Factory interface for creating OAuth2 based io.vertx.ext.auth.AuthProvider instances.

  • OAuth2Auth
    • AuthProvider
      • Basic
        • Identifiable
        • Object
          • Anything

no subtypes hierarchy

Initializer
OAuth2Auth(OAuth2Auth unknown)
Inherited Attributes
Attributes inherited from: Object
hash, string
Methods
apishared default OAuth2Auth api(HttpMethod method, String path, Object params, Anything(Throwable|Object) handler)

Call OAuth2 APIs.

Parameters:
  • method

    HttpMethod

  • path

    target path

  • params

    parameters

  • handler

    handler

authorizeURLshared default String authorizeURL(Object params)

Generate a redirect URL to the authN/Z backend. It only applies to auth_code flow.

decodeTokenshared default OAuth2Auth decodeToken(String token, Anything(Throwable|AccessToken) handler)

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Parameters:
  • token

    the access token (base64 string)

  • handler

    A handler to receive the event

getScopeSeparatorshared default String getScopeSeparator()

Returns the scope separator.

The RFC 6749 states that a scope is expressed as a set of case-sensitive and space-delimited strings, however vendors tend not to agree on this and we see the following cases being used: space, plus sign, comma.

getTokenshared default void getToken(Object params, Anything(Throwable|AccessToken) handler)

Returns the Access Token object.

Parameters:
  • params
    • JSON with the options, each flow requires different options.
  • handler
    • The handler returning the results.
hasJWTTokenshared default Boolean hasJWTToken()

Returns true if this provider supports JWT tokens as the access_token. This is typically true if the provider implements the openid-connect protocol. This is a plain return from the config option jwtToken, which is false by default.

This information is important to validate grants. Since pure OAuth2 should be used for authorization and when a token is requested all grants should be declared, in case of openid-connect this is not true. OpenId will issue a token and all grants will be encoded on the token itself so the requester does not need to list the required grants.

introspectTokenshared default OAuth2Auth introspectToken(String token, Anything(Throwable|AccessToken) handler)

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:
  • token

    the access token (base64 string)

  • handler

    A handler to receive the event

introspectTokenshared default OAuth2Auth introspectToken(String token, String tokenType, Anything(Throwable|Object) handler)

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:
  • token

    the access token (base64 string)

  • tokenType

    hint to the token type e.g.: access_token

  • handler

    A handler to receive the event

Inherited Methods
Methods inherited from: AuthProvider
authenticate
Methods inherited from: Object
equals