AccessTokenRetrieveris the internal API by which the login module will retrieve an access token for use in authorization by the broker.An instance of
AccessTokenValidatoracts as a function object that, given an access token in base-64 encoded JWT format, can parse the data, perform validation, and construct an
OAuthBearerTokenfor use by the caller.An implementation of the
OAuthBearerTokenthat fairly straightforwardly stores the values given to its constructor (except the scope set which is copied to avoid modifications).Simple utility class to perform basic cleaning and validation on input values so that they're performed consistently throughout the code base.The
VerificationKeyResolveras part of its validation of the incoming JWT.
ConfigurationUtilsis a utility class to perform basic configuration-related logic and is separated out here for easier, more direct testing.
AccessTokenRetrieverthat will load the contents, interpreting them as a JWT access key in the serialized form.
AccessTokenRetrieverthat will communicate with an OAuth/OIDC provider directly via HTTP to post client credentials (
OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG) to a publicized token endpoint URL (
JaasOptionsUtilsis a utility class to perform logic for the JAAS options and is separated out here for easier, more direct testing.
VerificationKeyResolverimplementation that will load the JWKS from the given file system directory.LoginAccessTokenValidator is an implementation of
AccessTokenValidatorthat is used by the client to perform some rudimentary validation of the JWT access token that is received as part of the response from posting the client credentials to the OAuth/OIDC provider's token endpoint.Implementation of
HttpsJwksthat will periodically refresh the JWKS cache to reduce or even prevent HTTP/HTTPS traffic in the hot path of validation.
VerificationKeyResolverimplementation that will periodically refresh the JWKS using its
HttpsJwksinstance.Retry<R>Retry encapsulates the mechanism to perform a retry and then exponential backoff using provided wait times between attempts.Retryable<R>Simple interface to abstract out the call that is made so that it can be retried.SerializedJwt provides a modicum of structure and validation around a JWT's serialized form by splitting and making the three sections (header, payload, and signature) available to the user.ValidateException is thrown in cases where a JWT access token cannot be determined to be valid for one reason or another.ValidatorAccessTokenValidator is an implementation of
AccessTokenValidatorthat is used by the broker to perform more extensive validation of the JWT access token that is received from the client, but ultimately from posting the client credentials to the OAuth/OIDC provider's token endpoint.