public class AzureAdClient extends OidcClient
OidcClient
for authenticating againt Microsoft Azure AD. Microsoft Azure
AD provides authentication for multiple tenants, or, when the tenant is not known prior to
authentication, the speciall common-tenant. For a specific tenant, the following discovery URI
must be used:
https://login.microsoftonline.com/tenantid/.well-known/openid-configuration
or
https://login.microsoftonline.com/tenantid/v2.0/.well-known/openid-configuration
for the
Azure AD v2.0 preview. Replace tenantid
with the ID of the tenant to authenticate
against. To find this ID, fill in your tenant's domain name. Your tenant ID is the UUID in
authorization_endpoint
.
For authentication against an unknown (or dynamic tenant), use common
as ID.
Authentication against the common endpoint results in a ID token with a issuer
different
from the issuer
mentioned in the discovery data. This class uses to special validator
to correctly validate the issuer returned by Azure AD.ATTEMPTED_AUTHENTICATION_SUFFIX, callbackUrl, callbackUrlResolver, NEEDS_CLIENT_REDIRECTION_PARAMETER
logger
Constructor and Description |
---|
AzureAdClient() |
AzureAdClient(String clientId,
String secret,
String discoveryURI) |
Modifier and Type | Method and Description |
---|---|
protected com.nimbusds.oauth2.sdk.http.ResourceRetriever |
createResourceRetriever() |
protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator |
createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm,
com.nimbusds.oauth2.sdk.id.ClientID clientID) |
addCustomParam, buildTokenRequest, buildUserInfoRequest, createHMACTokenValidator, getAuthParams, getClientAuthentication, getClientAuthenticationMethod, getClientID, getClientType, getConnectTimeout, getCustomParams, getDiscoveryURI, getIdTokenValidator, getMaxClockSkew, getPreferredJwsAlgorithm, getProviderMetadata, getReadTimeout, getRedirectURI, getScope, getSecret, internalInit, isDirectRedirection, isUseNonce, newClient, retrieveCredentials, retrieveRedirectAction, retrieveUserProfile, setClientAuthenticationMethod, setClientID, setConnectTimeout, setCustomParams, setDiscoveryURI, setMaxClockSkew, setPreferredJwsAlgorithm, setReadTimeout, setScope, setSecret, setUseNonce
computeFinalCallbackUrl, getAjaxRequestResolver, getCallbackUrl, getCallbackUrlResolver, getCredentials, getRedirectAction, getRedirectionUrl, getStateParameter, isIncludeClientNameInCallbackUrl, redirect, setAjaxRequestResolver, setCallbackUrl, setCallbackUrlResolver, setIncludeClientNameInCallbackUrl
addAuthorizationGenerator, clone, getAuthorizationGenerators, getName, getUserProfile, setAuthorizationGenerator, setAuthorizationGenerators, setAuthorizationGenerators, setName, toString
init, reinit
protected com.nimbusds.openid.connect.sdk.validators.IDTokenValidator createRSATokenValidator(com.nimbusds.jose.JWSAlgorithm jwsAlgorithm, com.nimbusds.oauth2.sdk.id.ClientID clientID) throws MalformedURLException
createRSATokenValidator
in class OidcClient
MalformedURLException
protected com.nimbusds.oauth2.sdk.http.ResourceRetriever createResourceRetriever()
createResourceRetriever
in class OidcClient
Copyright © 2016. All rights reserved.