Package com.oracle.bmc.auth.internal

Class AbstractFederationClient

    • Field Detail

      • resourcePrincipalTokenClient

        protected final com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient

      • federationClient

        protected final com.oracle.bmc.http.client.HttpClient federationClient

    • Constructor Detail

      • AbstractFederationClient

        public AbstractFederationClient​(String resourcePrincipalTokenEndpoint,
                                String federationEndpoint,
                                SessionKeySupplier sessionKeySupplier,
                                BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider,
                                ClientConfigurator clientConfigurator,
                                CircuitBreakerConfiguration circuitBreakerConfiguration)
        Constructor of AbstractFederationClient.
        Parameters:
        resourcePrincipalTokenEndpoint - the endpoint that can provide the resource principal token.
        federationEndpoint - the endpoint that can provide the resource principal session token.
        sessionKeySupplier - the session key supplier.
        basicAuthenticationDetailsProvider - the instance principals authentication details provider.
        clientConfigurator - the reset client configurator.

      • AbstractFederationClient

        public AbstractFederationClient​(String resourcePrincipalTokenEndpoint,
                                String federationEndpoint,
                                SessionKeySupplier sessionKeySupplier,
                                BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider,
                                ClientConfigurator clientConfigurator,
                                CircuitBreakerConfiguration circuitBreakerConfiguration,
                                List<ClientConfigurator> additionalCLientConfigurators)
        Constructor of AbstractFederationClient.
        Parameters:
        resourcePrincipalTokenEndpoint - the endpoint that can provide the resource principal token.
        federationEndpoint - the endpoint that can provide the resource principal session token.
        sessionKeySupplier - the session key supplier.
        basicAuthenticationDetailsProvider - the instance principals authentication details provider.
        clientConfigurator - the reset client configurator.

      • AbstractFederationClient

        public AbstractFederationClient​(String resourcePrincipalTokenUrl,
                                String resourcePrincipalTokenEndpoint,
                                String federationEndpoint,
                                SessionKeySupplier sessionKeySupplier,
                                BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider,
                                ClientConfigurator clientConfigurator,
                                CircuitBreakerConfiguration circuitBreakerConfiguration,
                                List<ClientConfigurator> additionalCLientConfigurators)
        Constructor of AbstractFederationClient.
        Parameters:
        resourcePrincipalTokenUrl - the complete url that can provide the resource principal token.
        resourcePrincipalTokenEndpoint - the endpoint that can provide the resource principal token.
        federationEndpoint - the endpoint that can provide the resource principal session token.
        sessionKeySupplier - the session key supplier.
        basicAuthenticationDetailsProvider - the instance principals authentication details provider.
        clientConfigurator - the reset client configurator.

    • Method Detail

      • makeClient

        protected com.oracle.bmc.http.client.HttpClient makeClient​(String endpoint,
                                                           RequestSigner requestSigner)

      • getSecurityToken

        public String getSecurityToken()
        Gets a security token from the federation endpoint.

        May use a cached token if it judged to still be valid.

        Specified by:
        getSecurityToken in interface FederationClient
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityToken

        public String refreshAndGetSecurityToken()
        Gets a security token from the federation endpoint.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityToken in interface FederationClient
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenIfExpiringWithin

        public String refreshAndGetSecurityTokenIfExpiringWithin​(Duration time,
                                                         boolean refreshKeys)
        Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh
        Parameters:
        time - the duration to check
        refreshKeys - boolean value to enable/disable refresh of keys
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenIfExpiringWithin

        public String refreshAndGetSecurityTokenIfExpiringWithin​(Duration time)
        Gets a security token from the federation endpoint.

        This will always retrieve a new token from the federation endpoint and does not use a cached token.

        Specified by:
        refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh
        Parameters:
        time - the duration to check
        Returns:
        A security token that can be used to authenticate requests.

      • refreshAndGetSecurityTokenInner

        protected String refreshAndGetSecurityTokenInner​(boolean doFinalTokenValidityCheck,
                                                 Optional<Duration> time,
                                                 boolean refreshKeys)

      • getSecurityTokenFromServer

        protected abstract SecurityTokenAdapter getSecurityTokenFromServer()
        Gets a security token from the federation server
        Returns:
        the security token, which is basically a JWT token string

      • getStringClaim

        public String getStringClaim​(String key)
        Get a claim embedded in the security token.

        May use the cached token if it is judged to still be valid.

        Specified by:
        getStringClaim in interface FederationClient

      • getSecurityTokenAdapter

        protected SecurityTokenAdapter getSecurityTokenAdapter()
        Get securityTokenAdapter
        Returns:
        securityTokenAdapter