org.pac4j.oidc.azuread

Class AzureAdClient

java.lang.Object

org.pac4j.core.util.InitializableWebObject

org.pac4j.core.client.BaseClient<C,U>

org.pac4j.core.client.IndirectClient<OidcCredentials,OidcProfile>

org.pac4j.oidc.client.OidcClient

org.pac4j.oidc.azuread.AzureAdClient

All Implemented Interfaces:

Cloneable, Client<OidcCredentials,OidcProfile>

public class AzureAdClient
extends OidcClient

A specialized OidcClient for authenticating againt Microsoft Azure AD. Microsoft Azure AD provides authentication for multiple tenants, or, when the tenant is not known prior to authentication, the speciall common-tenant. For a specific tenant, the following discovery URI must be used: https://login.microsoftonline.com/tenantid/.well-known/openid-configuration or https://login.microsoftonline.com/tenantid/v2.0/.well-known/openid-configuration for the Azure AD v2.0 preview. Replace tenantid with the ID of the tenant to authenticate against. To find this ID, fill in your tenant's domain name. Your tenant ID is the UUID in authorization_endpoint. For authentication against an unknown (or dynamic tenant), use common as ID. Authentication against the common endpoint results in a ID token with a issuer different from the issuer mentioned in the discovery data. This class uses to special validator to correctly validate the issuer returned by Azure AD.

Since:

1.8.3

Author:

Emond Papegaaij

Field Summary

Fields inherited from class org.pac4j.core.client.IndirectClient

ATTEMPTED_AUTHENTICATION_SUFFIX, callbackUrl, callbackUrlResolver, NEEDS_CLIENT_REDIRECTION_PARAMETER

Fields inherited from class org.pac4j.core.client.BaseClient

logger

Constructor Summary

Constructors

Constructor and Description
AzureAdClient()
AzureAdClient(String clientId, String secret, String discoveryURI)

Method Summary

Modifier and Type	Method and Description
protected com.nimbusds.oauth2.sdk.http.ResourceRetriever	createResourceRetriever()
protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator	createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, com.nimbusds.oauth2.sdk.id.ClientID clientID)

Methods inherited from class org.pac4j.oidc.client.OidcClient

addCustomParam, buildTokenRequest, buildUserInfoRequest, createHMACTokenValidator, getAuthParams, getClientAuthentication, getClientAuthenticationMethod, getClientID, getClientType, getConnectTimeout, getCustomParams, getDiscoveryURI, getIdTokenValidator, getMaxClockSkew, getPreferredJwsAlgorithm, getProviderMetadata, getReadTimeout, getRedirectURI, getScope, getSecret, internalInit, isDirectRedirection, isUseNonce, newClient, retrieveCredentials, retrieveRedirectAction, retrieveUserProfile, setClientAuthenticationMethod, setClientID, setConnectTimeout, setCustomParams, setDiscoveryURI, setMaxClockSkew, setPreferredJwsAlgorithm, setReadTimeout, setScope, setSecret, setUseNonce

Methods inherited from class org.pac4j.core.client.IndirectClient

computeFinalCallbackUrl, getAjaxRequestResolver, getCallbackUrl, getCallbackUrlResolver, getCredentials, getRedirectAction, getRedirectionUrl, getStateParameter, isIncludeClientNameInCallbackUrl, redirect, setAjaxRequestResolver, setCallbackUrl, setCallbackUrlResolver, setIncludeClientNameInCallbackUrl

Methods inherited from class org.pac4j.core.client.BaseClient

addAuthorizationGenerator, clone, getAuthorizationGenerators, getName, getUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString

Methods inherited from class org.pac4j.core.util.InitializableWebObject

init, reinit

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AzureAdClient

public AzureAdClient()

AzureAdClient

public AzureAdClient(String clientId,
                     String secret,
                     String discoveryURI)

Method Detail

createRSATokenValidator

protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
                                                                                              com.nimbusds.oauth2.sdk.id.ClientID clientID)
                                                                                       throws MalformedURLException

Overrides:

createRSATokenValidator in class OidcClient

Throws:

MalformedURLException

createResourceRetriever

protected com.nimbusds.oauth2.sdk.http.ResourceRetriever createResourceRetriever()

Overrides:

createResourceRetriever in class OidcClient