Package org.oa4mp.server.loader.oauth2.servlet

Class ClientUtils

  • public class ClientUtils
extends Object

    Created by Jeff Gaynor
    on 2/9/21 at 3:09 PM

    • Constructor Detail

      • ClientUtils

        public ClientUtils()

    • Method Detail

      • computeATLifetime

        public static long computeATLifetime​(OA2ServiceTransaction st2,
                                     OA2Client client,
                                     OA2SE oa2SE)
        Scorecard: 
                      server default | oa2SE.getAccessTokenLifetime()
          server default max | oa2SE.getMaxATLifetime();
          client default max | client.getAtLifetime()
 value in cfg access element | client.getAccessTokensConfig().getLifetime()
        value in the request | st2.getRequestedATLifetime()
     actual definitive value | st2.getAccessTokenLifetime()
                      result | actual definitive value

        Policies: no lifetime can exceed the non-zero max of the server and client defaults. These are hard limits placed there by administrators.

        Note that inside of scripts, these can be reset to anything, so

        st2.getAtData()

        has the final, definitive values. Once this has been set in the first pass, it **must** be authoritative.

        Parameters:
        st2 -
        Returns:

      • computeTokenLifetime

        public static long computeTokenLifetime​(long serverMaxLifetime,
                                        long defaultServerLifetime,
                                        long clientLifetime,
                                        long clientMaxLifetime,
                                        AbstractPayloadConfig config,
                                        long requestLifetime)
        The contract for this:
        1. Figure out the max lifetime. Any result is less than or equal to this
        2. If configured client lifetime =-1, return the server default
        3. Determine what the lifetime is. The order is client lifetime, script lifetime, requested lifetime
        This is the single point where all lifetime logic is handled.
        Parameters:
        serverMaxLifetime -
        defaultServerLifetime -
        clientLifetime -
        clientMaxLifetime -
        config -
        requestLifetime -
        Returns:

      • computeTokenLifetime

        public static long computeTokenLifetime​(long serverMaxLifetime,
                                        long defaultServerLifetime,
                                        long clientLifetime,
                                        long clientMaxLifetime,
                                        Long clientConfiguredLifetime,
                                        long requestLifetime)
        Does all the actual computation for lifetimes. It is public thanks to Java package visibility requirements, but generally should not be called directly.
        Parameters:
        serverMaxLifetime -
        defaultServerLifetime -
        clientLifetime -
        clientMaxLifetime -
        clientConfiguredLifetime -
        requestLifetime -
        Returns:

      • computeRTGracePeriod

        public static long computeRTGracePeriod​(OA2Client client,
                                        OA2SE oa2SE)

      • computeATLifetimeNEW

        protected static long computeATLifetimeNEW​(OA2ServiceTransaction st2,
                                           OA2SE oa2SE)
        For cases where you know that the client is not overridden.
        Parameters:
        st2 -
        oa2SE -
        Returns:

      • computeRefreshLifetime

        public static long computeRefreshLifetime​(OA2ServiceTransaction st2,
                                          OA2Client client,
                                          OA2SE oa2SE)
        The lifetime of the refresh token. This is the non-zero minimum of the client's requested lifetime, the user's request at authorization time and the server global limit.
        Parameters:
        st2 -
        Returns:

      • verifyClientSecret

        public static void verifyClientSecret​(OA2Client client,
                                      String rawSecret,
                                      boolean isAT)
        This verifies secrets only call if the client has a secret (e.g. do not call this if the client is public). This is because it will do various checks in the assumption that the client must have a secret and raise errors if it is missing, etc.
        Parameters:
        client -
        rawSecret -
        isAT -

      • verifyClient

        public static void verifyClient​(OA2Client client,
                                javax.servlet.http.HttpServletRequest request,
                                boolean isAT)

      • getClientSecret

        public static String getClientSecret​(javax.servlet.http.HttpServletRequest request,
                                     String raw)
        This either peels the secret off the parameter list if it is there or from the headers. It merely returns the raw string that is the secret. No checking against a client is done. Also, a null is a perfectly acceptable return value if there is no secret, e.g. the client is public.
        Parameters:
        request -
        Returns:

      • resolveScopes

        public static Collection<String> resolveScopes​(TransactionState transactionState,
                                               OA2Client oa2Client,
                                               boolean isRFC8628)
        This method will take the scopes that the client sends in its request and inspect the scopes that it is allowed to request. The result will be a list of permitted scopes. This is also where omitting the openid scope causes the request to be rejected.
        Parameters:
        transactionState -
        Returns: