Class OAuthTokenEndpoint

public class OAuthTokenEndpoint extends WResource
Endpoint to retrieve an access token.

The token endpoint is used by the client to obtain an OAuthAccessToken by presenting its authorization grant. This implementation only supports the "authorization_code" grant type. The client ID and secret can be passed with Basic auth or by POST request parameters. When something goes wrong, the reply will include a JSON object with an "error" attribute.

This endpoint is implemented as a WResource, so it's usually deployed using WServer#addResource().

For more information refer to the specification:

When the scope includes "openid" an ID Token will be included as specified by the OpenID Connect standard.

This class relies on a correct implementation of several function in the AbstractUserDatabase. Namely AbstractUserDatabase#idpClientFindWithId(), AbstractUserDatabase#idpClientAuthMethod(), AbstractUserDatabase#idpVerifySecret(), AbstractUserDatabase#idpClientId(), AbstractUserDatabase#idpTokenFindWithValue(), AbstractUserDatabase#idpTokenAdd(), AbstractUserDatabase#idpTokenRemove(), AbstractUserDatabase#idpTokenRedirectUri(), AbstractUserDatabase::idpTokenAuthClient, AbstractUserDatabase#idpTokenUser(), and AbstractUserDatabase#idpTokenScope().

Must be deployed using TLS.

  • Constructor Details

    • OAuthTokenEndpoint

      public OAuthTokenEndpoint(AbstractUserDatabase db, String issuer)

      The issuer argument is used for the "iss" attribute in the ID Token when the scope includes "openid".

  • Method Details

    • handleRequest

      public void handleRequest(WebRequest request, WebResponse response)
      Description copied from class: WResource
      Handles a request.

      Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.

      Specified by:
      handleRequest in class WResource
      request - The request information
      response - The response object
    • setAccessExpSecs

      public void setAccessExpSecs(int seconds)
      Sets the amount of seconds after which generated access tokens expire.

      Defaults to 3600 seconds.

    • setIdExpSecs

      public void setIdExpSecs(int seconds)
      Sets the amount of seconds after which generated id tokens expire.

      Defaults to 3600 seconds.