@ThreadSafe public interface SelfIssuedSAML2GrantHandler extends SAML2GrantHandler
authorisation
on success.
The handler should not specify access token lifetimes that exceed the validity period of the SAML 2.0 assertion by a significant period. The issue of refresh tokens is not permitted. Clients can refresh an expired access token by requesting a new one using the same assertion, if it is still valid, or with a new assertion.
Implementations must be thread-safe.
Related specifications:
GRANT_TYPE
Modifier and Type | Method and Description |
---|---|
SelfIssuedAssertionAuthorization |
processSelfIssuedGrant(org.opensaml.saml.saml2.core.Assertion assertion,
com.nimbusds.oauth2.sdk.Scope scope,
com.nimbusds.oauth2.sdk.id.ClientID clientID,
com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
Handles a self-issued SAML 2.0 bearer assertion grant by a client
registered with the Connect2id server.
|
getGrantType
SelfIssuedAssertionAuthorization processSelfIssuedGrant(org.opensaml.saml.saml2.core.Assertion assertion, com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata) throws com.nimbusds.oauth2.sdk.GeneralException
This method is called for SAML 2.0 assertion grants which fulfil all of the following conditions:
urn:ietf:params:oauth:grant-type:saml2-bearer
grant;
client_secret
or
jwks
/ jwks_uri
;
If the requested scope is invalid, unknown, malformed, or exceeds
the scope granted by the resource owner the handler must throw a
GeneralException
with an
invalid_scope
error code.
assertion
- The SAML 2.0 assertion. The audience,
expiration, not-before time and XML signature
are verified by the Connect2id server.
The issuer will equal the client_id. Not
null
.scope
- The requested scope, null
if not
specified.clientID
- The identifier of the authenticated client.
Not null
.clientMetadata
- The OAuth 2.0 / OpenID Connect metadata for
the client. Not null
.com.nimbusds.oauth2.sdk.GeneralException
- If the grant is invalid, or another
exception was encountered.Copyright © 2021 Connect2id Ltd.. All rights reserved.