org.xdi.oxauth.model.token.IdTokenFactory 連携図

公開メンバ関数
Jwt	generateSignedIdToken (IAuthorizationGrant authorizationGrant, String nonce, AuthorizationCode authorizationCode, AccessToken accessToken, Set< String > scopes, boolean includeIdTokenClaims, Function< JsonWebResponse, Void > preProcessing) throws Exception

Jwe	generateEncryptedIdToken (IAuthorizationGrant authorizationGrant, String nonce, AuthorizationCode authorizationCode, AccessToken accessToken, Set< String > scopes, boolean includeIdTokenClaims, Function< JsonWebResponse, Void > preProcessing) throws Exception

JsonWebResponse	createJwr (IAuthorizationGrant grant, String nonce, AuthorizationCode authorizationCode, AccessToken accessToken, Set< String > scopes, boolean includeIdTokenClaims, Function< JsonWebResponse, Void > preProcessing) throws Exception

boolean	validateRequesteClaim (GluuAttribute gluuAttribute, String[] clientAllowedClaims, Collection< String > scopes)

非公開メンバ関数
void	setAmrClaim (JsonWebResponse jwt, String acrValues)

非公開変数類
ExternalDynamicScopeService	externalDynamicScopeService

ExternalAuthenticationService	externalAuthenticationService

ClientService	clientService

ScopeService	scopeService

AttributeService	attributeService

PairwiseIdentifierService	pairwiseIdentifierService

AppConfiguration	appConfiguration

WebKeysConfiguration	webKeysConfiguration

詳解

JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. JWTs encode claims to be transmitted as a JSON object (as defined in RFC 4627) that is base64url encoded and digitally signed. Signing is accomplished using a JSON Web Signature (JWS). JWTs may also be optionally encrypted using JSON Web Encryption (JWE).

著者: Javier Rojas Blum; Yuriy Movchan

バージョン: June 30, 2018

関数詳解

◆ createJwr()

JsonWebResponse org.xdi.oxauth.model.token.IdTokenFactory.createJwr	(	IAuthorizationGrant	grant,
		String	nonce,
		AuthorizationCode	authorizationCode,
		AccessToken	accessToken,
		Set< String >	scopes,
		boolean	includeIdTokenClaims,
		Function< JsonWebResponse, Void >	preProcessing
	)		throws Exception

inline

                              {
         final Client grantClient = grant.getClient();
         if (grantClient != null && grantClient.getIdTokenEncryptedResponseAlg() != null
                 && grantClient.getIdTokenEncryptedResponseEnc() != null) {
             return generateEncryptedIdToken(
                     grant, nonce, authorizationCode, accessToken, scopes, includeIdTokenClaims, preProcessing);
         } else {
             return generateSignedIdToken(
                     grant, nonce, authorizationCode, accessToken, scopes, includeIdTokenClaims, preProcessing);
         }
     }

◆ generateEncryptedIdToken()

Jwe org.xdi.oxauth.model.token.IdTokenFactory.generateEncryptedIdToken	(	IAuthorizationGrant	authorizationGrant,
		String	nonce,
		AuthorizationCode	authorizationCode,
		AccessToken	accessToken,
		Set< String >	scopes,
		boolean	includeIdTokenClaims,
		Function< JsonWebResponse, Void >	preProcessing
	)		throws Exception

inline

                                                                                                                                                        {
         Jwe jwe = new Jwe();
 
         // Header
         KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(authorizationGrant.getClient().getIdTokenEncryptedResponseAlg());
         BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.fromName(authorizationGrant.getClient().getIdTokenEncryptedResponseEnc());
         jwe.getHeader().setType(JwtType.JWT);
         jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
         jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
 
         // Claims
         jwe.getClaims().setIssuer(appConfiguration.getIssuer());
         jwe.getClaims().setAudience(authorizationGrant.getClient().getClientId());
 
         int lifeTime = appConfiguration.getIdTokenLifetime();
         Calendar calendar = Calendar.getInstance();
         Date issuedAt = calendar.getTime();
         calendar.add(Calendar.SECOND, lifeTime);
         Date expiration = calendar.getTime();
 
         jwe.getClaims().setExpirationTime(expiration);
         jwe.getClaims().setIssuedAt(issuedAt);
 
         if (preProcessing != null) {
             preProcessing.apply(jwe);
         }
 
         if (authorizationGrant.getAcrValues() != null) {
             jwe.getClaims().setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
             setAmrClaim(jwe, authorizationGrant.getAcrValues());
         }
         if (StringUtils.isNotBlank(nonce)) {
             jwe.getClaims().setClaim(JwtClaimName.NONCE, nonce);
         }
         if (authorizationGrant.getAuthenticationTime() != null) {
             jwe.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
         }
         if (authorizationCode != null) {
             String codeHash = authorizationCode.getHash(null);
             jwe.getClaims().setClaim(JwtClaimName.CODE_HASH, codeHash);
         }
         if (accessToken != null) {
             String accessTokenHash = accessToken.getHash(null);
             jwe.getClaims().setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
         }
         jwe.getClaims().setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
 
         List<org.xdi.oxauth.model.common.Scope> dynamicScopes = Lists.newArrayList();
         if (includeIdTokenClaims && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
             for (String scopeName : scopes) {
                 org.xdi.oxauth.model.common.Scope scope = scopeService.getScopeByDisplayName(scopeName);
                 if (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType()) {
                     dynamicScopes.add(scope);
                     continue;
                 }
 
                 if (scope != null && scope.getOxAuthClaims() != null) {
                     for (String claimDn : scope.getOxAuthClaims()) {
                         GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                         String claimName = gluuAttribute.getOxAuthClaimName();
                         String ldapName = gluuAttribute.getName();
                         Object attributeValue;
 
                         if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                             if (ldapName.equals("uid")) {
                                 attributeValue = authorizationGrant.getUser().getUserId();
                             } else {
                                 attributeValue = authorizationGrant.getUser().getAttribute(gluuAttribute.getName(), true);
                             }
 
                             if (attributeValue != null) {
                                 if (attributeValue instanceof JSONArray) {
                                     JSONArray jsonArray = (JSONArray) attributeValue;
                                     List<String> values = new ArrayList<String>();
                                     for (int i = 0; i < jsonArray.length(); i++) {
                                         String value = jsonArray.optString(i);
                                         if (value != null) {
                                             values.add(value);
                                         }
                                     }
                                     jwe.getClaims().setClaim(claimName, values);
                                 } else {
                                     String value = attributeValue.toString();
                                     jwe.getClaims().setClaim(claimName, value);
                                 }
                             }
                         }
                     }
                 }
             }
         }
 
         if (authorizationGrant.getJwtAuthorizationRequest() != null
                 && authorizationGrant.getJwtAuthorizationRequest().getIdTokenMember() != null) {
             for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getIdTokenMember().getClaims()) {
                 boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                 GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
 
                 if (gluuAttribute != null) {
                     Client client = authorizationGrant.getClient();
 
                     if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                         String ldapClaimName = gluuAttribute.getName();
                         Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwe.getClaims().setClaim(claim.getName(), values);
                             } else {
                                 String value = attribute.toString();
                                 jwe.getClaims().setClaim(claim.getName(), value);
                             }
                         }
                     }
                 }
             }
         }
 
         // Check for Subject Identifier Type
         if (authorizationGrant.getClient().getSubjectType() != null &&
                 SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
             String sectorIdentifierUri;
             if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
                 sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
             } else {
                 sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
             }
 
             String userInum = authorizationGrant.getUser().getAttribute("inum");
             String clientId = authorizationGrant.getClientId();
             PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(
                     userInum, sectorIdentifierUri, clientId);
             if (pairwiseIdentifier == null) {
                 pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId);
                 pairwiseIdentifier.setId(UUID.randomUUID().toString());
                 pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(
                         pairwiseIdentifier.getId(),
                         userInum));
                 pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
             }
             jwe.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
         } else {
             String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
 
             if (openidSubAttribute.equals("uid")) {
                 jwe.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getUserId());
             } else {
                 jwe.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
             }
         }
 
         if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
             final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
             DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwe, unmodifiableAuthorizationGrant);
             externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
         }
 
         // Encryption
         if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP
                 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
             JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
             AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
             String keyId = cryptoProvider.getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), SignatureAlgorithm.RS256, Use.ENCRYPTION);
             PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys);
             jwe.getHeader().setKeyId(keyId);
 
             if (publicKey != null) {
                 JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
                 jwe = jweEncrypter.encrypt(jwe);
             } else {
                 throw new InvalidJweException("The public key is not valid");
             }
         } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW
                 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
             try {
                 byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(Util.UTF8_STRING_ENCODING);
                 JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
                 jwe = jweEncrypter.encrypt(jwe);
             } catch (UnsupportedEncodingException e) {
                 throw new InvalidJweException(e);
             } catch (StringEncrypter.EncryptionException e) {
                 throw new InvalidJweException(e);
             } catch (Exception e) {
                 throw new InvalidJweException(e);
             }
         }
 
         return jwe;
     }

◆ generateSignedIdToken()

Jwt org.xdi.oxauth.model.token.IdTokenFactory.generateSignedIdToken	(	IAuthorizationGrant	authorizationGrant,
		String	nonce,
		AuthorizationCode	authorizationCode,
		AccessToken	accessToken,
		Set< String >	scopes,
		boolean	includeIdTokenClaims,
		Function< JsonWebResponse, Void >	preProcessing
	)		throws Exception

inline

                                                                                                                                                        {
 
         JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, authorizationGrant.getClient());
         Jwt jwt = jwtSigner.newJwt();
 
         int lifeTime = appConfiguration.getIdTokenLifetime();
         Calendar calendar = Calendar.getInstance();
         Date issuedAt = calendar.getTime();
         calendar.add(Calendar.SECOND, lifeTime);
         Date expiration = calendar.getTime();
 
         jwt.getClaims().setExpirationTime(expiration);
         jwt.getClaims().setIssuedAt(issuedAt);
 
         if (preProcessing != null) {
             preProcessing.apply(jwt);
         }
 
         if (authorizationGrant.getAcrValues() != null) {
             jwt.getClaims().setClaim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, authorizationGrant.getAcrValues());
             setAmrClaim(jwt, authorizationGrant.getAcrValues());
         }
         if (StringUtils.isNotBlank(nonce)) {
             jwt.getClaims().setClaim(JwtClaimName.NONCE, nonce);
         }
         if (authorizationGrant.getAuthenticationTime() != null) {
             jwt.getClaims().setClaim(JwtClaimName.AUTHENTICATION_TIME, authorizationGrant.getAuthenticationTime());
         }
         if (authorizationCode != null) {
             String codeHash = authorizationCode.getHash(jwtSigner.getSignatureAlgorithm());
             jwt.getClaims().setClaim(JwtClaimName.CODE_HASH, codeHash);
         }
         if (accessToken != null) {
             String accessTokenHash = accessToken.getHash(jwtSigner.getSignatureAlgorithm());
             jwt.getClaims().setClaim(JwtClaimName.ACCESS_TOKEN_HASH, accessTokenHash);
         }
         jwt.getClaims().setClaim(JwtClaimName.OX_OPENID_CONNECT_VERSION, appConfiguration.getOxOpenIdConnectVersion());
 
         List<org.xdi.oxauth.model.common.Scope> dynamicScopes = Lists.newArrayList();
         if (includeIdTokenClaims && authorizationGrant.getClient().isIncludeClaimsInIdToken()) {
             for (String scopeName : scopes) {
                 org.xdi.oxauth.model.common.Scope scope = scopeService.getScopeByDisplayName(scopeName);
                 if ((scope != null) && (org.xdi.oxauth.model.common.ScopeType.DYNAMIC == scope.getScopeType())) {
                     dynamicScopes.add(scope);
                     continue;
                 }
 
                 if (scope != null && scope.getOxAuthClaims() != null) {
                     if (scope.getIsOxAuthGroupClaims()) {
                         JwtSubClaimObject groupClaim = new JwtSubClaimObject();
                         groupClaim.setName(scope.getDisplayName());
 
                         for (String claimDn : scope.getOxAuthClaims()) {
                             GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                             String claimName = gluuAttribute.getOxAuthClaimName();
                             String ldapName = gluuAttribute.getName();
                             Object attributeValue;
 
                             if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                                 if (ldapName.equals("uid")) {
                                     attributeValue = authorizationGrant.getUser().getUserId();
                                 } else {
                                     attributeValue = authorizationGrant.getUser().getAttribute(gluuAttribute.getName(), true);
                                 }
 
                                 if (attributeValue != null) {
                                     if (attributeValue instanceof JSONArray) {
                                         JSONArray jsonArray = (JSONArray) attributeValue;
                                         List<String> values = new ArrayList<String>();
                                         for (int i = 0; i < jsonArray.length(); i++) {
                                             String value = jsonArray.optString(i);
                                             if (value != null) {
                                                 values.add(value);
                                             }
                                         }
                                         jwt.getClaims().setClaim(claimName, values);
                                     } else {
                                         String value = attributeValue.toString();
                                         jwt.getClaims().setClaim(claimName, value);
                                     }
                                 }
                             }
                         }
 
                         jwt.getClaims().setClaim(scope.getDisplayName(), groupClaim);
                     } else {
                         for (String claimDn : scope.getOxAuthClaims()) {
                             GluuAttribute gluuAttribute = attributeService.getAttributeByDn(claimDn);
 
                             String claimName = gluuAttribute.getOxAuthClaimName();
                             String ldapName = gluuAttribute.getName();
                             Object attributeValue;
 
                             if (StringUtils.isNotBlank(claimName) && StringUtils.isNotBlank(ldapName)) {
                                 if (ldapName.equals("uid")) {
                                     attributeValue = authorizationGrant.getUser().getUserId();
                                 } else {
                                     attributeValue = authorizationGrant.getUser().getAttribute(gluuAttribute.getName(), true);
                                 }
 
                                 if (attributeValue != null) {
                                     if (attributeValue instanceof JSONArray) {
                                         JSONArray jsonArray = (JSONArray) attributeValue;
                                         List<String> values = new ArrayList<String>();
                                         for (int i = 0; i < jsonArray.length(); i++) {
                                             String value = jsonArray.optString(i);
                                             if (value != null) {
                                                 values.add(value);
                                             }
                                         }
                                         jwt.getClaims().setClaim(claimName, values);
                                     } else {
                                         String value = attributeValue.toString();
                                         jwt.getClaims().setClaim(claimName, value);
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
 
         if (authorizationGrant.getJwtAuthorizationRequest() != null
                 && authorizationGrant.getJwtAuthorizationRequest().getIdTokenMember() != null) {
             for (Claim claim : authorizationGrant.getJwtAuthorizationRequest().getIdTokenMember().getClaims()) {
                 boolean optional = true; // ClaimValueType.OPTIONAL.equals(claim.getClaimValue().getClaimValueType());
                 GluuAttribute gluuAttribute = attributeService.getByClaimName(claim.getName());
 
                 if (gluuAttribute != null) {
                     Client client = authorizationGrant.getClient();
 
                     if (validateRequesteClaim(gluuAttribute, client.getClaims(), scopes)) {
                         String ldapClaimName = gluuAttribute.getName();
                         Object attribute = authorizationGrant.getUser().getAttribute(ldapClaimName, optional);
                         if (attribute != null) {
                             if (attribute instanceof JSONArray) {
                                 JSONArray jsonArray = (JSONArray) attribute;
                                 List<String> values = new ArrayList<String>();
                                 for (int i = 0; i < jsonArray.length(); i++) {
                                     String value = jsonArray.optString(i);
                                     if (value != null) {
                                         values.add(value);
                                     }
                                 }
                                 jwt.getClaims().setClaim(claim.getName(), values);
                             } else {
                                 String value = (String) attribute;
                                 jwt.getClaims().setClaim(claim.getName(), value);
                             }
                         }
                     }
                 }
             }
         }
 
         // Check for Subject Identifier Type
         if (authorizationGrant.getClient().getSubjectType() != null &&
                 SubjectType.fromString(authorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
             String sectorIdentifierUri = null;
             if (StringUtils.isNotBlank(authorizationGrant.getClient().getSectorIdentifierUri())) {
                 sectorIdentifierUri = authorizationGrant.getClient().getSectorIdentifierUri();
             } else {
                 sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0];
             }
 
             String userInum = authorizationGrant.getUser().getAttribute("inum");
             String clientId = authorizationGrant.getClientId();
             PairwiseIdentifier pairwiseIdentifier = pairwiseIdentifierService.findPairWiseIdentifier(
                     userInum, sectorIdentifierUri, clientId);
             if (pairwiseIdentifier == null) {
                 pairwiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId);
                 pairwiseIdentifier.setId(UUID.randomUUID().toString());
                 pairwiseIdentifier.setDn(pairwiseIdentifierService.getDnForPairwiseIdentifier(
                         pairwiseIdentifier.getId(),
                         userInum));
                 pairwiseIdentifierService.addPairwiseIdentifier(userInum, pairwiseIdentifier);
             }
             jwt.getClaims().setSubjectIdentifier(pairwiseIdentifier.getId());
         } else {
             String openidSubAttribute = appConfiguration.getOpenidSubAttribute();
 
             if (openidSubAttribute.equals("uid")) {
                 jwt.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getUserId());
             } else {
                 jwt.getClaims().setSubjectIdentifier(authorizationGrant.getUser().getAttribute(openidSubAttribute));
             }
         }
 
         if ((dynamicScopes.size() > 0) && externalDynamicScopeService.isEnabled()) {
             final UnmodifiableAuthorizationGrant unmodifiableAuthorizationGrant = new UnmodifiableAuthorizationGrant(authorizationGrant);
             DynamicScopeExternalContext dynamicScopeContext = new DynamicScopeExternalContext(dynamicScopes, jwt, unmodifiableAuthorizationGrant);
             externalDynamicScopeService.executeExternalUpdateMethods(dynamicScopeContext);
         }
 
         return jwtSigner.sign();
     }

◆ setAmrClaim()

void org.xdi.oxauth.model.token.IdTokenFactory.setAmrClaim	(	JsonWebResponse	jwt,
		String	acrValues
	)

inlineprivate

                                                                     {
         List<String> amrList = Lists.newArrayList();
 
         CustomScriptConfiguration script = externalAuthenticationService.getCustomScriptConfigurationByName(acrValues);
         if (script != null) {
             amrList.add(Integer.toString(script.getLevel()));
 
             PersonAuthenticationType externalAuthenticator = (PersonAuthenticationType) script.getExternalType();
             int apiVersion = externalAuthenticator.getApiVersion();
 
             if (apiVersion > 3) {
                 Map<String, String> authenticationMethodClaimsOrNull = externalAuthenticator.getAuthenticationMethodClaims();
                 if (authenticationMethodClaimsOrNull != null) {
                     for (String key : authenticationMethodClaimsOrNull.keySet()) {
                         amrList.add(key + ":" + authenticationMethodClaimsOrNull.get(key));
                     }
                 }
             }
         }
 
         jwt.getClaims().setClaim(JwtClaimName.AUTHENTICATION_METHOD_REFERENCES, amrList);
     }

◆ validateRequesteClaim()

boolean org.xdi.oxauth.model.token.IdTokenFactory.validateRequesteClaim	(	GluuAttribute	gluuAttribute,
		String []	clientAllowedClaims,
		Collection< String >	scopes
	)

inline

                                                                                                                                {
         if (gluuAttribute != null) {
             if (clientAllowedClaims != null) {
                 for (int i = 0; i < clientAllowedClaims.length; i++) {
                     if (gluuAttribute.getDn().equals(clientAllowedClaims[i])) {
                         return true;
                     }
                 }
             }
 
             for (String scopeName : scopes) {
                 org.xdi.oxauth.model.common.Scope scope = scopeService.getScopeByDisplayName(scopeName);
 
                 if (scope != null && scope.getOxAuthClaims() != null) {
                     for (String claimDn : scope.getOxAuthClaims()) {
                         if (gluuAttribute.getDisplayName().equals(attributeService.getAttributeByDn(claimDn).getDisplayName())) {
                             return true;
                         }
                     }
                 }
             }
         }
 
         return false;
     }

メンバ詳解

◆ appConfiguration

AppConfiguration org.xdi.oxauth.model.token.IdTokenFactory.appConfiguration

private

◆ attributeService

AttributeService org.xdi.oxauth.model.token.IdTokenFactory.attributeService

private

◆ clientService

ClientService org.xdi.oxauth.model.token.IdTokenFactory.clientService

private

◆ externalAuthenticationService

ExternalAuthenticationService org.xdi.oxauth.model.token.IdTokenFactory.externalAuthenticationService

private

◆ externalDynamicScopeService

ExternalDynamicScopeService org.xdi.oxauth.model.token.IdTokenFactory.externalDynamicScopeService

private

◆ pairwiseIdentifierService

PairwiseIdentifierService org.xdi.oxauth.model.token.IdTokenFactory.pairwiseIdentifierService

private

◆ scopeService

ScopeService org.xdi.oxauth.model.token.IdTokenFactory.scopeService

private

◆ webKeysConfiguration

WebKeysConfiguration org.xdi.oxauth.model.token.IdTokenFactory.webKeysConfiguration

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/model/token/IdTokenFactory.java

公開メンバ関数

非公開メンバ関数

非公開変数類

詳解

関数詳解

◆ createJwr()

◆ generateEncryptedIdToken()

◆ generateSignedIdToken()

◆ setAmrClaim()

◆ validateRequesteClaim()

メンバ詳解

◆ appConfiguration

◆ attributeService

◆ clientService

◆ externalAuthenticationService

◆ externalDynamicScopeService

◆ pairwiseIdentifierService

◆ scopeService

◆ webKeysConfiguration