Package com.authlete.jaxrs.spi

Interface BackchannelAuthenticationRequestHandlerSpi

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      com.authlete.common.types.User getUserByHint​(com.authlete.common.types.UserIdentificationHintType hintType, String hint, String sub)
      Get a user by the hint.
      boolean isLoginHintTokenExpired​(String loginHintToken)
      Check whether a login hint token expired or not.
      boolean isValidBindingMessage​(String bindingMessage)
      Check if a binding message is valid or not.
      boolean isValidUserCode​(com.authlete.common.types.User user, String userCode)
      Check whether a user code is valid or not.
      boolean shouldCheckUserCode​(com.authlete.common.types.User user, com.authlete.common.dto.BackchannelAuthenticationResponse info)
      Check whether a user code should be checked or not.
      void startCommunicationWithAuthenticationDevice​(com.authlete.common.types.User user, com.authlete.common.dto.BackchannelAuthenticationResponse baRes, com.authlete.common.dto.BackchannelAuthenticationIssueResponse baiRes)
      Start a background process where the authorization server starts communicating with an authentication device for end-user authentication and authorization.

    • Method Detail

      • getUserByHint

        com.authlete.common.types.User getUserByHint​(com.authlete.common.types.UserIdentificationHintType hintType,
                                             String hint,
                                             String sub)
        Get a user by the hint.
        Parameters:
        hintType - The type of the hint contained in the backchannel authentication request.
        hint - The hint contained in the backchannel authentication request. This value is equivalent to the value of the "login_hint" request parameter, the "id_token_hint" request parameter or the "login_hint_token" request parameter contained in the backchannel authentication request.
        sub - The value of the "sub" claim of the ID token hint contained in the backchannel authentication request as the "id_token_hint" request parameter. This value is null if the backchannel authentication request does not contain the "id_token_hint" request parameter.
        Returns:
        A user identified by the hint. null is returned if a user is not found using the hint.

      • isLoginHintTokenExpired

        boolean isLoginHintTokenExpired​(String loginHintToken)
        Check whether a login hint token expired or not.

        This method is called only when the "login_hint_token" request parameter is contained in the backchannel authentication request.

        Parameters:
        loginHintToken - The value of the "login_hint_token" request parameter contained in the backchannel authentication request..
        Returns:
        true if the login hint token has already expired. Otherwise, false.

      • shouldCheckUserCode

        boolean shouldCheckUserCode​(com.authlete.common.types.User user,
                            com.authlete.common.dto.BackchannelAuthenticationResponse info)
        Check whether a user code should be checked or not.
        Parameters:
        user - A user from whom the client asks for authorization.
        info - The information about the backchannel authentication request.
        Returns:
        true if a user code should be checked. Otherwise, false.

      • isValidUserCode

        boolean isValidUserCode​(com.authlete.common.types.User user,
                        String userCode)
        Check whether a user code is valid or not.

        This method is called only when shouldCheckUserCode(User, BackchannelAuthenticationResponse) returns true.

        Parameters:
        user - A user from whom the client asks for authorization.
        userCode - A user code contained in the backchannel authentication request.
        Returns:
        true if a user code is valid. Otherwise, false.

      • startCommunicationWithAuthenticationDevice

        void startCommunicationWithAuthenticationDevice​(com.authlete.common.types.User user,
                                                com.authlete.common.dto.BackchannelAuthenticationResponse baRes,
                                                com.authlete.common.dto.BackchannelAuthenticationIssueResponse baiRes)
        Start a background process where the authorization server starts communicating with an authentication device for end-user authentication and authorization.

        Typically this method will invoke a new thread in which the communication between the authorization server and the authentication device will occur.

        Parameters:
        user - A user who is to be authenticated and asked to authorize the client application.
        baRes - The response from Authlete's /api/backchannel/authentication API.
        baiRes - The response from Authlete's /api/backchannel/authentication/issue API.

      • isValidBindingMessage

        boolean isValidBindingMessage​(String bindingMessage)
        Check if a binding message is valid or not.

        This method is called only when the binding_message request parameter is contained in the backchannel authentication request.

        Parameters:
        bindingMessage - The value of the binding_message request parameter contained in the backchannel authentication request.
        Returns:
        true if the binding message is valid. Otherwise, false.
        Since:
        2.14