inabajunmr / azidp4j

[alpha] Java OAuth 2.0 Authorization Server & OpenID Connect Identity Provider Library for any web application frameworks.
MIT License
4 stars 0 forks source link

customizable initiation #33

Closed inabajunmr closed 1 year ago

inabajunmr commented 1 year ago
inabajunmr commented 1 year ago

Only OAuth 2.0

one way interface

var azIdP = AzIdP.oauth2()
    .inMemoryClientStore()
    .defaultClientValidator()
    .inMemoryAuthorizationCodeService()
    .inMemoryAccessTokenService()
    .inMemoryRefreshTokenService()
    .staticScopeAudienceMapper("audience.example.com")
    .build();

builder and validate

var discovery = Discovery.minimum()
    . authorization_endpoint("https://example.com/authorize")
    . scopes_supported(Set.of("read"))
    ...;

var azIdP = AzIdP
    .inMemoryClientStore()
    .defaultClientValidator()
    .inMemoryAuthorizationCodeService()
    .inMemoryAccessTokenService()
    .inMemoryRefreshTokenService()
    .staticScopeAudienceMapper("audience.example.com")
    .discovery(discovery)
    .oauth2() // if setting is not enough, throw exception
    .build();
inabajunmr commented 1 year ago

OAuth 2.0 & OIDC

var azIdP = AzIdP.oauth2AndOidc()
    .jwkSet(jwks)
    .inMemoryClientStore()
    .defaultClientValidator()
    .inMemoryAuthorizationCodeService()
    .inMemoryAccessTokenService()
    .inMemoryRefreshTokenService()
    .staticScopeAudienceMapper("audience.example.com")
    .build();
inabajunmr commented 1 year ago

must to consider configuration interface

inabajunmr commented 1 year ago
// required
public final String issuer;
// only support discovery
public final String authorizationEndpoint;
// only support discovery
public final String tokenEndpoint;
// only support discovery and OIDC
public final String jwksEndpoint;
// only support discovery and client registration
public final String clientRegistrationEndpoint;
// only support discovery and client configuration
public final String clientConfigurationEndpointPattern;
// only support discovery and userinfo endpoint
public final String userInfoEndpoint;
// always required
public final Set<String> scopesSupported;
// always required
public final Set<String> defaultScope;
// always required support default value
public final int authorizationCodeExpirationSec;
// always required support default value
public final int accessTokenExpirationSec;
// only oidc, support default value
public final int idTokenExpirationSec;
// always required support default value
public final int refreshTokenExpirationSec;
inabajunmr commented 1 year ago

discovery has more options so

inabajunmr commented 1 year ago

https://gist.github.com/inabajunmr/75cc9834ec0b5a77306253bd9197cbd5

inabajunmr commented 1 year ago

one way interface is too complicated