org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl の継承関係図

org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl 連携図

公開メンバ関数
Response	requestAuthorizationGet (String scope, String responseType, String clientId, String redirectUri, String state, String responseMode, String nonce, String display, String prompt, Integer maxAge, String uiLocales, String idTokenHint, String loginHint, String acrValues, String amrValues, String request, String requestUri, String requestSessionId, String sessionId, String accessToken, String originHeaders, String codeChallenge, String codeChallengeMethod, String customResponseHeaders, String claims, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext securityContext)

Response	requestAuthorizationPost (String scope, String responseType, String clientId, String redirectUri, String state, String responseMode, String nonce, String display, String prompt, Integer maxAge, String uiLocales, String idTokenHint, String loginHint, String acrValues, String amrValues, String request, String requestUri, String requestSessionId, String sessionId, String accessToken, String originHeaders, String codeChallenge, String codeChallengeMethod, String customResponseHeaders, String claims, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext securityContext)

Response	requestAuthorization (String scope, String responseType, String clientId, String redirectUri, String state, String respMode, String nonce, String display, String prompt, Integer maxAge, String uiLocalesStr, String idTokenHint, String loginHint, String acrValuesStr, String amrValuesStr, String request, String requestUri, String requestSessionId, String sessionId, String accessToken, String method, String originHeaders, String codeChallenge, String codeChallengeMethod, String customRespHeaders, String claims, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SecurityContext securityContext)

Response	requestAuthorizationGet ( @QueryParam("scope") @ApiParam(value="OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.", required=true) String scope, @QueryParam("response_type") @ApiParam(value="OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code. ", required=true) String responseType, @QueryParam("client_id") @ApiParam(value="OAuth 2.0 Client Identifier valid at the Authorization Server.", required=true) String clientId, @QueryParam("redirect_uri") @ApiParam(value="Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider", required=true) String redirectUri, @QueryParam("state") @ApiParam(value="Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. ", required=false) String state, @QueryParam("response_mode") @ApiParam(value="Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type. ", required=false) String responseMode, @QueryParam("nonce") @ApiParam(value="String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authorization Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.", required=false) String nonce, @QueryParam("display") @ApiParam(value="ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page, popup, touch, wap", required=false) String display, @QueryParam("prompt") @ApiParam(value="Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none, login, consent, select_account", required=false) String prompt, @QueryParam("max_age") @ApiParam(value="Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value. ", required=false) Integer maxAge, @QueryParam("ui_locales") @ApiParam(value="End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \r-CA fr en\represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. ", required=false) String uiLocales, @QueryParam("id_token_hint") @ApiParam(value="ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. If the End-User identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it SHOULD return an error, such as login_required. When possible, an id_token_hint SHOULD be present when prompt=none is used and an invalid_request error MAY be returned if it is not; however, the server SHOULD respond successfully when possible, even if it is not present. The Authorization Server need not be listed as an audience of the ID Token when it is used as an id_token_hint value. ", required=false) String idTokenHint, @QueryParam("login_hint") @ApiParam(value="Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is left to the OP's discretion. ", required=false) String loginHint, @QueryParam("acr_values") @ApiParam(value="Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication Context Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. ", required=false) String acrValues, @QueryParam("amr_values") @ApiParam(value="AMR Values", required=false) String amrValues, @QueryParam("request") @ApiParam(value="This parameter enables OpenID Connect requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a Request Object value, as specified in Section 6.1. It represents the request as a JWT whose Claims are the request parameters.", required=false) String request, @QueryParam("request_uri") @ApiParam(value="This parameter enables OpenID Connect requests to be passed by reference, rather than by value. The request_uri value is a URL using the https scheme referencing a resource containing a Request Object value, which is a JWT containing the request parameters. ", required=false) String requestUri, @QueryParam("request_session_id") @ApiParam(value="Request session id", required=false) String requestSessionId, @QueryParam("session_id") @ApiParam(value="Session id of this call", required=false) String sessionId, @QueryParam("access_token") @ApiParam(value="Access token", required=false) String accessToken, @QueryParam("origin_headers") @ApiParam(value="Origin headers. Used in custom workflows.", required=false) String originHeaders, @QueryParam("code_challenge") @ApiParam(value="PKCE code challenge.", required=false) String codeChallenge, @QueryParam("code_challenge_method") @ApiParam(value="PKCE code challenge method.", required=false) String codeChallengeMethod, @QueryParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) @ApiParam(value="Custom Response Headers.", required=false) String customResponseHeaders, @QueryParam("claims") @ApiParam(value="Requested Claims.", required=false) String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext)

Response	requestAuthorizationPost ( @FormParam("scope") @ApiParam(value="OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.", required=true) String scope, @FormParam("response_type") @ApiParam(value="OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code. ", required=true) String responseType, @FormParam("client_id") @ApiParam(value="OAuth 2.0 Client Identifier valid at the Authorization Server. ", required=true) String clientId, @FormParam("redirect_uri") @ApiParam(value="Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider", required=true) String redirectUri, @FormParam("state") @ApiParam(value="Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. ", required=false) String state, @QueryParam("response_mode") @ApiParam(value="Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type. ", required=false) String responseMode, @FormParam("nonce") @ApiParam(value="String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authorization Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.", required=false) String nonce, @FormParam("display") @ApiParam(value="ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page, popup, touch, wap", required=false) String display, @FormParam("prompt") @ApiParam(value="Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none, login, consent, select_account", required=false) String prompt, @FormParam("max_age") @ApiParam(value="Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value. ", required=false) Integer maxAge, @FormParam("ui_locales") @ApiParam(value="End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \r-CA fr en\represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. ", required=false) String uiLocales, @FormParam("id_token_hint") @ApiParam(value="ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. If the End-User identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it SHOULD return an error, such as login_required. When possible, an id_token_hint SHOULD be present when prompt=none is used and an invalid_request error MAY be returned if it is not; however, the server SHOULD respond successfully when possible, even if it is not present. The Authorization Server need not be listed as an audience of the ID Token when it is used as an id_token_hint value. ", required=false) String idTokenHint, @FormParam("login_hint") @ApiParam(value="Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is left to the OP's discretion. ", required=false) String loginHint, @FormParam("acr_values") @ApiParam(value="Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication Context Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. ", required=false) String acrValues, @FormParam("amr_values") @ApiParam(value="AMR Values", required=false) String amrValues, @FormParam("request") @ApiParam(value="This parameter enables OpenID Connect requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a Request Object value, as specified in Section 6.1. It represents the request as a JWT whose Claims are the request parameters.", required=false) String request, @FormParam("request_uri") @ApiParam(value="This parameter enables OpenID Connect requests to be passed by reference, rather than by value. The request_uri value is a URL using the https scheme referencing a resource containing a Request Object value, which is a JWT containing the request parameters. ", required=false) String requestUri, @FormParam("request_session_id") @ApiParam(value="Request session id", required=false) String requestSessionId, @FormParam("session_id") @ApiParam(value="Session id of this call", required=false) String sessionId, @FormParam("access_token") @ApiParam(value="Access token", required=false) String accessToken, @FormParam("origin_headers") @ApiParam(value="Origin headers. Used in custom workflows.", required=false) String originHeaders, @QueryParam("code_challenge") @ApiParam(value="PKCE code challenge.", required=false) String codeChallenge, @QueryParam("code_challenge_method") @ApiParam(value="PKCE code challenge method.", required=false) String codeChallengeMethod, @QueryParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) @ApiParam(value="Custom Response Headers.", required=false) String customResponseHeaders, @QueryParam("claims") @ApiParam(value="Requested Claims.", required=false) String claims, @Context HttpServletRequest httpRequest, @Context HttpServletResponse httpResponse, @Context SecurityContext securityContext)

非公開メンバ関数
void	overrideUnauthenticatedSessionParameters (HttpServletRequest httpRequest, List< Prompt > prompts)

Map< String, String >	getGenericRequestMap (HttpServletRequest httpRequest)

ResponseBuilder	error (Response.Status p_status, AuthorizeErrorResponseType p_type, String p_state)

void	redirectToAuthorizationPage (RedirectUri redirectUriResponse, List< ResponseType > responseTypes, String scope, String clientId, String redirectUri, String state, ResponseMode responseMode, String nonce, String display, List< Prompt > prompts, Integer maxAge, List< String > uiLocales, String idTokenHint, String loginHint, List< String > acrValues, List< String > amrValues, String request, String requestUri, String originHeaders, String codeChallenge, String codeChallengeMethod, String sessionId, String claims, Map< String, String > customParameters)

void	endSession (String sessionId, HttpServletRequest httpRequest, HttpServletResponse httpResponse)

詳解

Implementation for request authorization through REST web services.

著者: Javier Rojas Blum

バージョン: January 17, 2018

関数詳解

◆ endSession()

void org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.endSession	(	String	sessionId,
		HttpServletRequest	httpRequest,
		HttpServletResponse	httpResponse
	)

inlineprivate

                                                                                                                 {
         SessionId sessionUser = identity.getSessionId();
 
         identity.logout();
 
         if (sessionUser != null) {
             sessionUser.setUserDn(null);
             sessionUser.setAuthenticationTime(null);
         }
 
 
         String id = sessionId;
         if (StringHelper.isEmpty(id)) {
             id = sessionIdService.getSessionIdFromCookie(httpRequest);
         }
 
         if (StringHelper.isNotEmpty(id)) {
             SessionId ldapSessionId = sessionIdService.getSessionId(id);
             if (ldapSessionId != null) {
                 boolean result = sessionIdService.remove(ldapSessionId);
                 if (!result) {
                     log.error("Failed to remove session_id '{}' from LDAP", id);
                 }
             } else {
                 log.error("Failed to load session from LDAP by session_id: '{}'", id);
             }
         }
 
         sessionIdService.removeSessionIdCookie(httpResponse);
     }

◆ error()

ResponseBuilder org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.error	(	Response.Status	p_status,
		AuthorizeErrorResponseType	p_type,
		String	p_state
	)

inlineprivate

                                                                                                                {
         return Response.status(p_status.getStatusCode()).entity(errorResponseFactory.getErrorAsJson(p_type, p_state));
     }

◆ getGenericRequestMap()

Map<String, String> org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.getGenericRequestMap ( HttpServletRequest httpRequest )

inlineprivate

                                                                                      {
         Map<String, String> result = new HashMap<String, String>();
         for (Entry<String, String[]> entry : httpRequest.getParameterMap().entrySet()) {
             result.put(entry.getKey(), entry.getValue()[0]);
         }
 
         return result;
     }

◆ overrideUnauthenticatedSessionParameters()

void org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.overrideUnauthenticatedSessionParameters	(	HttpServletRequest	httpRequest,
		List< Prompt >	prompts
	)

inlineprivate

1) https://ce-dev.gluu.org/oxauth/authorize -> session created with parameter list 1 2) https://ce-dev.gluu.org/oxauth/restv1/authorize -> with parameter list 2

Second call will try to reuse session data from call 1 (parameter list1). Here we overriding them.

引数

httpRequest	http request
prompts	prompts

                                                                                                                 {
         SessionId sessionUser = identity.getSessionId();
         if (sessionUser != null && sessionUser.getState() != SessionIdState.AUTHENTICATED) {
             Map<String, String> genericRequestMap = getGenericRequestMap(httpRequest);
 
             Map<String, String> parameterMap = Maps.newHashMap(genericRequestMap);
             Map<String, String> requestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
 
             sessionUser.setUserDn(null);
             sessionUser.setSessionAttributes(requestParameterMap);
             boolean persisted = sessionIdService.persistSessionId(sessionUser, !prompts.contains(Prompt.NONE));
             if (persisted) {
                 if (log.isTraceEnabled()) {
                     log.trace("Session '{}' persisted to LDAP", sessionUser.getId());
                 }
             } else {
                 log.error("Failed to persisted session: {}", sessionUser.getId());
             }
         }
     }

◆ redirectToAuthorizationPage()

void org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.redirectToAuthorizationPage	(	RedirectUri	redirectUriResponse,
		List< ResponseType >	responseTypes,
		String	scope,
		String	clientId,
		String	redirectUri,
		String	state,
		ResponseMode	responseMode,
		String	nonce,
		String	display,
		List< Prompt >	prompts,
		Integer	maxAge,
		List< String >	uiLocales,
		String	idTokenHint,
		String	loginHint,
		List< String >	acrValues,
		List< String >	amrValues,
		String	request,
		String	requestUri,
		String	originHeaders,
		String	codeChallenge,
		String	codeChallengeMethod,
		String	sessionId,
		String	claims,
		Map< String, String >	customParameters
	)

inlineprivate

                                                   {
 
         redirectUriResponse.setBaseRedirectUri(appConfiguration.getAuthorizationPage());
         redirectUriResponse.setResponseMode(ResponseMode.QUERY);
 
         // oAuth parameters
         String responseType = implode(responseTypes, " ");
         if (StringUtils.isNotBlank(responseType)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.RESPONSE_TYPE, responseType);
         }
         if (StringUtils.isNotBlank(scope)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.SCOPE, scope);
         }
         if (StringUtils.isNotBlank(clientId)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.CLIENT_ID, clientId);
         }
         if (StringUtils.isNotBlank(redirectUri)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.REDIRECT_URI, redirectUri);
         }
         if (StringUtils.isNotBlank(state)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.STATE, state);
         }
         if (responseMode != null) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.RESPONSE_MODE, responseMode.getParamName());
         }
 
         // OIC parameters
         if (StringUtils.isNotBlank(nonce)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.NONCE, nonce);
         }
         if (StringUtils.isNotBlank(display)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.DISPLAY, display);
         }
         String prompt = implode(prompts, " ");
         if (StringUtils.isNotBlank(prompt)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.PROMPT, prompt);
         }
         if (maxAge != null) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.MAX_AGE, maxAge.toString());
         }
         String uiLocalesStr = implode(uiLocales, " ");
         if (StringUtils.isNotBlank(uiLocalesStr)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.UI_LOCALES, uiLocalesStr);
         }
         if (StringUtils.isNotBlank(idTokenHint)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.ID_TOKEN_HINT, idTokenHint);
         }
         if (StringUtils.isNotBlank(loginHint)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.LOGIN_HINT, loginHint);
         }
         String acrValuesStr = implode(acrValues, " ");
         if (StringUtils.isNotBlank(acrValuesStr)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.ACR_VALUES, acrValuesStr);
         }
         String amrValuesStr = implode(amrValues, " ");
         if (StringUtils.isNotBlank(amrValuesStr)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.AMR_VALUES, amrValuesStr);
         }
         if (StringUtils.isNotBlank(request)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.REQUEST, request);
         }
         if (StringUtils.isNotBlank(requestUri)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.REQUEST_URI, requestUri);
         }
         if (StringUtils.isNotBlank(codeChallenge)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.CODE_CHALLENGE, codeChallenge);
         }
         if (StringUtils.isNotBlank(codeChallengeMethod)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.CODE_CHALLENGE_METHOD, codeChallengeMethod);
         }
         if (StringUtils.isNotBlank(sessionId)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.SESSION_ID, sessionId);
         }
         if (StringUtils.isNotBlank(claims)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.CLAIMS, claims);
         }
 
         // mod_ox param
         if (StringUtils.isNotBlank(originHeaders)) {
             redirectUriResponse.addResponseParameter(AuthorizeRequestParam.ORIGIN_HEADERS, originHeaders);
         }
 
         if (customParameters != null && customParameters.size() > 0) {
             for (Map.Entry<String, String> entry : customParameters.entrySet()) {
                 redirectUriResponse.addResponseParameter(entry.getKey(), entry.getValue());
             }
         }
     }

◆ requestAuthorization()

Response org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization	(	String	scope,
		String	responseType,
		String	clientId,
		String	redirectUri,
		String	state,
		String	respMode,
		String	nonce,
		String	display,
		String	prompt,
		Integer	maxAge,
		String	uiLocalesStr,
		String	idTokenHint,
		String	loginHint,
		String	acrValuesStr,
		String	amrValuesStr,
		String	request,
		String	requestUri,
		String	requestSessionId,
		String	sessionId,
		String	accessToken,
		String	method,
		String	originHeaders,
		String	codeChallenge,
		String	codeChallengeMethod,
		String	customRespHeaders,
		String	claims,
		HttpServletRequest	httpRequest,
		HttpServletResponse	httpResponse,
		SecurityContext	securityContext
	)

inline

                                                                                                                {
         scope = ServerUtil.urlDecode(scope); // it may be encoded in uma case
 
         String tokenBindingHeader = httpRequest.getHeader("Sec-Token-Binding");
 
         OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(ServerUtil.getIpAddress(httpRequest), Action.USER_AUTHORIZATION);
         oAuth2AuditLog.setClientId(clientId);
         oAuth2AuditLog.setScope(scope);
 
         // ATTENTION : please do not add more parameter in this debug method because it will not work with Seam 2.2.2.Final ,
         // there is limit of 10 parameters (hardcoded), see: org.jboss.seam.core.Interpolator#interpolate
         log.debug("Attempting to request authorization: "
                         + "responseType = {}, clientId = {}, scope = {}, redirectUri = {}, nonce = {}, "
                         + "state = {}, request = {}, isSecure = {}, requestSessionId = {}, sessionId = {}",
                 responseType, clientId, scope, redirectUri, nonce,
                 state, request, securityContext.isSecure(), requestSessionId, sessionId);
 
         log.debug("Attempting to request authorization: "
                         + "acrValues = {}, amrValues = {}, originHeaders = {}, codeChallenge = {}, codeChallengeMethod = {}, "
                         + "customRespHeaders = {}, claims = {}, tokenBindingHeader = {}",
                 acrValuesStr, amrValuesStr, originHeaders, codeChallenge, codeChallengeMethod, customRespHeaders, claims, tokenBindingHeader);
 
         ResponseBuilder builder = Response.ok();
 
         List<String> uiLocales = null;
         if (StringUtils.isNotBlank(uiLocalesStr)) {
             uiLocales = Util.splittedStringAsList(uiLocalesStr, " ");
         }
 
         List<ResponseType> responseTypes = ResponseType.fromString(responseType, " ");
         List<Prompt> prompts = Prompt.fromString(prompt, " ");
         List<String> acrValues = Util.splittedStringAsList(acrValuesStr, " ");
         List<String> amrValues = Util.splittedStringAsList(amrValuesStr, " ");
 
         ResponseMode responseMode = ResponseMode.getByValue(respMode);
 
         Map<String, String> customParameters = requestParameterService.getCustomParameters(
                 QueryStringDecoder.decode(httpRequest.getQueryString()));
 
         SessionId sessionUser = identity.getSessionId();
         User user = sessionUser != null && StringUtils.isNotBlank(sessionUser.getUserDn()) ?
                 userService.getUserByDn(sessionUser.getUserDn()) : null;
 
         try {
             Map<String, String> customResponseHeaders = Util.jsonObjectArrayStringAsMap(customRespHeaders);
 
             try {
                 sessionIdService.assertAuthenticatedSessionCorrespondsToNewRequest(sessionUser, acrValuesStr);
             } catch (AcrChangedException e) { // Acr changed
                 //See https://github.com/GluuFederation/oxTrust/issues/797
                 if (e.isForceReAuthentication()) {
                     if (!prompts.contains(Prompt.LOGIN)) {
                         log.info("ACR is changed, adding prompt=login to prompts");
                         prompts.add(Prompt.LOGIN);
                         //Override prompt in session
                         sessionUser.getSessionAttributes().put("prompt", org.xdi.oxauth.model.util.StringUtils.implode(prompts, " "));
                     }
                 } else {
                     throw e;
                 }
             }
 
             if (!AuthorizeParamsValidator.validateParams(responseType, clientId, prompts, nonce, request, requestUri)) {
                 if (clientId != null && redirectUri != null && redirectionUriService.validateRedirectionUri(clientId, redirectUri) != null) {
                     RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
                     redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                             AuthorizeErrorResponseType.INVALID_REQUEST, state));
 
                     builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                 } else {
                     builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode()); // 400
                     builder.entity(errorResponseFactory.getErrorAsJson(
                             AuthorizeErrorResponseType.INVALID_REQUEST, state));
                 }
             } else {
                 Client client = clientService.getClient(clientId);
                 if (CollectionUtils.isEmpty(acrValues) && client != null && !ArrayUtils.isEmpty(client.getDefaultAcrValues())) {
                     acrValues = new ArrayList<String>();
                     acrValues.addAll(Arrays.asList(client.getDefaultAcrValues()));
                 }
 
                 JwtAuthorizationRequest jwtAuthorizationRequest = null;
 
                 if (client != null) {
                     if (client.isDisabled()) {
                         builder = Response.status(Response.Status.FORBIDDEN.getStatusCode()); // 403
                         builder.entity(errorResponseFactory.getErrorAsJson(AuthorizeErrorResponseType.DISABLED_CLIENT, state));
 
                         applicationAuditLogger.sendMessage(oAuth2AuditLog);
 
                         return builder.build();
                     }
 
                     List<String> scopes = new ArrayList<String>();
                     if (StringHelper.isNotEmpty(scope)) {
                         Set<String> grantedScopes = scopeChecker.checkScopesPolicy(client, scope);
                         scopes.addAll(grantedScopes);
                     }
 
                     // Validate redirectUri
                     redirectUri = redirectionUriService.validateRedirectionUri(clientId, redirectUri);
                     boolean validRedirectUri = redirectUri != null;
 
                     if (AuthorizeParamsValidator.validateResponseTypes(responseTypes, client)
                             && AuthorizeParamsValidator.validateGrantType(responseTypes, client.getGrantTypes(), appConfiguration.getGrantTypesSupported())) {
                         if (validRedirectUri) {
 
                             if (StringUtils.isNotBlank(accessToken)) {
                                 boolean onlyFromCache = ServerUtil.isTrue(appConfiguration.getUseCacheForAllImplicitFlowObjects() && ResponseType.isImplicitFlow(responseType));
                                 AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken, onlyFromCache);
                                 boolean denyAccess = true;
 
                                 if (authorizationGrant != null) {
                                     final AbstractToken accessTokenObject = authorizationGrant.getAccessToken(accessToken);
                                     if (accessTokenObject != null && accessTokenObject.isValid()) {
                                         denyAccess = false;
                                     }
                                 }
 
                                 if (denyAccess) {
                                     RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
                                     redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                             AuthorizeErrorResponseType.ACCESS_DENIED, state));
 
                                     builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                     applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                     return builder.build();
                                 } else {
                                     oAuth2AuditLog.setUsername(authorizationGrant.getUserId());
                                     user = userService.getUser(authorizationGrant.getUserId());
                                     sessionUser = sessionIdService.generateAuthenticatedSessionId(httpRequest, user.getDn(), prompt);
                                     sessionUser.addPermission(client.getClientId(), true);
                                 }
                             }
 
                             if (StringUtils.isNotBlank(requestUri)) {
                                 boolean validRequestUri = false;
                                 try {
                                     URI reqUri = new URI(requestUri);
                                     String reqUriHash = reqUri.getFragment();
                                     String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
 
                                     ClientRequest clientRequest = new ClientRequest(reqUriWithoutFragment);
                                     clientRequest.setHttpMethod(HttpMethod.GET);
 
                                     ClientResponse<String> clientResponse = clientRequest.get(String.class);
                                     int status = clientResponse.getStatus();
 
                                     if (status == 200) {
                                         request = clientResponse.getEntity(String.class);
 
                                         if (StringUtils.isBlank(reqUriHash)) {
                                             validRequestUri = true;
                                         } else {
                                             String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(request));
                                             validRequestUri = StringUtils.equals(reqUriHash, hash);
                                         }
                                     }
 
                                     if (validRequestUri) {
                                         requestUri = null;
                                     } else {
                                         RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
                                         redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                                 AuthorizeErrorResponseType.INVALID_REQUEST_URI, state));
 
                                         builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                         applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                         return builder.build();
                                     }
                                 } catch (URISyntaxException e) {
                                     log.error(e.getMessage(), e);
                                 } catch (UnknownHostException e) {
                                     log.error(e.getMessage(), e);
                                 } catch (ConnectException e) {
                                     log.error(e.getMessage(), e);
                                 } catch (Exception e) {
                                     log.error(e.getMessage(), e);
                                 }
                             }
 
                             boolean invalidOpenidRequestObject = false;
                             if (StringUtils.isNotBlank(request)) {
                                 try {
                                     jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, request, client);
 
                                     if (!jwtAuthorizationRequest.getResponseTypes().containsAll(responseTypes)
                                             || !responseTypes.containsAll(jwtAuthorizationRequest.getResponseTypes())) {
                                         throw new InvalidJwtException("The responseType parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getClientId() != null
                                             && !jwtAuthorizationRequest.getClientId().equals(clientId)) {
                                         throw new InvalidJwtException("The clientId parameter is not the same in the JWT");
                                     } else if (!jwtAuthorizationRequest.getScopes().containsAll(scopes)
                                             || !scopes.containsAll(jwtAuthorizationRequest.getScopes())) {
                                         throw new InvalidJwtException("The scope parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getRedirectUri() != null
                                             && !jwtAuthorizationRequest.getRedirectUri().equals(redirectUri)) {
                                         throw new InvalidJwtException("The redirectUri parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getState() != null && StringUtils.isNotBlank(state)
                                             && !jwtAuthorizationRequest.getState().equals(state)) {
                                         throw new InvalidJwtException("The state parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getNonce() != null && StringUtils.isNotBlank(nonce)
                                             && !jwtAuthorizationRequest.getNonce().equals(nonce)) {
                                         throw new InvalidJwtException("The nonce parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getDisplay() != null && StringUtils.isNotBlank(display)
                                             && !jwtAuthorizationRequest.getDisplay().getParamName().equals(display)) {
                                         throw new InvalidJwtException("The display parameter is not the same in the JWT");
                                     } else if (!jwtAuthorizationRequest.getPrompts().isEmpty() && !prompts.isEmpty()
                                             && !jwtAuthorizationRequest.getPrompts().containsAll(prompts)) {
                                         throw new InvalidJwtException("The prompt parameter is not the same in the JWT");
                                     } else if (jwtAuthorizationRequest.getIdTokenMember() != null
                                             && jwtAuthorizationRequest.getIdTokenMember().getMaxAge() != null && maxAge != null
                                             && !jwtAuthorizationRequest.getIdTokenMember().getMaxAge().equals(maxAge)) {
                                         throw new InvalidJwtException("The maxAge parameter is not the same in the JWT");
                                     }
                                 } catch (InvalidJwtException e) {
                                     invalidOpenidRequestObject = true;
                                     log.debug("Invalid JWT authorization request. Exception = {}, Message = {}", e,
                                             e.getClass().getName(), e.getMessage());
                                 } catch (Exception e) {
                                     invalidOpenidRequestObject = true;
                                     log.debug("Invalid JWT authorization request. Exception = {}, Message = {}", e,
                                             e.getClass().getName(), e.getMessage());
                                 }
                             }
                             if (invalidOpenidRequestObject) {
                                 RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
 
                                 redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                         AuthorizeErrorResponseType.INVALID_OPENID_REQUEST_OBJECT, state));
 
                                 builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                             } else {
                                 AuthorizationGrant authorizationGrant = null;
                                 RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
 
                                 if (jwtAuthorizationRequest != null && jwtAuthorizationRequest.getIdTokenMember() != null) {
                                     Claim userIdClaim = jwtAuthorizationRequest.getIdTokenMember().getClaim(JwtClaimName.SUBJECT_IDENTIFIER);
                                     if (userIdClaim != null && userIdClaim.getClaimValue() != null
                                             && userIdClaim.getClaimValue().getValue() != null) {
                                         String userIdClaimValue = userIdClaim.getClaimValue().getValue();
 
                                         if (user != null) {
                                             String userId = user.getUserId();
 
                                             if (!userId.equalsIgnoreCase(userIdClaimValue)) {
                                                 redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                                         AuthorizeErrorResponseType.USER_MISMATCHED, state));
 
                                                 builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                                 applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                                 return builder.build();
                                             }
                                         }
                                     }
                                 }
 
                                 if (user == null) {
                                     identity.logout();
                                     if (prompts.contains(Prompt.NONE)) {
                                         if (authenticationFilterService.isEnabled()) {
                                             Map<String, String> params;
                                             if (method.equals(HttpMethod.GET)) {
                                                 params = QueryStringDecoder.decode(httpRequest.getQueryString());
                                             } else {
                                                 params = getGenericRequestMap(httpRequest);
                                             }
 
                                             String userDn = authenticationFilterService.processAuthenticationFilters(params);
                                             if (userDn != null) {
                                                 Map<String, String> genericRequestMap = getGenericRequestMap(httpRequest);
 
                                                 Map<String, String> parameterMap = Maps.newHashMap(genericRequestMap);
                                                 Map<String, String> requestParameterMap = requestParameterService.getAllowedParameters(parameterMap);
 
                                                 sessionUser = sessionIdService.generateAuthenticatedSessionId(httpRequest, userDn, prompt);
                                                 sessionUser.setSessionAttributes(requestParameterMap);
 
                                                 sessionIdService.createSessionIdCookie(sessionUser.getId(), sessionUser.getSessionState(), httpResponse, false);
                                                 sessionIdService.updateSessionId(sessionUser);
                                                 user = userService.getUserByDn(sessionUser.getUserDn());
                                             } else {
                                                 redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                                         AuthorizeErrorResponseType.LOGIN_REQUIRED, state));
 
                                                 builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                                 applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                                 return builder.build();
                                             }
                                         } else {
                                             redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                                                     AuthorizeErrorResponseType.LOGIN_REQUIRED, state));
 
                                             builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                             applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                             return builder.build();
                                         }
                                     } else {
                                         if (prompts.contains(Prompt.LOGIN)) {
                                             endSession(sessionId, httpRequest, httpResponse);
                                             sessionId = null;
                                             prompts.remove(Prompt.LOGIN);
                                         }
 
                                         redirectToAuthorizationPage(redirectUriResponse, responseTypes, scope, clientId,
                                                 redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                                                 idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,
                                                 codeChallenge, codeChallengeMethod, sessionId, claims, customParameters);
                                         builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                         applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                         return builder.build();
                                     }
                                 }
 
                                 // OXAUTH-37 : Validate authentication max age
                                 boolean validAuthenticationMaxAge = true;
                                 Integer authenticationMaxAge = null;
                                 if (maxAge != null) {
                                     authenticationMaxAge = maxAge;
                                 } else if (!invalidOpenidRequestObject && jwtAuthorizationRequest != null
                                         && jwtAuthorizationRequest.getIdTokenMember() != null
                                         && jwtAuthorizationRequest.getIdTokenMember().getMaxAge() != null) {
                                     authenticationMaxAge = jwtAuthorizationRequest.getIdTokenMember().getMaxAge();
                                 }
                                 GregorianCalendar now = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                                 GregorianCalendar userAuthenticationTime = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                                 userAuthenticationTime.setTime(sessionUser.getAuthenticationTime());
                                 if (authenticationMaxAge != null) {
                                     userAuthenticationTime.add(Calendar.SECOND, authenticationMaxAge);
                                     validAuthenticationMaxAge = userAuthenticationTime.after(now);
                                 } else if (client.getDefaultMaxAge() != null) {
                                     userAuthenticationTime.add(Calendar.SECOND, client.getDefaultMaxAge());
                                     validAuthenticationMaxAge = userAuthenticationTime.after(now);
                                 }
                                 if (!validAuthenticationMaxAge) {
                                     endSession(sessionId, httpRequest, httpResponse);
                                     sessionId = null;
 
                                     redirectToAuthorizationPage(redirectUriResponse, responseTypes, scope, clientId,
                                             redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                                             idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,
                                             codeChallenge, codeChallengeMethod, sessionId, claims, customParameters);
                                     builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                     applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                     return builder.build();
                                 }
 
                                 oAuth2AuditLog.setUsername(user.getUserId());
 
                                 ClientAuthorizations clientAuthorizations = clientAuthorizationsService.findClientAuthorizations(
                                         user.getAttribute("inum"),
                                         client.getClientId(),
                                         client.getPersistClientAuthorizations());
                                 if (scopes.size() > 0) {
                                     if (clientAuthorizations != null && clientAuthorizations.getScopes() != null) {
                                         if (Arrays.asList(clientAuthorizations.getScopes()).containsAll(scopes)) {
                                             sessionUser.addPermission(clientId, true);
                                         } else {
                                             redirectToAuthorizationPage(redirectUriResponse, responseTypes, scope, clientId,
                                                     redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                                                     idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,
                                                     codeChallenge, codeChallengeMethod, sessionId, claims, customParameters);
                                             builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                             applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                             return builder.build();
                                         }
                                     } else if (client.getTrustedClient()) {
                                         sessionUser.addPermission(clientId, true);
                                     }
                                 }
 
                                 if (prompts.contains(Prompt.LOGIN)) {
                                     endSession(sessionId, httpRequest, httpResponse);
                                     sessionId = null;
                                     prompts.remove(Prompt.LOGIN);
 
                                     redirectToAuthorizationPage(redirectUriResponse, responseTypes, scope, clientId,
                                             redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                                             idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,
                                             codeChallenge, codeChallengeMethod, sessionId, claims, customParameters);
                                     builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                     applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                     return builder.build();
                                 }
 
                                 if (prompts.contains(Prompt.CONSENT) || !sessionUser.isPermissionGrantedForClient(clientId)) {
                                     prompts.remove(Prompt.CONSENT);
 
                                     redirectToAuthorizationPage(redirectUriResponse, responseTypes, scope, clientId,
                                             redirectUri, state, responseMode, nonce, display, prompts, maxAge, uiLocales,
                                             idTokenHint, loginHint, acrValues, amrValues, request, requestUri, originHeaders,
                                             codeChallenge, codeChallengeMethod, sessionId, claims, customParameters);
                                     builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
                                     applicationAuditLogger.sendMessage(oAuth2AuditLog);
                                     return builder.build();
                                 }
 
                                 AuthorizationCode authorizationCode = null;
                                 if (responseTypes.contains(ResponseType.CODE)) {
                                     authorizationGrant = authorizationGrantList.createAuthorizationCodeGrant(user, client,
                                             sessionUser.getAuthenticationTime());
                                     authorizationGrant.setNonce(nonce);
                                     authorizationGrant.setJwtAuthorizationRequest(jwtAuthorizationRequest);
                                     authorizationGrant.setTokenBindingHash(TokenBindingMessage.getTokenBindingIdHashFromTokenBindingMessage(tokenBindingHeader, client.getIdTokenTokenBindingCnf()));
                                     authorizationGrant.setScopes(scopes);
                                     authorizationGrant.setCodeChallenge(codeChallenge);
                                     authorizationGrant.setCodeChallengeMethod(codeChallengeMethod);
                                     authorizationGrant.setClaims(claims);
 
                                     // Store acr_values
                                     authorizationGrant.setAcrValues(acrValuesStr);
                                     authorizationGrant.setSessionDn(sessionUser.getDn());
                                     authorizationGrant.save(); // call save after object modification!!!
 
                                     authorizationCode = authorizationGrant.getAuthorizationCode();
 
                                     redirectUriResponse.addResponseParameter("code", authorizationCode.getCode());
                                 }
 
                                 AccessToken newAccessToken = null;
                                 if (responseTypes.contains(ResponseType.TOKEN)) {
                                     if (authorizationGrant == null) {
                                         authorizationGrant = authorizationGrantList.createImplicitGrant(user, client,
                                                 sessionUser.getAuthenticationTime());
                                         authorizationGrant.setNonce(nonce);
                                         authorizationGrant.setJwtAuthorizationRequest(jwtAuthorizationRequest);
                                         authorizationGrant.setScopes(scopes);
                                         authorizationGrant.setClaims(claims);
 
                                         // Store acr_values
                                         authorizationGrant.setAcrValues(acrValuesStr);
                                         authorizationGrant.setSessionDn(sessionUser.getDn());
                                         authorizationGrant.save(); // call save after object modification!!!
                                     }
                                     newAccessToken = authorizationGrant.createAccessToken();
 
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.ACCESS_TOKEN, newAccessToken.getCode());
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.TOKEN_TYPE, newAccessToken.getTokenType().toString());
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.EXPIRES_IN, newAccessToken.getExpiresIn() + "");
                                 }
 
                                 if (responseTypes.contains(ResponseType.ID_TOKEN)) {
                                     boolean includeIdTokenClaims = Boolean.TRUE.equals(appConfiguration.getLegacyIdTokenClaims());
                                     if (authorizationGrant == null) {
                                         includeIdTokenClaims = true;
                                         authorizationGrant = authorizationGrantList.createAuthorizationGrant(user, client,
                                                 sessionUser.getAuthenticationTime());
                                         authorizationGrant.setNonce(nonce);
                                         authorizationGrant.setJwtAuthorizationRequest(jwtAuthorizationRequest);
                                         authorizationGrant.setScopes(scopes);
                                         authorizationGrant.setClaims(claims);
 
                                         // Store authentication acr values
                                         authorizationGrant.setAcrValues(acrValuesStr);
                                         authorizationGrant.setSessionDn(sessionUser.getDn());
                                         authorizationGrant.save(); // call save after object modification, call is asynchronous!!!
                                     }
                                     IdToken idToken = authorizationGrant.createIdToken(
                                             nonce, authorizationCode, newAccessToken, authorizationGrant, includeIdTokenClaims, TokenBindingMessage.createIdTokenTokingBindingPreprocessing(tokenBindingHeader, client.getIdTokenTokenBindingCnf()));
 
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.ID_TOKEN, idToken.getCode());
                                 }
 
                                 if (authorizationGrant != null && StringHelper.isNotEmpty(acrValuesStr)) {
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.ACR_VALUES, acrValuesStr);
                                 }
 
                                 //if (Boolean.valueOf(requestSessionId) && StringUtils.isBlank(sessionId) &&
                                 if (sessionUser.getId() == null) {
                                     final SessionId newSessionUser = sessionIdService.generateAuthenticatedSessionId(httpRequest, sessionUser.getUserDn(), prompt);
                                     String newSessionId = newSessionUser.getId();
                                     sessionUser.setId(newSessionId);
                                     log.trace("newSessionId = {}", newSessionId);
                                 }
                                 redirectUriResponse.addResponseParameter(AuthorizeResponseParam.SESSION_ID, sessionUser.getId());
                                 redirectUriResponse.addResponseParameter(AuthorizeResponseParam.SESSION_STATE, sessionUser.getSessionState());
                                 redirectUriResponse.addResponseParameter(AuthorizeResponseParam.STATE, state);
                                 if (scope != null && !scope.isEmpty()) {
                                     scope = authorizationGrant.checkScopesPolicy(scope);
 
                                     redirectUriResponse.addResponseParameter(AuthorizeResponseParam.SCOPE, scope);
                                 }
 
                                 clientService.updatAccessTime(client, false);
                                 oAuth2AuditLog.setSuccess(true);
 
                                 builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
 
                                 if (appConfiguration.getCustomHeadersWithAuthorizationResponse()) {
                                     for (String key : customResponseHeaders.keySet()) {
                                         builder.header(key, customResponseHeaders.get(key));
                                     }
                                 }
                             }
                         } else { // Invalid redirectUri
                             builder = error(Response.Status.BAD_REQUEST,
                                     AuthorizeErrorResponseType.INVALID_REQUEST_REDIRECT_URI, state); // 400
                         }
                     } else { // Invalid responseTypes
                         builder = Response.status(Response.Status.BAD_REQUEST.getStatusCode()); // 400
                         builder.entity(errorResponseFactory.getErrorAsJson(
                                 AuthorizeErrorResponseType.UNSUPPORTED_RESPONSE_TYPE, state));
                     }
                 } else {
                     builder = error(Response.Status.UNAUTHORIZED, AuthorizeErrorResponseType.UNAUTHORIZED_CLIENT, state);
                 }
             }
 //        } catch (AcrChangedException e) {
 //            builder = Response.status(Response.Status.UNAUTHORIZED).entity("Session already exist with ACR that is different " +
 //                    "than the one send with this authorization request. Please perform logout in order to login with another ACR. ACR: " + acrValuesStr);
 //            log.error(e.getMessage(), e);
         } catch (AcrChangedException e) { // Acr changed
             log.error("ACR is changed, please provide a supported and enabled acr value");
             log.error(e.getMessage(), e);
 
             RedirectUri redirectUriResponse = new RedirectUri(redirectUri, responseTypes, responseMode);
             redirectUriResponse.parseQueryString(errorResponseFactory.getErrorAsQueryString(
                     AuthorizeErrorResponseType.SESSION_SELECTION_REQUIRED, state));
             redirectUriResponse.addResponseParameter("hint", "Use prompt=login in order to alter existing session.");
             applicationAuditLogger.sendMessage(oAuth2AuditLog);
             return RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest).build();
         } catch (EntryPersistenceException e) { // Invalid clientId
             builder = error(Response.Status.UNAUTHORIZED, AuthorizeErrorResponseType.UNAUTHORIZED_CLIENT, state);
             log.error(e.getMessage(), e);
         } catch (SignatureException e) {
             builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()); // 500
             log.error(e.getMessage(), e);
         } catch (StringEncrypter.EncryptionException e) {
             builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()); // 500
             log.error(e.getMessage(), e);
         } catch (InvalidJwtException e) {
             builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()); // 500
             log.error(e.getMessage(), e);
         } catch (Exception e) {
             builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()); // 500
             log.error(e.getMessage(), e);
         }
 
         applicationAuditLogger.sendMessage(oAuth2AuditLog);
         return builder.build();
     }

◆ requestAuthorizationGet() [1/2]

Response org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet	(	String	scope,
		String	responseType,
		String	clientId,
		String	redirectUri,
		String	state,
		String	responseMode,
		String	nonce,
		String	display,
		String	prompt,
		Integer	maxAge,
		String	uiLocales,
		String	idTokenHint,
		String	loginHint,
		String	acrValues,
		String	amrValues,
		String	request,
		String	requestUri,
		String	requestSessionId,
		String	sessionId,
		String	accessToken,
		String	originHeaders,
		String	codeChallenge,
		String	codeChallengeMethod,
		String	customResponseHeaders,
		String	claims,
		HttpServletRequest	httpRequest,
		HttpServletResponse	httpResponse,
		SecurityContext	securityContext
	)

inline

                                                                                                                {
         return requestAuthorization(scope, responseType, clientId, redirectUri, state, responseMode, nonce, display,
                 prompt, maxAge, uiLocales, idTokenHint, loginHint, acrValues, amrValues, request, requestUri,
                 requestSessionId, sessionId, accessToken, HttpMethod.GET, originHeaders, codeChallenge,
                 codeChallengeMethod, customResponseHeaders, claims, httpRequest, httpResponse, securityContext);
     }

◆ requestAuthorizationGet() [2/2]

Response org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebService.requestAuthorizationGet	(	@QueryParam("scope") @ApiParam(value="OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.", required=true) String	scope,
		@QueryParam("response_type") @ApiParam(value="OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code. ", required=true) String	responseType,
		@QueryParam("client_id") @ApiParam(value="OAuth 2.0 Client Identifier valid at the Authorization Server.", required=true) String	clientId,
		@QueryParam("redirect_uri") @ApiParam(value="Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider", required=true) String	redirectUri,
		@QueryParam("state") @ApiParam(value="Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. ", required=false) String	state,
		@QueryParam("response_mode") @ApiParam(value="Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type. ", required=false) String	responseMode,
		@QueryParam("nonce") @ApiParam(value="String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authorization Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.", required=false) String	nonce,
		@QueryParam("display") @ApiParam(value="ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page, popup, touch, wap", required=false) String	display,
		@QueryParam("prompt") @ApiParam(value="Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none, login, consent, select_account", required=false) String	prompt,
		@QueryParam("max_age") @ApiParam(value="Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value. ", required=false) Integer	maxAge,
		@QueryParam("ui_locales") @ApiParam(value="End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \CA fr en\presents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. ", required=false) String	uiLocales,
		@QueryParam("id_token_hint") @ApiParam(value="ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. If the End-User identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it SHOULD return an error, such as login_required. When possible, an id_token_hint SHOULD be present when prompt=none is used and an invalid_request error MAY be returned if it is not; however, the server SHOULD respond successfully when possible, even if it is not present. The Authorization Server need not be listed as an audience of the ID Token when it is used as an id_token_hint value. ", required=false) String	idTokenHint,
		@QueryParam("login_hint") @ApiParam(value="Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is left to the OP's discretion. ", required=false) String	loginHint,
		@QueryParam("acr_values") @ApiParam(value="Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication Context Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. ", required=false) String	acrValues,
		@QueryParam("amr_values") @ApiParam(value="AMR Values", required=false) String	amrValues,
		@QueryParam("request") @ApiParam(value="This parameter enables OpenID Connect requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a Request Object value, as specified in Section 6.1. It represents the request as a JWT whose Claims are the request parameters.", required=false) String	request,
		@QueryParam("request_uri") @ApiParam(value="This parameter enables OpenID Connect requests to be passed by reference, rather than by value. The request_uri value is a URL using the https scheme referencing a resource containing a Request Object value, which is a JWT containing the request parameters. ", required=false) String	requestUri,
		@QueryParam("request_session_id") @ApiParam(value="Request session id", required=false) String	requestSessionId,
		@QueryParam("session_id") @ApiParam(value="Session id of this call", required=false) String	sessionId,
		@QueryParam("access_token") @ApiParam(value="Access token", required=false) String	accessToken,
		@QueryParam("origin_headers") @ApiParam(value="Origin headers. Used in custom workflows.", required=false) String	originHeaders,
		@QueryParam("code_challenge") @ApiParam(value="PKCE code challenge.", required=false) String	codeChallenge,
		@QueryParam("code_challenge_method") @ApiParam(value="PKCE code challenge method.", required=false) String	codeChallengeMethod,
		@QueryParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) @ApiParam(value="Custom Response Headers.", required=false) String	customResponseHeaders,
		@QueryParam("claims") @ApiParam(value="Requested Claims.", required=false) String	claims,
		@Context HttpServletRequest	httpRequest,
		@Context HttpServletResponse	httpResponse,
		@Context SecurityContext	securityContext
	)

inherited

Requests authorization.

引数

scope	The scope of the access request.
responseType	The response type informs the authorization server of the desired response type: code, token, id_token a combination of them. The response type parameter is mandatory.
clientId	The client identifier.
redirectUri	Redirection URI
state	An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter should be used for preventing cross-site request forgery.
responseMode	Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type.
nonce	A string value used to associate a user agent session with an ID Token, and to mitigate replay attacks.
display	An ASCII string value that specifies how the Authorization Server displays the authentication page to the End-User.
prompt	A space delimited list of ASCII strings that can contain the values login, consent, select_account, and none.
maxAge	Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated.
uiLocales	End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.
idTokenHint	Previously issued ID Token passed to the Authorization Server as a hint about the End-User's current or past authenticated session with the Client.
loginHint	Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).
acrValues	Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.
amrValues	Requested Authentication Methods References. JSON array of strings that are identifiers for authentication methods used in the authentication. For instance, values might indicate that both password and OTP authentication methods were used. The definition of particular values to be used in the amr Claim is beyond the scope of this specification.The amr value is an array of case sensitive strings.
request	A JWT encoded OpenID Request Object.
requestUri	An URL that points to an OpenID Request Object.
codeChallenge	PKCE code challenge
codeChallengeMethod	PKCE code challenge method
requestSessionId	request session id
sessionId	session id
accessToken	access token
httpRequest	http request
securityContext	An injectable interface that provides access to security related information.

戻り値

When the responseType parameter is set to code:

If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the redirection URI using the application/x-www-form-urlencoded format:

code: The authorization code generated by the authorization server.
state: If the state parameter was present in the client authorization request. The exact value received from the client.

When the responseType parameter is set to token:

If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection URI using the application/x-www-form-urlencoded format.

access_token: The access token issued by the authorization server.
token_type: The type of the token issued. Value is case insensitive.
expires_in: The lifetime in seconds of the access token. For example, the value 3600 denotes that the access token will expire in one hour from the time the response was generated.
scope: The scope of the access token.
state: If the state parameter was present in the client authorization request. The exact value received from the client.

◆ requestAuthorizationPost() [1/2]

Response org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationPost	(	String	scope,
		String	responseType,
		String	clientId,
		String	redirectUri,
		String	state,
		String	responseMode,
		String	nonce,
		String	display,
		String	prompt,
		Integer	maxAge,
		String	uiLocales,
		String	idTokenHint,
		String	loginHint,
		String	acrValues,
		String	amrValues,
		String	request,
		String	requestUri,
		String	requestSessionId,
		String	sessionId,
		String	accessToken,
		String	originHeaders,
		String	codeChallenge,
		String	codeChallengeMethod,
		String	customResponseHeaders,
		String	claims,
		HttpServletRequest	httpRequest,
		HttpServletResponse	httpResponse,
		SecurityContext	securityContext
	)

inline

                                                                                                                {
         return requestAuthorization(scope, responseType, clientId, redirectUri, state, responseMode, nonce, display,
                 prompt, maxAge, uiLocales, idTokenHint, loginHint, acrValues, amrValues, request, requestUri,
                 requestSessionId, sessionId, accessToken, HttpMethod.POST, originHeaders, codeChallenge,
                 codeChallengeMethod, customResponseHeaders, claims, httpRequest, httpResponse, securityContext);
     }

◆ requestAuthorizationPost() [2/2]

Response org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebService.requestAuthorizationPost	(	@FormParam("scope") @ApiParam(value="OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored.", required=true) String	scope,
		@FormParam("response_type") @ApiParam(value="OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code. ", required=true) String	responseType,
		@FormParam("client_id") @ApiParam(value="OAuth 2.0 Client Identifier valid at the Authorization Server. ", required=true) String	clientId,
		@FormParam("redirect_uri") @ApiParam(value="Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider", required=true) String	redirectUri,
		@FormParam("state") @ApiParam(value="Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. ", required=false) String	state,
		@QueryParam("response_mode") @ApiParam(value="Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type. ", required=false) String	responseMode,
		@FormParam("nonce") @ApiParam(value="String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authorization Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.", required=false) String	nonce,
		@FormParam("display") @ApiParam(value="ASCII string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page, popup, touch, wap", required=false) String	display,
		@FormParam("prompt") @ApiParam(value="Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none, login, consent, select_account", required=false) String	prompt,
		@FormParam("max_age") @ApiParam(value="Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User. (The max_age request parameter corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] max_auth_age request parameter.) When max_age is used, the ID Token returned MUST include an auth_time Claim Value. ", required=false) Integer	maxAge,
		@FormParam("ui_locales") @ApiParam(value="End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \CA fr en\presents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider. ", required=false) String	uiLocales,
		@FormParam("id_token_hint") @ApiParam(value="ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client. If the End-User identified by the ID Token is logged in or is logged in by the request, then the Authorization Server returns a positive response; otherwise, it SHOULD return an error, such as login_required. When possible, an id_token_hint SHOULD be present when prompt=none is used and an invalid_request error MAY be returned if it is not; however, the server SHOULD respond successfully when possible, even if it is not present. The Authorization Server need not be listed as an audience of the ID Token when it is used as an id_token_hint value. ", required=false) String	idTokenHint,
		@FormParam("login_hint") @ApiParam(value="Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. It is RECOMMENDED that the hint value match the value used for discovery. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is left to the OP's discretion. ", required=false) String	loginHint,
		@FormParam("acr_values") @ApiParam(value="Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication Context Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter. ", required=false) String	acrValues,
		@FormParam("amr_values") @ApiParam(value="AMR Values", required=false) String	amrValues,
		@FormParam("request") @ApiParam(value="This parameter enables OpenID Connect requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a Request Object value, as specified in Section 6.1. It represents the request as a JWT whose Claims are the request parameters.", required=false) String	request,
		@FormParam("request_uri") @ApiParam(value="This parameter enables OpenID Connect requests to be passed by reference, rather than by value. The request_uri value is a URL using the https scheme referencing a resource containing a Request Object value, which is a JWT containing the request parameters. ", required=false) String	requestUri,
		@FormParam("request_session_id") @ApiParam(value="Request session id", required=false) String	requestSessionId,
		@FormParam("session_id") @ApiParam(value="Session id of this call", required=false) String	sessionId,
		@FormParam("access_token") @ApiParam(value="Access token", required=false) String	accessToken,
		@FormParam("origin_headers") @ApiParam(value="Origin headers. Used in custom workflows.", required=false) String	originHeaders,
		@QueryParam("code_challenge") @ApiParam(value="PKCE code challenge.", required=false) String	codeChallenge,
		@QueryParam("code_challenge_method") @ApiParam(value="PKCE code challenge method.", required=false) String	codeChallengeMethod,
		@QueryParam(AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS) @ApiParam(value="Custom Response Headers.", required=false) String	customResponseHeaders,
		@QueryParam("claims") @ApiParam(value="Requested Claims.", required=false) String	claims,
		@Context HttpServletRequest	httpRequest,
		@Context HttpServletResponse	httpResponse,
		@Context SecurityContext	securityContext
	)

inherited

メンバ詳解

◆ appConfiguration

AppConfiguration org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.appConfiguration

private

◆ applicationAuditLogger

ApplicationAuditLogger org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.applicationAuditLogger

private

◆ authenticationFilterService

AuthenticationFilterService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.authenticationFilterService

private

◆ authorizationGrantList

AuthorizationGrantList org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.authorizationGrantList

private

◆ clientAuthorizationsService

ClientAuthorizationsService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.clientAuthorizationsService

private

◆ clientService

ClientService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.clientService

private

◆ errorResponseFactory

ErrorResponseFactory org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.errorResponseFactory

private

◆ identity

Identity org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.identity

private

◆ log

Logger org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.log

private

◆ redirectionUriService

RedirectionUriService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.redirectionUriService

private

◆ requestParameterService

RequestParameterService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestParameterService

private

◆ scopeChecker

ScopeChecker org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.scopeChecker

private

◆ sessionIdService

SessionIdService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.sessionIdService

private

◆ userService

UserService org.xdi.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.userService

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java

非公開変数類
Logger	log

ApplicationAuditLogger	applicationAuditLogger

ErrorResponseFactory	errorResponseFactory

RedirectionUriService	redirectionUriService

AuthorizationGrantList	authorizationGrantList

ClientService	clientService

UserService	userService

Identity	identity

AuthenticationFilterService	authenticationFilterService

SessionIdService	sessionIdService

ScopeChecker	scopeChecker

ClientAuthorizationsService	clientAuthorizationsService

RequestParameterService	requestParameterService

AppConfiguration	appConfiguration

公開メンバ関数

非公開メンバ関数

非公開変数類

詳解

関数詳解

◆ endSession()

◆ error()

◆ getGenericRequestMap()

◆ overrideUnauthenticatedSessionParameters()

◆ redirectToAuthorizationPage()

◆ requestAuthorization()

◆ requestAuthorizationGet() [1/2]

◆ requestAuthorizationGet() [2/2]

◆ requestAuthorizationPost() [1/2]

◆ requestAuthorizationPost() [2/2]

メンバ詳解

◆ appConfiguration

◆ applicationAuditLogger

◆ authenticationFilterService

◆ authorizationGrantList

◆ clientAuthorizationsService

◆ clientService

◆ errorResponseFactory

◆ identity

◆ log

◆ redirectionUriService

◆ requestParameterService

◆ scopeChecker

◆ sessionIdService

◆ userService