http4k-security-oauth/org.http4k.security/OAuthPersistence

OAuthPersistence

interface OAuthPersistence

Provides persistence for OAuth lifecycle values:

  • CrossSiteRequestForgeryToken - used to retrieve that authorisation code assignment responses are genuinely from the end-service.

  • AccessToken - provides time-limited access to protected API resources on the end-service.

Inheritors

Functions

Link copied to clipboard
abstract fun assignCsrf(redirect: Response, csrf: CrossSiteRequestForgeryToken): Response

Assign a CSRF token to this OAuth auth redirection (to the end-service) response. Opportunity here to modify the response returned to the user when the redirection happens.

Link copied to clipboard
abstract fun assignNonce(redirect: Response, nonce: Nonce): Response

Assign a nonce to this OIDC auth redirection (to the end-service) response. Opportunity here to modify the response returned to the user when the redirection happens.

Link copied to clipboard
abstract fun assignOriginalUri(redirect: Response, originalUri: Uri): Response

opportunity to store the uri that the request was made before authentication this will then be redirected back to after auth

Link copied to clipboard
abstract fun assignPkce(redirect: Response, pkce: PkceChallengeAndVerifier): Response
Link copied to clipboard
abstract fun assignToken(request: Request, redirect: Response, accessToken: AccessToken, idToken: IdToken? = null): Response

Assign the swapped AccessToken (and optional IdToken) returned by the end-service. Opportunity here to modify the response returned to the user when the redirection happens.

Link copied to clipboard
open fun authFailureResponse(reason: OAuthCallbackError): Response

Build the default failure response which occurs when a failure occurs during the callback process (eg. a mismatch/missing CSRF or failure occurring when calling into the end-service for the access-token.

Link copied to clipboard
abstract fun retrieveCsrf(request: Request): CrossSiteRequestForgeryToken?

Retrieve the stored CSRF token for this user request

Link copied to clipboard
abstract fun retrieveNonce(request: Request): Nonce?

Retrieve the stored nonce token for this user request

Link copied to clipboard
abstract fun retrieveOriginalUri(request: Request): Uri?

Retrieve the stored original uri for this user request

Link copied to clipboard
abstract fun retrievePkce(request: Request): PkceChallengeAndVerifier?
Link copied to clipboard
abstract fun retrieveToken(request: Request): AccessToken?

Retrieve the stored AccessToken token for this user request