Class OidcUserInfoEndpoint


public class OidcUserInfoEndpoint extends WResource
Endpoint at which user info can be requested.

The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User. To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication. These Claims are normally represented by a JSON object that contains a collection of name and value pairs for the Claims.

One can use setScopeToken to map claims to a scopeToken. The value of these claims will be retrieved using the AbstractUserDatabase#idpJsonClaim() function.

You can look at for more information.

This endpoint is implemented as a WResource, so it's usually deployed using WServer#addResource().

This class relies on the implementation of several functions in the AbstractUserDatabase. Namely AbstractUserDatabase#idpJsonClaim(), AbstractUserDatabase#idpTokenFindWithValue(), AbstractUserDatabase#idpTokenUser(), and AbstractUserDatabase#idpTokenScope().

Must be deployed using TLS.

See Also:
  • Constructor Details

  • Method Details

    • handleRequest

      public void handleRequest(WebRequest request, WebResponse response)
      Description copied from class: WResource
      Handles a request.

      Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.

      Specified by:
      handleRequest in class WResource
      request - The request information
      response - The response object
    • setScopeToken

      public void setScopeToken(String scopeToken, Set<String> claims)
      Maps the given scope token to the given set of claims.

      The value of these claims will be retrieved from the AbstractUserDatabase using the AbstractUserDatabase#idpJsonClaim() function.

      At construction, the following default scopes are automatically populated: profile . {name} and email . {email, email_verified}

      A scope can be erased by setting it to an empty set of claims.

      See Also:
    • getScopeTokens

      public Map<String,Set<String>> getScopeTokens()
      Retrieves the set of claims that has been mapped to the given scope token.
    • generateUserInfo

      protected generateUserInfo(User user, Set<String> scope)
      Generates the JSON containing the claims for the given scope.

      Can be overridden, but by default it uses the configured mapping set by setScopeToken, and AbstractUserDatabase#idpJsonClaim().

      See Also: