Package edu.uiuc.ncsa.oa4mp.oauth2.client

Class OA2MPService

java.lang.Object

edu.uiuc.ncsa.myproxy.oa4mp.client.AbstractOA4MPService

edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService

edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService

public class OA2MPService
extends OA4MPService

Created by Jeff Gaynor
on 2/21/14 at 2:50 PM

Field Summary

Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.client.AbstractOA4MPService

BASE64_URI_CAPUT, SKIN_PARAMETER

Constructor Summary

Constructors

Constructor	Description
OA2MPService(ClientEnvironment environment)

Method Summary

Modifier and Type	Method	Description
net.sf.json.JSONObject	exchangeAccessToken(OA2Asset asset, AccessToken accessToken, Map<String,String> additionalParams)	Use the access token to get another access token.
protected net.sf.json.JSONObject	exchangeIt(OA2Asset asset, Map<String,String> additionalParameters)	Actual workhorse.
net.sf.json.JSONObject	exchangeRefreshToken(OA2Asset asset, TokenImpl subjectToken, Map additionalParameters, boolean getAT, boolean subjectTokenIsAT)	Use this to either just get a new refresh token (getAT = false) or to use the refresh token to get a new access token (most usual case).
ATResponse2	getAccessToken(OA2Asset asset, AuthorizationGrant ag)
ATResponse2	getAccessToken(OA2Asset asset, AuthorizationGrant ag, Map<String,String> additionalParameters)
protected OA2Asset	getAsset2(String id)
protected Map<String,String>	getATParameters(Asset asset, AuthorizationGrant ag, Verifier v)	This creates the parameter map for the access token request.
protected AssetResponse	getCert(Asset a, AuthorizationGrant ag, Verifier v)	Does the actual work getting the cert.
AssetResponse	getCert(OA2Asset a, ATResponse2 atResponse2)
OA2Asset	getCert(String id)	Note that this requires the identifier, not a token.
String	getRequestedScopes()	Override this if you need to request custom scopes (i.e.
edu.uiuc.ncsa.security.servlet.ServiceClient	getServiceClient()
UserInfo	getUserInfo(String identifier)
net.sf.json.JSONObject	introspect(OA2Asset asset, boolean doRT)
void	preGetCert(Asset asset, Map parameters)
void	preRequestCert(Asset asset, Map parameters)
RTResponse	refresh(String identifier)	This will take the identifier and make the necessary calls to the service to update the refresh token and access token.
RTResponse	refresh(String assetID, Map additionalParameters)
boolean	revoke(OA2Asset dummyAsset, boolean revokeRT)
ATResponse2	rfc8628Request(OA2Asset asset, String deviceCode, Map<String,String> additionalParameters)
protected void	updateExchangedAsset(OA2Asset asset, net.sf.json.JSONObject claims)

Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPService

postGetCert, postRequestCert

Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.client.AbstractOA4MPService

getAssetParameters, getAssetProvider, getAssetStore, getCert, getCert, getEnvironment, getNextKeyPair, makeb64Uri, requestCert, requestCert, requestCert, requestCert, requestCert, setAssetProvider

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OA2MPService

public OA2MPService(ClientEnvironment environment)

Method Detail

preGetCert

public void preGetCert(Asset asset,
                       Map parameters)

Overrides:

preGetCert in class OA4MPService

getATParameters

protected Map<String,String> getATParameters(Asset asset,
                                                   AuthorizationGrant ag,
                                                   Verifier v)

Description copied from class: AbstractOA4MPService

This creates the parameter map for the access token request. Send along anything specific to the protocol in this map.

Overrides:

getATParameters in class AbstractOA4MPService

Returns:

getRequestedScopes

public String getRequestedScopes()

Override this if you need to request custom scopes (i.e. those not in the basic OA4MP specification) for a server. This returns a blank delimited list of scopes, e.g. "openid email profile". Note that if you override this method, and the server id OIDC, then the openid scope must always be included or the server will refuse to service the request. The basic operation is to take the basic scopes for the OA4MP OIDC spec and add any that are specified in the configuration file in the "scopes" element.

Returns:

rfc8628Request

public ATResponse2 rfc8628Request(OA2Asset asset,
                                  String deviceCode,
                                  Map<String,String> additionalParameters)

preRequestCert

public void preRequestCert(Asset asset,
                           Map parameters)

Overrides:

preRequestCert in class OA4MPService

getAccessToken

public ATResponse2 getAccessToken(OA2Asset asset,
                                  AuthorizationGrant ag,
                                  Map<String,String> additionalParameters)

getAccessToken

public ATResponse2 getAccessToken(OA2Asset asset,
                                  AuthorizationGrant ag)

getCert

public AssetResponse getCert(OA2Asset a,
                             ATResponse2 atResponse2)

getCert

protected AssetResponse getCert(Asset a,
                                AuthorizationGrant ag,
                                Verifier v)

Description copied from class: AbstractOA4MPService

Does the actual work getting the cert.

Overrides:

getCert in class AbstractOA4MPService

Returns:

refresh

public RTResponse refresh(String identifier)

This will take the identifier and make the necessary calls to the service to update the refresh token and access token. This returns the asset or null if no such asset exists.

Parameters:

identifier -

refresh

public RTResponse refresh(String assetID,
                          Map additionalParameters)

getUserInfo

public UserInfo getUserInfo(String identifier)

getAsset2

protected OA2Asset getAsset2(String id)

getCert

public OA2Asset getCert(String id)

Note that this requires the identifier, not a token.

Parameters:

id -

Returns:

exchangeRefreshToken

public net.sf.json.JSONObject exchangeRefreshToken(OA2Asset asset,
                                                   TokenImpl subjectToken,
                                                   Map additionalParameters,
                                                   boolean getAT,
                                                   boolean subjectTokenIsAT)

Use this to either just get a new refresh token (getAT = false) or to use the refresh token to get a new access token (most usual case).

Parameters:

asset -

subjectToken -

additionalParameters -

getAT -

Returns:

exchangeAccessToken

public net.sf.json.JSONObject exchangeAccessToken(OA2Asset asset,
                                                  AccessToken accessToken,
                                                  Map<String,String> additionalParams)

Use the access token to get another access token. This is certainly a supported case, but not a usual one. Mostly you use a refresh token to get another access token.

Parameters:

asset -

accessToken -

additionalParams -

Returns:

exchangeIt

protected net.sf.json.JSONObject exchangeIt(OA2Asset asset,
                                            Map<String,String> additionalParameters)

Actual workhorse. Takes the token and the type then does the exchange.

Parameters:

asset -

additionalParameters -

Returns:

getServiceClient

public edu.uiuc.ncsa.security.servlet.ServiceClient getServiceClient()

updateExchangedAsset

protected void updateExchangedAsset(OA2Asset asset,
                                    net.sf.json.JSONObject claims)

revoke

public boolean revoke(OA2Asset dummyAsset,
                      boolean revokeRT)

introspect

public net.sf.json.JSONObject introspect(OA2Asset asset,
                                         boolean doRT)