Class ClientUtils
- java.lang.Object
-
- org.oa4mp.server.loader.oauth2.servlet.ClientUtils
-
public class ClientUtils extends Object
Created by Jeff Gaynor
on 2/9/21 at 3:09 PM
-
-
Constructor Summary
Constructors Constructor Description ClientUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static long
computeATLifetime(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
Scorecard:protected static long
computeATLifetimeNEW(OA2ServiceTransaction st2, OA2SE oa2SE)
protected static long
computeATLifetimeOLD(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
static long
computeRefreshLifetime(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
The lifetime of the refresh token.static long
computeRefreshLifetimeNEW(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
static long
computeRefreshLifetimeOLD(OA2ServiceTransaction st2, OA2SE oa2SE)
static String
getClientSecret(javax.servlet.http.HttpServletRequest request, String raw)
This either peels the secret off the parameter list if it is there or from the headers.static Collection<String>
resolveScopes(TransactionState transactionState, OA2Client oa2Client, boolean isRFC8628)
This method will take the scopes that the client sends in its request and inspect the scopes that it is allowed to request.static Collection<String>
resolveScopes(TransactionState transactionState, OA2Client oa2Client, boolean isNew, boolean isRFC8628)
static Collection<String>
resolveScopes(javax.servlet.http.HttpServletRequest request, OA2ServiceTransaction st, OA2Client oa2Client, boolean isNew, boolean isRFC8628)
static void
verifyClientSecret(OA2Client client, String rawSecret, boolean isAT)
This verifies secrets only call if the client has a secret (e.g.
-
-
-
Method Detail
-
computeATLifetime
public static long computeATLifetime(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
Scorecard:server default | oa2SE.getAccessTokenLifetime() server default max | oa2SE.getMaxATLifetime(); client default max | client.getAtLifetime() value in cfg access element | client.getAccessTokensConfig().getLifetime() value in the request | st2.getRequestedATLifetime() actual definitive value | st2.getAccessTokenLifetime() result | actual definitive value
Policies: no lifetime can exceed the non-zero max of the server and client defaults. These are hard limits placed there by administrators.
Note that inside of scripts, these can be reset to anything, so
st2.getAtData()
has the final, definitive values. Once this has been set in the first pass, it **must** be authoritative.
- Parameters:
st2
-- Returns:
-
computeATLifetimeOLD
protected static long computeATLifetimeOLD(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
-
computeATLifetimeNEW
protected static long computeATLifetimeNEW(OA2ServiceTransaction st2, OA2SE oa2SE)
-
computeRefreshLifetime
public static long computeRefreshLifetime(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
The lifetime of the refresh token. This is the non-zero minimum of the client's requested lifetime, the user's request at authorization time and the server global limit.- Parameters:
st2
-- Returns:
-
computeRefreshLifetimeOLD
public static long computeRefreshLifetimeOLD(OA2ServiceTransaction st2, OA2SE oa2SE)
-
computeRefreshLifetimeNEW
public static long computeRefreshLifetimeNEW(OA2ServiceTransaction st2, OA2Client client, OA2SE oa2SE)
-
verifyClientSecret
public static void verifyClientSecret(OA2Client client, String rawSecret, boolean isAT)
This verifies secrets only call if the client has a secret (e.g. do not call this if the client is public). This is because it will do various checks in the assumption that the client must have a secret and raise errors if it is missing, etc.- Parameters:
client
-rawSecret
-isAT
-
-
getClientSecret
public static String getClientSecret(javax.servlet.http.HttpServletRequest request, String raw)
This either peels the secret off the parameter list if it is there or from the headers. It merely returns the raw string that is the secret. No checking against a client is done. Also, a null is a perfectly acceptable return value if there is no secret, e.g. the client is public.- Parameters:
request
-- Returns:
-
resolveScopes
public static Collection<String> resolveScopes(TransactionState transactionState, OA2Client oa2Client, boolean isRFC8628)
This method will take the scopes that the client sends in its request and inspect the scopes that it is allowed to request. The result will be a list of permitted scopes. This is also where omitting the openid scope causes the request to be rejected.- Parameters:
transactionState
-- Returns:
-
resolveScopes
public static Collection<String> resolveScopes(javax.servlet.http.HttpServletRequest request, OA2ServiceTransaction st, OA2Client oa2Client, boolean isNew, boolean isRFC8628)
-
resolveScopes
public static Collection<String> resolveScopes(TransactionState transactionState, OA2Client oa2Client, boolean isNew, boolean isRFC8628)
-
-