Skip to content

Commit

Permalink
Include options properties in Params classes.
Browse files Browse the repository at this point in the history
  • Loading branch information
@hidebike712
hidebike712 committed Jan 2, 2025
1 parent 9e88048 commit 7db7113
Show file tree
Hide file tree
Showing 12 changed files with 469 additions and 464 deletions.
76 changes: 43 additions & 33 deletions src/main/java/com/authlete/jakarta/AccessTokenValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ public static class Params implements Serializable
private String dpop;
private String htm;
private String htu;
private Options options;


/**
Expand Down Expand Up @@ -318,6 +319,39 @@ public Params setHtu(String htu)

return this;
}


/**
* Get the request options for {@code /api/auth/introspection} API.
*
* @return
* The request options for {@code /api/auth/introspection} API.
*
* @since 2.82
*/
public Options getOptions()
{
return options;
}


/**
* Set the request options for {@code /api/auth/introspection} API.
*
* @param options
* The request options for {@code /api/auth/introspection} API.
*
* @return
* {@code this} object.
*
* @since 2.82
*/
public Params setOptions(Options options)
{
this.options = options;

return this;
}
}


Expand Down Expand Up @@ -493,8 +527,8 @@ public AccessTokenInfo validate(


/**
* Validate an access token. This method is an alias of the
* {@link #validate(Params, Options)} method.
* Validate an access token. This method is an alias of the {@link #validate(Params)}
* method.
*
* </p>
* When the given access token is not valid, this method throws a
Expand Down Expand Up @@ -538,7 +572,7 @@ public AccessTokenInfo validate(
* presented one does not match.
* </ol>
*
* @since 2.82
* @since 2.27
*/
public AccessTokenInfo validate(
String accessToken, String[] requiredScopes,
Expand All @@ -550,15 +584,15 @@ public AccessTokenInfo validate(
.setRequiredScopes(requiredScopes)
.setRequiredSubject(requiredSubject)
.setClientCertificate(clientCertificate)
.setOptions(options)
;

return validate(params, options);
return validate(params);
}


/**
* Validate an access token. This method is an alias of
* {@link #validate(Params, Options) validate}{@code (params, null)}.
* Validate an access token.
*
* @param params
* Parameters needed for access token validation.
Expand All @@ -572,29 +606,6 @@ public AccessTokenInfo validate(
* @since 2.27
*/
public AccessTokenInfo validate(Params params) throws WebApplicationException
{
return validate(params, null);
}


/**
* Validate an access token.
*
* @param params
* Parameters needed for access token validation.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* Information about the access token.
*
* @throws WebApplicationException
* The access token is invalid.
*
* @since 2.82
*/
public AccessTokenInfo validate(Params params, Options options) throws WebApplicationException
{
if (params == null || params.getAccessToken() == null)
{
Expand All @@ -604,7 +615,7 @@ public AccessTokenInfo validate(Params params, Options options) throws WebApplic

try
{
return process(params, options);
return process(params);
}
catch (WebApplicationException e)
{
Expand Down Expand Up @@ -681,8 +692,7 @@ public IntrospectionResponse validate(
}



private AccessTokenInfo process(Params params, Options options) throws WebApplicationException
private AccessTokenInfo process(Params params) throws WebApplicationException
{
// Call Authlete's /api/auth/introspection API.
IntrospectionResponse response = getApiCaller().callIntrospection(
Expand All @@ -693,7 +703,7 @@ private AccessTokenInfo process(Params params, Options options) throws WebApplic
params.getDpop(),
params.getHtm(),
params.getHtu(),
options
params.getOptions()
);

// Handle the response from the /auth/introspection API.
Expand Down
157 changes: 115 additions & 42 deletions src/main/java/com/authlete/jakarta/AuthorizationDecisionHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ public static class Params implements Serializable
private String[] requestedClaimsForTx;
private StringArray[] requestedVerifiedClaimsForTx;
private boolean oldIdaFormatUsed;
private Options authzOptions;
private Options authzIssueOptions;
private Options authzFailOptions;


/**
Expand Down Expand Up @@ -430,12 +433,111 @@ public Params setOldIdaFormatUsed(boolean used)
}


/**
* Get the request options for {@code /api/auth/authorization} API.
*
* @return
* The request options for {@code /api/auth/authorization} API.
*
* @since 2.82
*/
public Options getAuthzOptions()
{
return authzOptions;
}


/**
* Set the request options for {@code /api/auth/authorization} API.
*
* @param options
* The request options for {@code /api/auth/authorization} API.
*
* @return
* {@code this} object.
*
* @since 2.82
*/
public Params setAuthzOptions(Options options)
{
authzOptions = options;

return this;
}


/**
* Get the request options for {@code /api/auth/authorization/issue} API.
*
* @return
* The request options for {@code /api/auth/authorization/issue} API.
*
* @since 2.82
*/
public Options getAuthzIssueOptions()
{
return authzIssueOptions;
}


/**
* Set the request options for {@code /api/auth/authorization/issue} API.
*
* @param options
* The request options for {@code /api/auth/authorization/issue} API.
*
* @return
* {@code this} object.
*
* @since 2.82
*/
public Params setAuthzIssueOptions(Options options)
{
authzIssueOptions = options;

return this;
}


/**
* Get the request options for {@code /api/auth/authorization/fail} API.
*
* @return
* The request options for {@code /api/auth/authorization/fail} API.
*
* @since 2.82
*/
public Options getAuthzFailOptions()
{
return authzFailOptions;
}


/**
* Set the request options for {@code /api/auth/authorization/fail} API.
*
* @param options
* The request options for {@code /api/auth/authorization/fail} API.
*
* @return
* {@code this} object.
*
* @since 2.82
*/
public Params setAuthzFailOptions(Options options)
{
authzFailOptions = options;

return this;
}


/**
* Create a {@link Params} instance from an instance of
* {@link AuthorizationResponse}.
*
* @param response
* An response from Authlete's {@code /api/auth/authorization} API.
* An response from Authlete's {@code /api/auth/authorization/issue} API.
*
* @return
* A new {@code Params} instance built from the response.
Expand Down Expand Up @@ -510,7 +612,7 @@ public Response handle(String ticket, String[] claimNames, String[] claimLocales

/**
* Handle an end-user's decision on an authorization request. This method is
* an alias of the {@link #handle(Params, Options, Options)} method.
* an alias of the {@link #handle(Params)} method.
*
* @param ticket
* A ticket that was issued by Authlete's {@code /api/auth/authorization} API.
Expand All @@ -535,8 +637,6 @@ public Response handle(String ticket, String[] claimNames, String[] claimLocales
*
* @throws WebApplicationException
* An error occurred.
*
* @since 2.82
*/
public Response handle(
String ticket, String[] claimNames, String[] claimLocales, Options authzIssueOpts,
Expand All @@ -546,15 +646,16 @@ public Response handle(
.setTicket(ticket)
.setClaimNames(claimNames)
.setClaimLocales(claimLocales)
.setAuthzIssueOptions(authzFailOpts)
.setAuthzFailOptions(authzFailOpts)
;

return handle(params, authzIssueOpts, authzFailOpts);
return handle(params);
}


/**
* Handle an end-user's decision on an authorization request. This method is
* an alias of {@link #handle(Params, Options, Options) handle}{@code (params, null, null)}.
* Handle an end-user's decision on an authorization request.
*
* @param params
* Parameters necessary to handle the decision.
Expand All @@ -569,39 +670,11 @@ public Response handle(
* @since 2.25
*/
public Response handle(Params params) throws WebApplicationException
{
return handle(params, null, null);
}


/**
* Handle an end-user's decision on an authorization request.
*
* @param params
* Parameters necessary to handle the decision.
*
* @param authzIssueOpts
* Request options for the {@code /api/auth/authorization/issue} API.
*
* @param authzFailOpts
* Request options for the {@code /api/auth/authorization/fail} API.
*
* @return
* A response to the client application. Basically, the response
* will trigger redirection to the client's redirection endpoint.
*
* @throws WebApplicationException
* An error occurred.
*
* @since 2.82
*/
public Response handle(
Params params, Options authzIssueOpts, Options authzFailOpts) throws WebApplicationException
{
try
{
// Process the end-user's decision.
return process(params, authzIssueOpts, authzFailOpts);
return process(params);
}
catch (WebApplicationException e)
{
Expand All @@ -618,13 +691,13 @@ public Response handle(
/**
* Process the end-user's decision.
*/
private Response process(Params params, Options authzIssueOpts, Options authzFailOpts)
private Response process(Params params)
{
// If the end-user did not grant authorization to the client application.
if (mSpi.isClientAuthorized() == false)
{
// The end-user denied the authorization request.
return fail(params.getTicket(), Reason.DENIED, authzFailOpts);
return fail(params.getTicket(), Reason.DENIED, params.getAuthzFailOptions());
}

// The subject (= unique identifier) of the end-user.
Expand All @@ -634,7 +707,7 @@ private Response process(Params params, Options authzIssueOpts, Options authzFai
if (subject == null || subject.length() == 0)
{
// The end-user is not authenticated.
return fail(params.getTicket(), Reason.NOT_AUTHENTICATED, authzFailOpts);
return fail(params.getTicket(), Reason.NOT_AUTHENTICATED, params.getAuthzFailOptions());
}

// the potentially pairwise subject of the end user
Expand Down Expand Up @@ -689,7 +762,7 @@ private Response process(Params params, Options authzIssueOpts, Options authzFai

// Authorize the authorization request.
return authorize(params.getTicket(), subject, authTime, acr, claims,
properties, scopes, sub, claimsForTx, verifiedClaimsForTx, authzIssueOpts);
properties, scopes, sub, claimsForTx, verifiedClaimsForTx, params.getAuthzIssueOptions());
}


Expand Down Expand Up @@ -1081,7 +1154,7 @@ private VerifiedClaimsCollector createVerifiedClaimsCollector()
* {@code verified_claims/claims}.
*
* @param options
* Request options.
* Request options for {@code /auth/authorization/issue} API.
*
* @return
* A response that should be returned to the client application.
Expand Down Expand Up @@ -1123,7 +1196,7 @@ private Response authorize(
* A reason of the failure of the authorization request.
*
* @param options
* Request options.
* Request options for {@code /auth/authorization/fail} API.
*
* @return
* A response that should be returned to the client application.
Expand Down
Loading

0 comments on commit 7db7113

Please sign in to comment.