Package com.guinetik.rr.auth

Class OAuth2AssertionStrategy

  • All Implemented Interfaces:
    AuthStrategy, RocketSSL.SSLAware
    public class OAuth2AssertionStrategy
extends AbstractOAuth2Strategy
    Authentication strategy that implements OAuth 2.0 assertion flow. This strategy implements a two-step OAuth flow: 1. Get an assertion from the Identity Provider endpoint by providing a private key; 2. Use the assertion to get the actual OAuth token from the token endpoint. This can be used with various identity providers like SAP, Azure AD, Okta, etc.

    • Constructor Detail

      • OAuth2AssertionStrategy

        public OAuth2AssertionStrategy​(String clientId,
                               String userId,
                               String privateKey,
                               String companyId,
                               String grantType,
                               String assertionUrl,
                               String tokenUrl)
        Creates a new OAuth 2.0 assertion strategy.
        Parameters:
        clientId - the OAuth client ID
        userId - the user ID
        privateKey - the private key for assertion
        companyId - the company ID (optional, can be null)
        grantType - the OAuth grant type
        assertionUrl - the assertion endpoint URL
        tokenUrl - the token endpoint URL

      • OAuth2AssertionStrategy

        public OAuth2AssertionStrategy​(String clientId,
                               String userId,
                               String privateKey,
                               String companyId,
                               String grantType,
                               String assertionUrl,
                               String tokenUrl,
                               Map<String,​String> additionalAssertionParams,
                               Map<String,​String> additionalTokenParams)
        Creates a new OAuth 2.0 assertion strategy with additional parameters.
        Parameters:
        clientId - the OAuth client ID
        userId - the user ID
        privateKey - the private key for assertion
        companyId - the company ID (optional, can be null)
        grantType - the OAuth grant type
        assertionUrl - the assertion endpoint URL
        tokenUrl - the token endpoint URL
        additionalAssertionParams - additional parameters for assertion request
        additionalTokenParams - additional parameters for token request

    • Method Detail

      • getType

        public AuthStrategy.AuthType getType()
        Description copied from interface: AuthStrategy
        Returns the auth type of this strategy.
        Returns:
        the authentication type

      • validateCredentials

        protected void validateCredentials()
        Validates that all required credentials are present.
        Specified by:
        validateCredentials in class AbstractOAuth2Strategy
        Throws:
        TokenRefreshException - if any of the required parameters (clientId, userId, privateKey, grantType, assertionUrl, or tokenUrl) are missing.

      • refreshCredentials

        public boolean refreshCredentials()
        Handles refreshing the authentication credentials for strategies that support it.

        This implementation handles the two-step OAuth 2.0 assertion flow:

        1. It first calls getAssertion() to obtain an assertion from the configured assertion URL.
        2. Then, it uses this assertion along with other parameters (clientId, userId, grantType, companyId if present) to call the super.refreshCredentials() method, which performs the actual token request to the configured token URL.
        Specified by:
        refreshCredentials in interface AuthStrategy
        Overrides:
        refreshCredentials in class AbstractOAuth2Strategy
        Returns:
        true if the token was successfully refreshed, false otherwise.
        Throws:
        TokenRefreshException - if token refresh fails at any step.

      • prepareTokenRequestParams

        protected Map<String,​String> prepareTokenRequestParams()
        Prepares the parameters for the token request.

        Prepares parameters for the token request part of the assertion flow. This method is typically called by the parent class's refreshToken method. It includes clientId, userId, grantType, and companyId (if available). The assertion itself is expected to have been added to additionalParams by the overridden refreshCredentials() method before this is called.

        Specified by:
        prepareTokenRequestParams in class AbstractOAuth2Strategy
        Returns:
        map of parameters to include in the token request