Package alpine.server.auth

Class OidcAuthenticationService

java.lang.Object

alpine.server.auth.OidcAuthenticationService

All Implemented Interfaces:

AuthenticationService

public class OidcAuthenticationService
extends Object
implements AuthenticationService

Since:

1.8.0

Constructor Summary

Constructors

Constructor	Description
OidcAuthenticationService(String accessToken)	Deprecated. Use OidcAuthenticationService(String, String) instead
OidcAuthenticationService(String idToken, String accessToken)

Method Summary

Modifier and Type	Method	Description
Principal	authenticate()	Authenticate a Principal using the provided credentials.
boolean	isSpecified()	Defines a method which returns if the specified piece of data, required to perform authentication is present.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OidcAuthenticationService

@Deprecated
public OidcAuthenticationService(String accessToken)

Deprecated.

Use OidcAuthenticationService(String, String) instead

Parameters:

accessToken - The access token acquired by authenticating with an IdP

OidcAuthenticationService

public OidcAuthenticationService(String idToken,
 String accessToken)

Parameters:

idToken - The ID token acquired by authenticating with an IdP

accessToken - The access token acquired by authenticating with an IdP

Since:

1.10.0

Method Details

isSpecified

public boolean isSpecified()

Description copied from interface: AuthenticationService

Defines a method which returns if the specified piece of data, required to perform authentication is present.

Specified by:

isSpecified in interface AuthenticationService

Returns:

true if the authentication data was specified, false if not

authenticate

@Nonnull
public Principal authenticate()
                       throws AlpineAuthenticationException

Authenticate a Principal using the provided credentials.

If an ID token is provided, Alpine will validate it and source configured claims from it.

If an access token is provided, Alpine will call the IdP's /userinfo endpoint with it to verify its validity, and source configured claims from the response.

If both access token and ID token are provided, the ID token takes precedence. When all configured claims are found in the ID token, /userinfo won't be requested. When not all claims were found in the ID token, /userinfo will be requested supplementary.

Specified by:

authenticate in interface AuthenticationService

Returns:

An authenticated Principal

Throws:

AlpineAuthenticationException - When authentication failed