github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated Token Introspecting Client Config (markdown)

master
Justin Richer 2013-09-12 14:18:41 -07:00
parent 985cb03fa3
commit 87578504ea
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Token-Introspecting-Client-Config.md

@ -1,4 +1,4 @@
The following code sets up a filter to take a token passed in to the web application, and fill in the details as an `OAuth2Authentication` object by introspecting it at a configured issuer's Introspection Endpoint. The URL for the Introspection Endpoint is provided by the configured `introspectionUrlProvider` service. The token service authenticates its calls using the `clientId` and `clientSecret` properties.
The following code sets up a filter to take a token passed in to the web application, and fill in the details as an `OAuth2Authentication` object by introspecting it at a configured issuer's Introspection Endpoint. The URL for the Introspection Endpoint is provided by the configured `introspectionConfigurationService` property.
If the token is valid, the service creates an `Authentication` object with the user in the `sub` object as its principle. This `Authentication` is given a set of `GrantedAuthorities` provided by the configured `introspectionAuthorityGranter` service.
@ -6,9 +6,7 @@ In applicationContext.xml:
```
<oauth:resource-server id="resourceServerFilter" token-services-ref="introspectingService" />
<bean id="introspectingService" class="org.mitre.oauth2.introspectingfilter.IntrospectingTokenService">
<property name="clientId" value="yourClientId"/>
<property name="clientSecret" value="yourClientSecret"/>
<property name="introspectionUrlProvider">
<property name="introspectionConfigurationService">
...
</property>
<property name="introspectionAuthorityGranter">
@ -17,29 +15,38 @@ In applicationContext.xml:
</bean>
```
## Introspection URL Providers
## Introspection Configuration Service
The `IntrospectionURLProvider` interface looks at the context of the request and returns a URL to which the token service can make its introspection call.
The `Introspection Configuration Service` interface looks at the context of the request and returns a URL to which the token service can make its introspection call.
### Static Introspection URL Provider
### Static Introspection Configuration Service
The static provider simply returns the same configured URL for all requests, regardless of context.
The static provider simply returns the same configured URL and the same configured client for all requests, regardless of context.
```
<bean class="org.mitre.oauth2.introspectingfilter.StaticIntrospectionUrlProvider">
<property name="introspectionUrl" value="http://authserver/introspect" />
<property name="clientConfiguration">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="yourClientId"/>
<property name="clientSecret" value="yourClientSecret"/>
</bean>
</property>
</bean>
```
### JWT-Parsing Introspection URL Provider
The JWT-parsing provider assumes that the access token is a properly formed JWT and parses the token value into a JWT object. The provider then extracts the `iss` field and looks up the introspection URL using the configured `serverConfigurationService`. This service the same as that described in [Client Configuration](Client-configuration#server-configuration).
The JWT-parsing provider assumes that the access token is a properly formed JWT and parses the token value into a JWT object. The provider then extracts the `iss` field and looks up the introspection URL using the configured `serverConfigurationService` and `clientConfigurationService`. These services are the same as described in [Client Configuration/server service configuration](Client-configuration#server-configuration) and [Client Configuration/client service configuration](Client-configuration#client-configuration).
```
<bean class="org.mitre.oauth2.introspectingfilter.JWTParsingIntrospectionUrlProvider">
<property name="serverConfigurationService">
...
</property>
<property name="clientConfigurationService">
...
</property>
</bean>
```