Class BackchannelAuthenticationCompleteRequestHandlerSpiAdapter
- java.lang.Object
-
- com.authlete.jaxrs.spi.BackchannelAuthenticationCompleteRequestHandlerSpiAdapter
-
- All Implemented Interfaces:
BackchannelAuthenticationCompleteRequestHandlerSpi
public class BackchannelAuthenticationCompleteRequestHandlerSpiAdapter extends Object implements BackchannelAuthenticationCompleteRequestHandlerSpi
Empty implementation ofBackchannelAuthenticationCompleteRequestHandlerSpi
interface.- Since:
- 2.13
- Author:
- Hideki Ikeda
-
-
Constructor Summary
Constructors Constructor Description BackchannelAuthenticationCompleteRequestHandlerSpiAdapter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getAcr()
Get the authentication context class reference (ACR) that was satisfied when the end-user was authenticated.String
getErrorDescription()
Get the description of the error.URI
getErrorUri()
Get the URI of a document which describes the error in detail.com.authlete.common.dto.Property[]
getProperties()
Get extra properties to associate with an access token.com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result
getResult()
Get the result of end-user authentication and authorization.String[]
getScopes()
Get scopes to be associated with the access token.long
getUserAuthenticatedAt()
Get the time when the end-user was authenticated.Object
getUserClaim(String claimName)
Get the value of a claim of the user.String
getUserSubject()
Get the subject (= unique identifier) of the end-user.void
sendNotification(com.authlete.common.dto.BackchannelAuthenticationCompleteResponse info)
Send a notification to the client notification endpoint as described in CIBA Core specification.
-
-
-
Method Detail
-
getResult
public com.authlete.common.dto.BackchannelAuthenticationCompleteRequest.Result getResult()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the result of end-user authentication and authorization.- Specified by:
getResult
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The result of end-user authentication and authorization.
-
getUserSubject
public String getUserSubject()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the subject (= unique identifier) of the end-user. It must consist of only ASCII letters and its length must not exceed 100.In a typical case, the subject is a primary key or another unique ID of the record that represents the end-user in your user database.
- Specified by:
getUserSubject
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The subject (= unique identifier) of the end-user.
-
getUserAuthenticatedAt
public long getUserAuthenticatedAt()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the time when the end-user was authenticated.This method is called only when
BackchannelAuthenticationCompleteRequestHandlerSpi.getResult()
has returnedAUTHORIZED
.- Specified by:
getUserAuthenticatedAt
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The time when the end-user authentication occurred. The number of seconds since Unix epoch (1970-01-01). Return 0 if the time is unknown.
-
getAcr
public String getAcr()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the authentication context class reference (ACR) that was satisfied when the end-user was authenticated.If you don't know what ACR is, return
null
.This method is called only when
BackchannelAuthenticationCompleteRequestHandlerSpi.getResult()
has returnedAUTHORIZED
.- Specified by:
getAcr
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The authentication context class reference (ACR) that was satisfied when the end-user was authenticated.
-
getUserClaim
public Object getUserClaim(String claimName)
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the value of a claim of the user.This method may be called multiple times. Note that this method is called only when
BackchannelAuthenticationCompleteRequestHandlerSpi.getResult()
has returnedAUTHORIZED
.- Specified by:
getUserClaim
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Parameters:
claimName
- A claim name such asname
andfamily_name
. Standard claim names are listed in "5.1. Standard Claims" of OpenID Connect Core 1.0. Java constant values that represent the standard claims are listed inStandardClaims
class. The value ofclaimName
does NOT contain a language tag.- Returns:
- The claim value.
null
if the claim value of the claim is not available.
-
getProperties
public com.authlete.common.dto.Property[] getProperties()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get extra properties to associate with an access token.This method is expected to return an array of extra properties. The following is an example that returns an array containing one extra property.
@Override public
Property
[] getProperties() { return newProperty
[] { newProperty
("example_parameter", "example_value") }; }Extra properties returned from this method will appear as top-level entries in a JSON response from an authorization server as shown in 5.1. Successful Response in RFC 6749.
Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to a multidimensional string array, (2) converted to JSON, (3) encrypted by AES/CBC/PKCS5Padding, (4) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.
- Specified by:
getProperties
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- Extra properties. If
null
is returned, any extra property will not be associated.
-
getScopes
public String[] getScopes()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get scopes to be associated with the access token. If this method returns a non-null value, the set of scopes will be used instead of the scopes specified in the original backchannel authentication request.- Specified by:
getScopes
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- Scopes to replace the scopes specified in the original
backchannel authentication request with. When
null
is returned from this method, replacement is not performed.
-
sendNotification
public void sendNotification(com.authlete.common.dto.BackchannelAuthenticationCompleteResponse info)
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Send a notification to the client notification endpoint as described in CIBA Core specification.Note that the specification defines how the Open ID provider deals with responses from the client notification endpoint. The following is an excerpt from "10.2. Ping Callback" and "10.3.1. Successful Token Delivery" of the specification.
For valid requests, the Client Notification Endpoint SHOULD respond with an HTTP 204 No Content. The OP SHOULD also accept responses with HTTP 200 OK and any body in the response SHOULD be ignored.
The Client MUST NOT return an HTTP 3xx code. The OP MUST NOT follow redirects.
How the OP handles HTTP error codes in the ranges of 4xx and 5xx is out-of-scope of this specification. Administrative action is likely to be needed in these cases.- Specified by:
sendNotification
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Parameters:
info
- An object having information required to send a notification to the client notification endpoint.
-
getErrorDescription
public String getErrorDescription()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the description of the error. This corresponds to theerror_description
property in the response to the client.- Specified by:
getErrorDescription
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The description of the error.
-
getErrorUri
public URI getErrorUri()
Description copied from interface:BackchannelAuthenticationCompleteRequestHandlerSpi
Get the URI of a document which describes the error in detail. This corresponds to theerror_uri
property in the response to the client.- Specified by:
getErrorUri
in interfaceBackchannelAuthenticationCompleteRequestHandlerSpi
- Returns:
- The URI of a document which describes the error in detail.
-
-