws java.net.URISyntaxException

Sets the redirect URI. Make sure redirectURI matches a URI known by the provider.

Parameters:

redirectURIString - the new redirect URI

Throws:

java.net.URISyntaxException - the URI syntax exception

getRedirectURI

public java.net.URI getRedirectURI()

Gets the redirect URI.

Returns:

the redirect URI

getState

public com.nimbusds.oauth2.sdk.id.State getState()

Gets the state.

Returns:

the state

parseAuthenticationDataFromRedirect

public void parseAuthenticationDataFromRedirect(java.lang.String redirectionURL,
                                                boolean overrideClient)
                                         throws com.nimbusds.oauth2.sdk.ParseException,
                                                java.net.URISyntaxException

Parses the authentication data from redirect.

Parameters:

redirectionURL - the redirection URL

overrideClient - the override client

Throws:

com.nimbusds.oauth2.sdk.ParseException - the parse exception

java.net.URISyntaxException - the URI syntax exception

buildAuthorizationCodeRequest

public java.net.URI buildAuthorizationCodeRequest()
                                           throws com.nimbusds.oauth2.sdk.SerializeException

Authentication request The authentication request is done by redirecting the end user to the provider, for more details see the OIDC specification. The redirect URL is built as follows, using the Authorization Code Flow: To specify additional parameters in the authentication request, use AuthenticationRequest.Builder.

Returns:

the uri

Throws:

com.nimbusds.oauth2.sdk.SerializeException - the serialize exception

processAuthenticationResponse

public void processAuthenticationResponse(java.lang.String responseURL)

Receive the Authentication Response The authentication response is sent from the provider by redirecting the end user to the redirect URI specified in the initial authentication request from the client. Code flow The Authorization Code can be extracted from the query part of the redirect URL:

Parameters:

responseURL - the response URL

setResourceOwnerCredentials

public void setResourceOwnerCredentials(java.lang.String user,
                                        java.lang.String password)

Sets the resource owner credentials.

Parameters:

user - the user

password - the password

requestToken

public void requestToken()
                  throws java.security.KeyManagementException,
                         java.security.NoSuchAlgorithmException,
                         java.security.cert.CertificateException,
                         java.security.KeyStoreException

Token Request When an authorization code (using code or hybrid flow) has been obtained, a token request can made to get the access token and the id token:.

Throws:

java.security.KeyManagementException - the key management exception

java.security.NoSuchAlgorithmException - the no such algorithm exception

java.security.cert.CertificateException - the certificate exception

java.security.KeyStoreException - the key store exception

getAccessToken

public com.nimbusds.oauth2.sdk.token.AccessToken getAccessToken()

Gets the access token.

Returns:

the access token

dumpTokenInfo

public void dumpTokenInfo()
                   throws com.nimbusds.oauth2.sdk.ParseException,
                          java.text.ParseException

Dump token info.

Throws:

com.nimbusds.oauth2.sdk.ParseException - the nimbusds parse exception

java.text.ParseException - the java text parse exception

requestUserInfo

public void requestUserInfo()
                     throws java.security.KeyManagementException,
                            java.security.NoSuchAlgorithmException,
                            java.security.cert.CertificateException,
                            java.security.KeyStoreException,
                            com.nimbusds.oauth2.sdk.ParseException,
                            java.io.FileNotFoundException,
                            java.io.IOException

UserInfo Request Using the access token, information about the end user can be obtained by making a user info request.

Throws:

java.security.KeyManagementException - the key management exception

java.security.NoSuchAlgorithmException - the no such algorithm exception

java.security.cert.CertificateException - the certificate exception

java.security.KeyStoreException - the key store exception

com.nimbusds.oauth2.sdk.ParseException - the parse exception

java.io.FileNotFoundException - the file not found exception

java.io.IOException - Signals that an I/O exception has occurred.

getIdClaims

public com.nimbusds.jwt.JWTClaimsSet getIdClaims()

Gets the id claims.

Returns:

the id claims

Throws:

java.text.ParseException - the java text parse exception

getUserInfoJSON

public net.minidev.json.JSONObject getUserInfoJSON()

Gets the user info JSON.

Returns:

the user info JSON

setTrustStore

public void setTrustStore(java.io.File trustStoreFile)

Sets the trust store.

Parameters:

trustStoreFile - the new trust store