| Interface | Description |
|---|---|
| AccessTokenRetriever |
An
AccessTokenRetriever is the internal API by which the login module will
retrieve an access token for use in authorization by the broker. |
| AccessTokenValidator |
An instance of
AccessTokenValidator acts as a function object that, given an access
token in base-64 encoded JWT format, can parse the data, perform validation, and construct an
OAuthBearerToken for use by the caller. |
| CloseableVerificationKeyResolver |
The
OAuthBearerValidatorCallbackHandler uses a VerificationKeyResolver as
part of its validation of the incoming JWT. |
| Initable | |
| Retryable<R> |
Simple interface to abstract out the call that is made so that it can be retried.
|
| ValidatorAccessTokenValidator.ClaimSupplier<T> |
| Class | Description |
|---|---|
| AccessTokenRetrieverFactory | |
| AccessTokenValidatorFactory | |
| BasicOAuthBearerToken |
An implementation of the
OAuthBearerToken that fairly straightforwardly stores the values
given to its constructor (except the scope set which is copied to avoid modifications). |
| ClaimValidationUtils |
Simple utility class to perform basic cleaning and validation on input values so that they're
performed consistently throughout the code base.
|
| ConfigurationUtils |
ConfigurationUtils is a utility class to perform basic configuration-related
logic and is separated out here for easier, more direct testing. |
| FileTokenRetriever |
FileTokenRetriever is an AccessTokenRetriever that will load the contents,
interpreting them as a JWT access key in the serialized form. |
| HttpAccessTokenRetriever |
HttpAccessTokenRetriever is an AccessTokenRetriever that will
communicate with an OAuth/OIDC provider directly via HTTP to post client credentials
(OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG/OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG)
to a publicized token endpoint URL
(SaslConfigs.SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL). |
| JaasOptionsUtils |
JaasOptionsUtils is a utility class to perform logic for the JAAS options and
is separated out here for easier, more direct testing. |
| JwksFileVerificationKeyResolver |
JwksFileVerificationKeyResolver is a VerificationKeyResolver implementation
that will load the JWKS from the given file system directory. |
| LoginAccessTokenValidator |
LoginAccessTokenValidator is an implementation of
AccessTokenValidator that is used
by the client to perform some rudimentary validation of the JWT access token that is received
as part of the response from posting the client credentials to the OAuth/OIDC provider's
token endpoint. |
| OAuthBearerLoginCallbackHandler |
OAuthBearerLoginCallbackHandler is an AuthenticateCallbackHandler that
accepts OAuthBearerTokenCallback and SaslExtensionsCallback callbacks to
perform the steps to request a JWT from an OAuth/OIDC provider using the
clientcredentials. |
| OAuthBearerValidatorCallbackHandler |
OAuthBearerValidatorCallbackHandler is an AuthenticateCallbackHandler that
accepts OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
callbacks to implement OAuth/OIDC validation. |
| RefreshingHttpsJwks |
Implementation of
HttpsJwks that will periodically refresh the JWKS cache to reduce or
even prevent HTTP/HTTPS traffic in the hot path of validation. |
| RefreshingHttpsJwksVerificationKeyResolver |
RefreshingHttpsJwksVerificationKeyResolver is a
VerificationKeyResolver implementation that will periodically refresh the
JWKS using its HttpsJwks instance. |
| Retry<R> |
Retry encapsulates the mechanism to perform a retry and then exponential
backoff using provided wait times between attempts.
|
| SerializedJwt |
SerializedJwt provides a modicum of structure and validation around a JWT's serialized form by
splitting and making the three sections (header, payload, and signature) available to the user.
|
| ValidatorAccessTokenValidator |
ValidatorAccessTokenValidator is an implementation of
AccessTokenValidator that is used
by the broker to perform more extensive validation of the JWT access token that is received
from the client, but ultimately from posting the client credentials to the OAuth/OIDC provider's
token endpoint. |
| VerificationKeyResolverFactory |
| Exception | Description |
|---|---|
| UnretryableException | |
| ValidateException |
ValidateException is thrown in cases where a JWT access token cannot be determined to be
valid for one reason or another.
|