Package io.jans.ca.plugin.adminui.service.auth

Class OAuth2Service

  • @Singleton
public class OAuth2Service
extends BaseService

    • Constructor Detail

      • OAuth2Service

        public OAuth2Service()

    • Method Detail

      • getApiProtectionToken

        public TokenResponse getApiProtectionToken​(ApiTokenRequest apiTokenRequest,
                                           String appType)
                                    throws ApplicationException
        Obtain an API protection token for the specified application and populate its token claims. Uses the AUI configuration for the given appType to request a client-credentials token; when an ApiTokenRequest with a user JWT (ujwt) is provided, the request includes that JWT. The returned TokenResponse contains the access, ID, and refresh tokens and, when available from token introspection, scopes, issued-at (iat), expiration (exp), and issuer (iss) claims.
        Parameters:
        apiTokenRequest - optional request parameters; when null a default OpenID scope is requested, otherwise the contained `ujwt` (if present) is used to obtain the token
        appType - identifier of the application configuration to use for token endpoint, client credentials, and introspection endpoint lookup
        Returns:
        a TokenResponse populated with accessToken, idToken, refreshToken and, if available, scopes, iat, exp, and issuer
        Throws:
        ApplicationException - on error while obtaining or processing the token

      • setAdminUISession

        public void setAdminUISession​(String sessionId,
                              String ujwt)
                       throws ApplicationException
        Create and persist an AdminUISession for the given sessionId using claims extracted from the provided user-info JWT.
        Parameters:
        sessionId - the identifier for the admin UI session; used as the session's inum and to build its DN
        ujwt - the user-info JWT string containing an "inum" claim that identifies the user
        Throws:
        ApplicationException - if the "inum" claim is missing from the provided JWT

      • removeAdminUIUserSessionByDn

        public void removeAdminUIUserSessionByDn​(String userDn)
                                  throws ApplicationException
        Removes all AdminUISession entries whose jansUsrDN contains the provided user DN.
        Parameters:
        userDn - the user distinguished name to match within stored AdminUISession jansUsrDN values
        Throws:
        ApplicationException - if an error occurs while searching for or removing sessions (results in HTTP 500)

      • getSession

        public io.jans.configapi.core.model.adminui.AdminUISession getSession​(String sessionId)
                                                               throws ApplicationException
        Load an AdminUISession by its session identifier.
        Parameters:
        sessionId - the session identifier used to build the session DN
        Returns:
        the matching AdminUISession, or `null` if no session exists for the given id
        Throws:
        ApplicationException - if an error occurs while retrieving the session (results in HTTP 500)

      • removeSession

        public void removeSession​(String sessionId)
                   throws ApplicationException
        Removes the Admin UI session identified by the given sessionId.
        Parameters:
        sessionId - the Admin UI session identifier
        Throws:
        ApplicationException - if the session cannot be retrieved or removed