Package org.springframework.security.oauth2.server.authorization.oidc.authentication

Class OidcClientRegistrationAuthenticationProvider

java.lang.Object

org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcClientRegistrationAuthenticationProvider

All Implemented Interfaces:

AuthenticationProvider

public final class OidcClientRegistrationAuthenticationProvider
extends Object
implements AuthenticationProvider

An AuthenticationProvider implementation for OpenID Connect 1.0 Dynamic Client Registration Endpoint.

Since:

7.0

See Also:

• RegisteredClientRepository
• OAuth2AuthorizationService
• OAuth2TokenGenerator
• OidcClientRegistrationAuthenticationToken
• OidcClientConfigurationAuthenticationProvider
• PasswordEncoder
• 3. Client Registration Endpoint

Constructor Summary

Constructors

Constructor	Description
OidcClientRegistrationAuthenticationProvider(RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator)	Constructs an OidcClientRegistrationAuthenticationProvider using the provided parameters.

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication authentication)	Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
void	setClientRegistrationConverter(org.springframework.core.convert.converter.Converter<RegisteredClient,OidcClientRegistration> clientRegistrationConverter)	Sets the Converter used for converting a RegisteredClient to an OidcClientRegistration.
void	setPasswordEncoder(PasswordEncoder passwordEncoder)	Sets the PasswordEncoder used to encode the client secret.
void	setRegisteredClientConverter(org.springframework.core.convert.converter.Converter<OidcClientRegistration,RegisteredClient> registeredClientConverter)	Sets the Converter used for converting an OidcClientRegistration to a RegisteredClient.
boolean	supports(Class<?> authentication)	Returns true if this AuthenticationProvider supports the indicated Authentication object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OidcClientRegistrationAuthenticationProvider

public OidcClientRegistrationAuthenticationProvider(RegisteredClientRepository registeredClientRepository,
 OAuth2AuthorizationService authorizationService,
 OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator)

Constructs an OidcClientRegistrationAuthenticationProvider using the provided parameters.

Parameters:

registeredClientRepository - the repository of registered clients

authorizationService - the authorization service

tokenGenerator - the token generator

Method Details

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException

Description copied from interface: AuthenticationProvider

Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

authentication - the authentication request object.

Returns:

a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.

Throws:

AuthenticationException - if authentication fails.

supports

public boolean supports(Class<?> authentication)

Description copied from interface: AuthenticationProvider

Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented Authentication object. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:

supports in interface AuthenticationProvider

Returns:

true if the implementation can more closely evaluate the Authentication class presented

setRegisteredClientConverter

public void setRegisteredClientConverter(org.springframework.core.convert.converter.Converter<OidcClientRegistration,RegisteredClient> registeredClientConverter)

Sets the Converter used for converting an OidcClientRegistration to a RegisteredClient.

Parameters:

registeredClientConverter - the Converter used for converting an OidcClientRegistration to a RegisteredClient

setClientRegistrationConverter

public void setClientRegistrationConverter(org.springframework.core.convert.converter.Converter<RegisteredClient,OidcClientRegistration> clientRegistrationConverter)

Sets the Converter used for converting a RegisteredClient to an OidcClientRegistration.

Parameters:

clientRegistrationConverter - the Converter used for converting a RegisteredClient to an OidcClientRegistration

setPasswordEncoder

public void setPasswordEncoder(PasswordEncoder passwordEncoder)

Sets the PasswordEncoder used to encode the client secret. If not set, the client secret will be encoded using PasswordEncoderFactories.createDelegatingPasswordEncoder().

Parameters:

passwordEncoder - the PasswordEncoder used to encode the client secret