Class OAuth2Resource
- java.lang.Object
-
- io.jans.ca.plugin.adminui.rest.auth.OAuth2Resource
-
@Path("/app") public class OAuth2Resource extends Object
-
-
Field Summary
Fields Modifier and Type Field Description static StringSCOPE_OPENID
-
Constructor Summary
Constructors Constructor Description OAuth2Resource()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description jakarta.ws.rs.core.ResponsecreateSession(@Valid @NotNull ApiTokenRequest apiTokenRequest)Create an Admin UI session and set an HttpOnly, Secure session cookie.jakarta.ws.rs.core.ResponsedeleteSessionBySessionCookie(jakarta.ws.rs.core.Cookie sessionCookie)Revokes the Admin UI session identified by the provided session cookie and invalidates that cookie in the client.jakarta.ws.rs.core.ResponsedeleteSessionsByUserDn(@NotNull String userDn)Revoke all Admin UI sessions associated with the specified user DN.jakarta.ws.rs.core.ResponsegetApiProtectionToken(@Valid @NotNull ApiTokenRequest apiTokenRequest, String appType)Requests an API protection token from the OAuth2 service for the specified app type.
-
-
-
Field Detail
-
SCOPE_OPENID
public static final String SCOPE_OPENID
- See Also:
- Constant Field Values
-
-
Method Detail
-
createSession
@POST @Path("/{appType}/oauth2/session") @Produces("application/json") public jakarta.ws.rs.core.Response createSession(@Valid @NotNull @Valid @NotNull ApiTokenRequest apiTokenRequest)Create an Admin UI session and set an HttpOnly, Secure session cookie.Validates that the provided API token request contains a user JWT (UJWT) and that the JWT's signature is valid against the configured JWKS; on success a new session is persisted and a Set-Cookie header with the `admin_ui_session_id` is returned.
- Parameters:
apiTokenRequest- request containing the UJWT used to authenticate and create the session; must include a signed UJWT- Returns:
- a Response with a success entity and a Set-Cookie header containing the `admin_ui_session_id` on success; on failure the Response contains an error entity and an appropriate HTTP status code
-
deleteSessionBySessionCookie
@DELETE @Path("/{appType}/oauth2/session") @Produces("application/json") public jakarta.ws.rs.core.Response deleteSessionBySessionCookie(@CookieParam("admin_ui_session_id") jakarta.ws.rs.core.Cookie sessionCookie)Revokes the Admin UI session identified by the provided session cookie and invalidates that cookie in the client.- Parameters:
sessionCookie- the request cookie named "admin_ui_session_id" identifying the session to remove- Returns:
- a Response containing a generic success payload and a Set-Cookie header that clears the session cookie; on failure a Response with the error status and message
-
deleteSessionsByUserDn
@DELETE @Path("/{appType}/oauth2/session/{userDn}") @Produces("application/json") public jakarta.ws.rs.core.Response deleteSessionsByUserDn(@PathParam("userDn") @NotNull @NotNull String userDn)Revoke all Admin UI sessions associated with the specified user DN.- Parameters:
userDn- the user's distinguished name whose Admin UI sessions will be revoked- Returns:
- an HTTP response: 200 with a success payload when sessions are revoked; otherwise a response with the error status code and an error payload describing the failure
-
getApiProtectionToken
@POST @Path("/{appType}/oauth2/api-protection-token") @Produces("application/json") public jakarta.ws.rs.core.Response getApiProtectionToken(@Valid @NotNull @Valid @NotNull ApiTokenRequest apiTokenRequest, @PathParam("appType") String appType)Requests an API protection token from the OAuth2 service for the specified app type.- Parameters:
apiTokenRequest- the credentials and parameters required to request the tokenappType- the application type for which the token is requested- Returns:
- a Response whose entity is a TokenResponse on success, or a generic error payload with an HTTP error status on failure
-
-