Package org.oa4mp.server.loader.oauth2.storage.transactions

Class OA2ServiceTransaction

    • Field Detail

      • FLOW_STATE_KEY

        public String FLOW_STATE_KEY

      • CLAIMS_SOURCES_STATE_KEY

        public String CLAIMS_SOURCES_STATE_KEY

      • CLAIMS_SOURCES_STATE_KEY2

        public String CLAIMS_SOURCES_STATE_KEY2

      • CREATED_CALLBACK_KEY

        public String CREATED_CALLBACK_KEY

      • LOCAL_CONSENT_URI

        public String LOCAL_CONSENT_URI

      • PROXY_ACCESS_TOKEN_COMPLETE

        public String PROXY_ACCESS_TOKEN_COMPLETE

      • CLAIMS_KEY

        public String CLAIMS_KEY

      • SCRIPT_STATE_KEY

        public String SCRIPT_STATE_KEY

      • SCRIPT_STATE_SERIALZATION_VERSION_KEY

        public String SCRIPT_STATE_SERIALZATION_VERSION_KEY

      • AUDIENCE_KEY

        public String AUDIENCE_KEY

      • USE_TEMPLATES_KEY

        public String USE_TEMPLATES_KEY

      • RESOURCE_KEY

        public String RESOURCE_KEY

      • QUERIED_ACCESS_TOKEN_SCOPES_KEY

        public String QUERIED_ACCESS_TOKEN_SCOPES_KEY

      • RETURNED_ACCESS_TOKEN_JWT_KEY

        public String RETURNED_ACCESS_TOKEN_JWT_KEY

      • RETURNED_REFRESH_TOKEN_JWT_KEY

        public String RETURNED_REFRESH_TOKEN_JWT_KEY

      • RESPONSE_TYPE_KEY

        public static String RESPONSE_TYPE_KEY

      • proxyId

        public String proxyId

      • RFC862_STATE_KEY

        public static String RFC862_STATE_KEY

    • Constructor Detail

      • OA2ServiceTransaction

        public OA2ServiceTransaction​(edu.uiuc.ncsa.security.core.Identifier identifier)

    • Method Detail

      • isProxyAccessTokenComplete

        public boolean isProxyAccessTokenComplete()

      • setProxyAccessTokenComplete

        public void setProxyAccessTokenComplete​(boolean proxyAccessTokenComplete)

      • hasCreatedCallback

        public boolean hasCreatedCallback()

      • getCreatedCallback

        public String getCreatedCallback()
        This is the callback generated by the system during authorization and exactly what the user's browser is redirected to, if applicable.
        Returns:

      • setCreatedCallback

        public void setCreatedCallback​(String createdCallback)

      • hasLocalConsentUri

        public boolean hasLocalConsentUri()

      • getLocalConsentUri

        public String getLocalConsentUri()
        When this OA4MP instance is functioning as a proxy, the requesting service can have this client (optionally) forward the user back to an consent page on the reuqester. This means the user see two consent pages, one for this service (which probably has general scopes like openid, email) and one on the requester that has the specific scopes there (such as for SciTokens or WLCG).
        Returns:

      • setLocalConsentURI

        public void setLocalConsentURI​(String localConsentURI)

      • getCreationTS

        public Date getCreationTS()
        Specified by:
        getCreationTS in interface edu.uiuc.ncsa.security.core.DateComparable

      • getUserCode

        public String getUserCode()

      • setUserCode

        public void setUserCode​(String userCode)

      • getOA2Client

        public OA2Client getOA2Client()
        Convenience cast.
        Returns:

      • setRFC8628State

        public void setRFC8628State​(RFC8628State rfc8628State)

      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(long access_token_lifetime)

      • getIDTokenLifetime

        public long getIDTokenLifetime()

      • setIDTokenLifetime

        public void setIDTokenLifetime​(long idTokenLifetime)

      • getAudience

        public List<String> getAudience()
        Clients may send an audience which is used by some components (notable SciTokens) but is generally optional. This is a list of them. This is returned as the OA2Claims.AUDIENCE claim in JWT access tokens.

        Note: These are simply logical names that describe the audience, such as "ALL" or "ligo_cluster." Compare with getResource() which has a list of URIs for the same purpose.
        Specified by:
        getAudience in interface OIDCServiceTransactionInterface
        Returns:

      • hasAudience

        public boolean hasAudience()

      • getUseTemplates

        public List<String> getUseTemplates()

      • setUseTemplates

        public void setUseTemplates​(List<String> templates)

      • hasUseTemplates

        public boolean hasUseTemplates()

      • getATReturnedOriginalScopes

        public Collection<String> getATReturnedOriginalScopes()
        The first set of returned scopes from the token endpoint. These are the maximum set of scopes that can be returned in an access token.
        Returns:

      • setATReturnedOriginalScopes

        public void setATReturnedOriginalScopes​(String s)

      • setATReturnedOriginalScopes

        public void setATReturnedOriginalScopes​(Collection<String> s)

      • hasATReturnedOriginalScopes

        public boolean hasATReturnedOriginalScopes()

      • getRefreshTokenExpiresAt

        public long getRefreshTokenExpiresAt()
        The actual time the refresh token in the transaction expires.
        Returns:

      • setRefreshTokenExpiresAt

        public void setRefreshTokenExpiresAt​(long refreshTokenExpiresAt)

      • isRFC8628Request

        public boolean isRFC8628Request()

      • setRFC8628Request

        public void setRFC8628Request​(boolean b)

      • hasResource

        public boolean hasResource()

      • setAuthGrantLifetime

        public void setAuthGrantLifetime​(long lifetime)

      • newCSSerialize

        protected void newCSSerialize​(List<ClaimSource> sources)

      • oldCSSerialize

        protected void oldCSSerialize​(List<ClaimSource> sources)

      • getConfigToCS

        public ConfigtoCS getConfigToCS()

      • setScriptState

        public void setScriptState​(String scriptState)
        Script engines have the option to save their state between calls too. The argument is a (probably base 64 encoded) string that will be returned on request.
        Parameters:
        scriptState -

      • hasScriptStateSerializationVersion

        public boolean hasScriptStateSerializationVersion()

      • getScriptStateSerializationVersion

        public String getScriptStateSerializationVersion()

      • setScriptStateSerialzationVersion

        public void setScriptStateSerialzationVersion​(String version)

      • hasScriptState

        public boolean hasScriptState()

      • getScriptState

        public String getScriptState()

      • getProvisioningAdminID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningAdminID()

      • setProvisioningAdminID

        public void setProvisioningAdminID​(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
        Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VI can change.
        Parameters:
        provisioningAdminID -

      • getProvisioningClientID

        public edu.uiuc.ncsa.security.core.Identifier getProvisioningClientID()
        Set if this transaction is from a substitution. This is the ID of the client that originally started the flow.
        Returns:

      • setProvisioningClientID

        public void setProvisioningClientID​(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)

      • setRTData

        public void setRTData​(net.sf.json.JSONObject rtData)

      • getResponseMode

        public String getResponseMode()

      • setResponseMode

        public void setResponseMode​(String mode)

      • hasResponseMode

        public boolean hasResponseMode()

      • getRequestedATLifetime

        public long getRequestedATLifetime()

      • getRequestedIDTLifetime

        public long getRequestedIDTLifetime()

      • setRequestedIDTLifetime

        public void setRequestedIDTLifetime​(long idtLifetime)

      • hasRequestedATLifetime

        public boolean hasRequestedATLifetime()

      • hasRequestedIDTLifetime

        public boolean hasRequestedIDTLifetime()

      • setRequestedATLifetime

        public void setRequestedATLifetime​(long atLifetime)

      • getRequestedRTLifetime

        public long getRequestedRTLifetime()

      • setRequestedRTLifetime

        public void setRequestedRTLifetime​(long rtLifetime)

      • hasRequestedRTLifetime

        public boolean hasRequestedRTLifetime()

      • getMaxAtLifetime

        public long getMaxAtLifetime()

      • setMaxATLifetime

        public void setMaxATLifetime​(long max)

      • getMaxIDTLifetime

        public long getMaxIDTLifetime()

      • setMaxIDTLifetime

        public void setMaxIDTLifetime​(long max)

      • hasMaxATLifetime

        public boolean hasMaxATLifetime()

      • hasMaxIDTLifetime

        public boolean hasMaxIDTLifetime()

      • getMaxRtLifetime

        public long getMaxRtLifetime()

      • setMaxRTLifetime

        public void setMaxRTLifetime​(long max)

      • hasMaxRTLifetime

        public boolean hasMaxRTLifetime()

      • hasCodeChallenge

        public boolean hasCodeChallenge()

      • getCodeChallenge

        public String getCodeChallenge()

      • setCodeChallenge

        public void setCodeChallenge​(String codeChallenge)

      • getCodeChallengeMethod

        public String getCodeChallengeMethod()

      • setCodeChallengeMethod

        public void setCodeChallengeMethod​(String codeChallengeMethod)

      • hasAuthTime

        public boolean hasAuthTime()

      • getAuthTime

        public Date getAuthTime()

      • setAuthTime

        public void setAuthTime​(Date authTime)

      • setScopes

        public void setScopes​(Collection<String> scopes)
        The scopes requested by the client. This does not mean they are all allowed, just so we have a list of them. This does cut out repeated scopes, since some client do things like send "openid openid openid email email email email email"
        Specified by:
        setScopes in interface OIDCServiceTransactionInterface
        Parameters:
        scopes -

      • getNonce

        public String getNonce()

      • setNonce

        public void setNonce​(String nonce)

      • isRefreshTokenValid

        public boolean isRefreshTokenValid()

      • setRefreshTokenValid

        public void setRefreshTokenValid​(boolean refreshTokenValid)

      • getRefreshTokenLifetime

        public long getRefreshTokenLifetime()
        This is, unfortunately, overloaded. It is the initial lifetime allowed by the client and may be set in the registration. If <=0 then refresh tokens are disabled. The actual expiration for the refresh token in the transaction is found in refreshTokenExpiresAt.
        Specified by:
        getRefreshTokenLifetime in interface OIDCServiceTransactionInterface
        Returns:

      • setRefreshTokenLifetime

        public void setRefreshTokenLifetime​(long refreshTokenLifetime)

      • getRequestState

        public String getRequestState()
        This is the state parameter in the initial request, if present
        Returns:

      • setRequestState

        public void setRequestState​(String requestState)

      • hasRefreshToken

        public boolean hasRefreshToken()

      • setRefreshToken

        public void setRefreshToken​(RefreshToken refreshToken)

      • getValidatedScopes

        public Collection<String> getValidatedScopes()
        The scopes that the user actually consented to on the user consent page. These are set once and never updated to prevent up scoping.
        Returns:

      • setValidatedScopes

        public void setValidatedScopes​(Collection<String> validatedScopes)

      • setQueriedATScopes

        public void setQueriedATScopes​(Collection<String> queriedATScopes)

      • getATJWT

        public String getATJWT()
        If an JWT access token was returned, a copy is saved here.
        Returns:

      • setATJWT

        public void setATJWT​(String atJWT)

      • getRTJWT

        public String getRTJWT()
        If an JWT refresh token was returned, a copy is saved here.
        Returns:

      • setRTJWT

        public void setRTJWT​(String rtJWT)

      • firstSix

        protected String firstSix​(URI id)
        Get the last 6 characters of the unique part of an identifer
        Parameters:
        id -
        Returns:

      • summary

        public String summary()
        Summary for debugging.
        Returns:

      • setResponseTypes

        public void setResponseTypes​(List<String> responseTypes)