Package io.jans.as.server.authorize.ws.rs

Class AuthorizeRestWebServiceImpl

java.lang.Object

io.jans.as.server.authorize.ws.rs.AuthorizeRestWebServiceImpl

All Implemented Interfaces:

AuthorizeRestWebService

@Path("/")
public class AuthorizeRestWebServiceImpl
extends java.lang.Object
implements AuthorizeRestWebService

Implementation for request authorization through REST web services.

Version:

March 17, 2022

Author:

Javier Rojas Blum

Constructor Summary

Constructors

Constructor	Description
AuthorizeRestWebServiceImpl()

Method Summary

Modifier and Type	Method	Description
jakarta.ws.rs.core.Response	requestAuthorizationGet(java.lang.String scope, java.lang.String responseType, java.lang.String clientId, java.lang.String redirectUri, java.lang.String state, java.lang.String responseMode, java.lang.String nonce, java.lang.String display, java.lang.String prompt, java.lang.Integer maxAge, java.lang.String uiLocales, java.lang.String idTokenHint, java.lang.String loginHint, java.lang.String acrValues, java.lang.String amrValues, java.lang.String request, java.lang.String requestUri, java.lang.String sessionId, java.lang.String originHeaders, java.lang.String codeChallenge, java.lang.String codeChallengeMethod, java.lang.String customResponseHeaders, java.lang.String claims, java.lang.String authReqId, jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.ws.rs.core.SecurityContext securityContext)	Requests authorization.
jakarta.ws.rs.core.Response	requestAuthorizationPost(java.lang.String scope, java.lang.String responseType, java.lang.String clientId, java.lang.String redirectUri, java.lang.String state, java.lang.String responseMode, java.lang.String nonce, java.lang.String display, java.lang.String prompt, java.lang.Integer maxAge, java.lang.String uiLocales, java.lang.String idTokenHint, java.lang.String loginHint, java.lang.String acrValues, java.lang.String amrValues, java.lang.String request, java.lang.String requestUri, java.lang.String sessionId, java.lang.String originHeaders, java.lang.String codeChallenge, java.lang.String codeChallengeMethod, java.lang.String customResponseHeaders, java.lang.String claims, java.lang.String authReqId, jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.ws.rs.core.SecurityContext securityContext)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizeRestWebServiceImpl

public AuthorizeRestWebServiceImpl()

Method Detail

requestAuthorizationGet

public jakarta.ws.rs.core.Response requestAuthorizationGet(java.lang.String scope,
                                                           java.lang.String responseType,
                                                           java.lang.String clientId,
                                                           java.lang.String redirectUri,
                                                           java.lang.String state,
                                                           java.lang.String responseMode,
                                                           java.lang.String nonce,
                                                           java.lang.String display,
                                                           java.lang.String prompt,
                                                           java.lang.Integer maxAge,
                                                           java.lang.String uiLocales,
                                                           java.lang.String idTokenHint,
                                                           java.lang.String loginHint,
                                                           java.lang.String acrValues,
                                                           java.lang.String amrValues,
                                                           java.lang.String request,
                                                           java.lang.String requestUri,
                                                           java.lang.String sessionId,
                                                           java.lang.String originHeaders,
                                                           java.lang.String codeChallenge,
                                                           java.lang.String codeChallengeMethod,
                                                           java.lang.String customResponseHeaders,
                                                           java.lang.String claims,
                                                           java.lang.String authReqId,
                                                           jakarta.servlet.http.HttpServletRequest httpRequest,
                                                           jakarta.servlet.http.HttpServletResponse httpResponse,
                                                           jakarta.ws.rs.core.SecurityContext securityContext)

Description copied from interface: AuthorizeRestWebService

Requests authorization.

Specified by:

requestAuthorizationGet in interface AuthorizeRestWebService

Parameters:

scope - The scope of the access request.

responseType - The response type informs the authorization server of the desired response type: code, token, id_token a combination of them. The response type parameter is mandatory.

clientId - The client identifier.

redirectUri - Redirection URI

state - An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter should be used for preventing cross-site request forgery.

responseMode - Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type.

nonce - A string value used to associate a user agent session with an ID Token, and to mitigate replay attacks.

display - An ASCII string value that specifies how the Authorization Server displays the authentication page to the End-User.

prompt - A space delimited list of ASCII strings that can contain the values login, consent, select_account, and none.

maxAge - Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated.

uiLocales - End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.

idTokenHint - Previously issued ID Token passed to the Authorization Server as a hint about the End-User's current or past authenticated session with the Client.

loginHint - Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).

acrValues - Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.

amrValues - Requested Authentication Methods References. JSON array of strings that are identifiers for authentication methods used in the authentication. For instance, values might indicate that both password and OTP authentication methods were used. The definition of particular values to be used in the amr Claim is beyond the scope of this specification.The amr value is an array of case sensitive strings.

request - A JWT encoded OpenID Request Object.

requestUri - An URL that points to an OpenID Request Object.

sessionId - session id

codeChallenge - PKCE code challenge

codeChallengeMethod - PKCE code challenge method

authReqId - A unique identifier to identify the CIBA authentication request made by the Client.

httpRequest - http request

securityContext - An injectable interface that provides access to security related information.

Returns:

When the responseType parameter is set to code:

If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the redirection URI using the application/x-www-form-urlencoded format:

code

The authorization code generated by the authorization server.

state

If the state parameter was present in the client authorization request. The exact value received from the client.

When the responseType parameter is set to token:

If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection URI using the application/x-www-form-urlencoded format.

access_token

The access token issued by the authorization server.

token_type

The type of the token issued. Value is case insensitive.

expires_in

The lifetime in seconds of the access token. For example, the value 3600 denotes that the access token will expire in one hour from the time the response was generated.

scope

The scope of the access token.

state

If the state parameter was present in the client authorization request. The exact value received from the client.

requestAuthorizationPost

public jakarta.ws.rs.core.Response requestAuthorizationPost(java.lang.String scope,
                                                            java.lang.String responseType,
                                                            java.lang.String clientId,
                                                            java.lang.String redirectUri,
                                                            java.lang.String state,
                                                            java.lang.String responseMode,
                                                            java.lang.String nonce,
                                                            java.lang.String display,
                                                            java.lang.String prompt,
                                                            java.lang.Integer maxAge,
                                                            java.lang.String uiLocales,
                                                            java.lang.String idTokenHint,
                                                            java.lang.String loginHint,
                                                            java.lang.String acrValues,
                                                            java.lang.String amrValues,
                                                            java.lang.String request,
                                                            java.lang.String requestUri,
                                                            java.lang.String sessionId,
                                                            java.lang.String originHeaders,
                                                            java.lang.String codeChallenge,
                                                            java.lang.String codeChallengeMethod,
                                                            java.lang.String customResponseHeaders,
                                                            java.lang.String claims,
                                                            java.lang.String authReqId,
                                                            jakarta.servlet.http.HttpServletRequest httpRequest,
                                                            jakarta.servlet.http.HttpServletResponse httpResponse,
                                                            jakarta.ws.rs.core.SecurityContext securityContext)

Specified by:

requestAuthorizationPost in interface AuthorizeRestWebService