Class OA2ServiceTransaction

    • Field Detail

      • FLOW_STATE_KEY

        public String FLOW_STATE_KEY
      • CLAIMS_SOURCES_STATE_KEY

        public String CLAIMS_SOURCES_STATE_KEY
      • CLAIMS_SOURCES_STATE_KEY2

        public String CLAIMS_SOURCES_STATE_KEY2
      • STATE_KEY

        public String STATE_KEY
      • STATE_COMMENT_KEY

        public String STATE_COMMENT_KEY
      • CLAIMS_KEY

        public String CLAIMS_KEY
      • SCRIPT_STATE_KEY

        public String SCRIPT_STATE_KEY
      • AUDIENCE_KEY

        public String AUDIENCE_KEY
      • RESOURCE_KEY

        public String RESOURCE_KEY
      • QUERIED_ACCESS_TOKEN_SCOPES_KEY

        public String QUERIED_ACCESS_TOKEN_SCOPES_KEY
      • RETURNED_ACCESS_TOKEN_JWT_KEY

        public String RETURNED_ACCESS_TOKEN_JWT_KEY
      • RETURNED_REFRESH_TOKEN_JWT_KEY

        public String RETURNED_REFRESH_TOKEN_JWT_KEY
      • proxyId

        public String proxyId
      • RFC862_STATE_KEY

        public static String RFC862_STATE_KEY
    • Constructor Detail

      • OA2ServiceTransaction

        public OA2ServiceTransaction​(edu.uiuc.ncsa.security.core.Identifier identifier)
    • Method Detail

      • getCreationTS

        public Date getCreationTS()
        Specified by:
        getCreationTS in interface edu.uiuc.ncsa.security.core.DateComparable
      • getUserCode

        public String getUserCode()
      • setUserCode

        public void setUserCode​(String userCode)
      • getOA2Client

        public OA2Client getOA2Client()
        Convenience cast.
        Returns:
      • setRFC8628State

        public void setRFC8628State​(RFC8628State rfc8628State)
      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(long access_token_lifetime)
      • getAudience

        public List<String> getAudience()
        Clients may send an audience which is used by some components (notable SciTokens) but is generally optional. This is a list of them. This is returned as the OA2Claims.AUDIENCE claim in JWT access tokens.

        Note: These are simply logical names that describe the audience, such as "ALL" or "ligo_cluster." Compare with getResource() which has a list of URIs for the same purpose.
        Specified by:
        getAudience in interface OIDCServiceTransactionInterface
        Returns:
      • isRFC8628Request

        public boolean isRFC8628Request()
      • setRFC8628Request

        public void setRFC8628Request​(boolean b)
      • setState

        public void setState​(net.sf.json.JSONObject state)
        Generally you should never set the state directly unless you know exactly how it is constructed.
        Parameters:
        state -
      • getState

        public net.sf.json.JSONObject getState()
      • setAuthGrantLifetime

        public void setAuthGrantLifetime​(long lifetime)
      • setClaimsSources

        public void setClaimsSources​(List<ClaimSource> sources)
      • newCSSerialize

        protected void newCSSerialize​(List<ClaimSource> sources)
      • oldCSSerialize

        protected void oldCSSerialize​(List<ClaimSource> sources)
      • getConfigToCS

        public ConfigtoCS getConfigToCS()
      • setScriptState

        public void setScriptState​(String scriptState)
        Script engines have the option to save their state between calls too. The argument is a (probably base 64 encoded) string that will be returned on request.
        Parameters:
        scriptState -
      • hasScriptState

        public boolean hasScriptState()
      • getScriptState

        public String getScriptState()
      • getATData

        public net.sf.json.JSONObject getATData()
      • setATData

        public void setATData​(net.sf.json.JSONObject atData)
      • getProvisioningAdminID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningAdminID()
      • setProvisioningAdminID

        public void setProvisioningAdminID​(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
        Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VO can change.
        Parameters:
        provisioningAdminID -
      • getProvisioningClientID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningClientID()
        Set if this transaction is from a substitution. This is the ID of the client that originally started the flow.
        Returns:
      • setProvisioningClientID

        public void setProvisioningClientID​(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)
      • setRTData

        public void setRTData​(net.sf.json.JSONObject rtData)
      • getRTData

        public net.sf.json.JSONObject getRTData()
      • getResponseMode

        public String getResponseMode()
      • setResponseMode

        public void setResponseMode​(String mode)
      • hasResponseMode

        public boolean hasResponseMode()
      • getRequestedATLifetime

        public long getRequestedATLifetime()
      • hasRequestedATLifetime

        public boolean hasRequestedATLifetime()
      • setRequestedATLifetime

        public void setRequestedATLifetime​(long atLifetime)
      • getRequestedRTLifetime

        public long getRequestedRTLifetime()
      • setRequestedRTLifetime

        public void setRequestedRTLifetime​(long rtLifetime)
      • hasRequestedRTLifetime

        public boolean hasRequestedRTLifetime()
      • getMaxAtLifetime

        public long getMaxAtLifetime()
      • setMaxATLifetime

        public void setMaxATLifetime​(long max)
      • hasMaxATLifetime

        public boolean hasMaxATLifetime()
      • getMaxRtLifetime

        public long getMaxRtLifetime()
      • setMaxRTLifetime

        public void setMaxRTLifetime​(long max)
      • hasMaxRTLifetime

        public boolean hasMaxRTLifetime()
      • hasCodeChallenge

        public boolean hasCodeChallenge()
      • getCodeChallenge

        public String getCodeChallenge()
      • setCodeChallenge

        public void setCodeChallenge​(String codeChallenge)
      • getCodeChallengeMethod

        public String getCodeChallengeMethod()
      • setCodeChallengeMethod

        public void setCodeChallengeMethod​(String codeChallengeMethod)
      • hasAuthTime

        public boolean hasAuthTime()
      • getAuthTime

        public Date getAuthTime()
      • setAuthTime

        public void setAuthTime​(Date authTime)
      • getNonce

        public String getNonce()
      • setNonce

        public void setNonce​(String nonce)
      • isRefreshTokenValid

        public boolean isRefreshTokenValid()
      • setRefreshTokenValid

        public void setRefreshTokenValid​(boolean refreshTokenValid)
      • setRefreshTokenLifetime

        public void setRefreshTokenLifetime​(long refreshTokenLifetime)
      • getRequestState

        public String getRequestState()
        This is the state parameter in the initial request, if present
        Returns:
      • setRequestState

        public void setRequestState​(String requestState)
      • hasRefreshToken

        public boolean hasRefreshToken()
      • setRefreshToken

        public void setRefreshToken​(RefreshToken refreshToken)
      • getValidatedScopes

        public Collection<String> getValidatedScopes()
        The scopes that the user actually consented to on the user consent page. These are set once and never updated to prevent up scoping.
        Returns:
      • setValidatedScopes

        public void setValidatedScopes​(Collection<String> validatedScopes)
      • setQueriedATScopes

        public void setQueriedATScopes​(Collection<String> queriedATScopes)
      • getATJWT

        public String getATJWT()
        If an JWT access token was returned, a copy is saved here.
        Returns:
      • setATJWT

        public void setATJWT​(String atJWT)
      • getRTJWT

        public String getRTJWT()
        If an JWT refresh token was returned, a copy is saved here.
        Returns:
      • setRTJWT

        public void setRTJWT​(String rtJWT)
      • firstSix

        protected String firstSix​(URI id)
        Get the last 6 characters of the unique part of an identifer
        Parameters:
        id -
        Returns:
      • summary

        public String summary()
        Summary for debugging.
        Returns: