Factory interface for creating OAuth2 based io.vertx.ext.auth.AuthProvider instances.

  • OAuth2Auth
    • AuthProvider
      • Basic
        • Identifiable
        • Object
          • Anything

no subtypes hierarchy

Initializer
OAuth2Auth(OAuth2Auth unknown)
Inherited Attributes
Attributes inherited from: Object
hash, string
Methods
apishared default OAuth2Auth api(HttpMethod method, String path, Object params, Anything(Throwable|Object) handler)

Call OAuth2 APIs.

Parameters:
  • method

    HttpMethod

  • path

    target path

  • params

    parameters

  • handler

    handler

authorizeURLshared default String authorizeURL(Object params)

Generate a redirect URL to the authN/Z backend. It only applies to auth_code flow.

decodeTokenshared default OAuth2Auth decodeToken(String token, Anything(Throwable|AccessToken) handler)

Decode a token to a AccessToken object. This is useful to handle bearer JWT tokens.

Parameters:
  • token

    the access token (base64 string)

  • handler

    A handler to receive the event

getFlowTypeshared default String getFlowType()

Returns the configured flow type for the Oauth2 provider.

getScopeSeparatorshared default String getScopeSeparator()

Returns the scope separator.

The RFC 6749 states that a scope is expressed as a set of case-sensitive and space-delimited strings, however vendors tend not to agree on this and we see the following cases being used: space, plus sign, comma.

getTokenshared default void getToken(Object params, Anything(Throwable|AccessToken) handler)

Returns the Access Token object.

Parameters:
  • params
    • JSON with the options, each flow requires different options.
  • handler
    • The handler returning the results.
hasJWTTokenshared default Boolean hasJWTToken()

Returns true if this provider supports JWT tokens as the access_token. This is typically true if the provider implements the openid-connect protocol. This is a plain return from the config option jwtToken, which is false by default.

This information is important to validate grants. Since pure OAuth2 should be used for authorization and when a token is requested all grants should be declared, in case of openid-connect this is not true. OpenId will issue a token and all grants will be encoded on the token itself so the requester does not need to list the required grants.

introspectTokenshared default OAuth2Auth introspectToken(String token, Anything(Throwable|AccessToken) handler)

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:
  • token

    the access token (base64 string)

  • handler

    A handler to receive the event

introspectTokenshared default OAuth2Auth introspectToken(String token, String tokenType, Anything(Throwable|Object) handler)

Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.

Parameters:
  • token

    the access token (base64 string)

  • tokenType

    hint to the token type e.g.: access_token

  • handler

    A handler to receive the event

Inherited Methods
Methods inherited from: AuthProvider
authenticate
Methods inherited from: Object
equals