Package org.projectnessie.client.auth.oauth2

Interface OAuth2AuthenticatorConfig

@Immutable(lazyhash=true)
public interface OAuth2AuthenticatorConfig

Configuration options for OAuth2Authenticator.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	OAuth2AuthenticatorConfig.Builder

Method Summary

Modifier and Type	Method	Description
static OAuth2AuthenticatorConfig.Builder	builder()
static OAuth2AuthenticatorConfig	fromConfigSupplier(Function<String,String> config)	Creates a new OAuth2AuthenticatorConfig from the given configuration supplier.
Optional<URI>	getAuthEndpoint()	The OAuth2 authorization endpoint.
default Duration	getAuthorizationCodeFlowTimeout()	How long to wait for an authorization code.
OptionalInt	getAuthorizationCodeFlowWebServerPort()	The port to use for the local web server that listens for the authorization code.
default Duration	getBackgroundThreadIdleTimeout()	The maximum time a background thread can be idle before it is closed.
String	getClientId()	The OAuth2 client ID.
Optional<Secret>	getClientSecret()	The OAuth2 static client secret.
Optional<Supplier<String>>	getClientSecretSupplier()	The OAuth2 client secret supplier.
default Duration	getDefaultAccessTokenLifespan()	The default access token lifespan.
default Duration	getDefaultRefreshTokenLifespan()	The default refresh token lifespan.
Optional<URI>	getDeviceAuthEndpoint()	The OAuth2 device authorization endpoint.
default Duration	getDeviceCodeFlowPollInterval()	How often to poll the token endpoint.
default Duration	getDeviceCodeFlowTimeout()	How long to wait for the device code flow to complete.
Optional<ScheduledExecutorService>	getExecutor()	The executor to use for background tasks such as refreshing tokens.
Map<String,String>	getExtraRequestParameters()	Additional parameters to be included in the request.
default GrantType	getGrantType()	The OAuth2 grant type.
default ImpersonationConfig	getImpersonationConfig()	The impersonation configuration.
Optional<URI>	getIssuerUrl()	The root URL of the OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations.
default com.fasterxml.jackson.databind.ObjectMapper	getObjectMapper()	The ObjectMapper to use for JSON serialization and deserialization.
Optional<Secret>	getPassword()	The OAuth2 static password.
Optional<Supplier<String>>	getPasswordSupplier()	The OAuth2 password supplier.
default Duration	getPreemptiveTokenRefreshIdleTimeout()	For how long the OAuth2 client should keep the tokens fresh, if the client is not being actively used.
default Duration	getRefreshSafetyWindow()	The refresh safety window.
default Optional<String>	getScope()	Deprecated.
List<String>	getScopes()	The OAuth2 scopes.
Optional<SSLContext>	getSslContext()	The SSL context to use for HTTPS connections to the authentication provider, if the server uses a self-signed certificate or a certificate signed by a CA that is not in the default trust store of the JVM.
Optional<URI>	getTokenEndpoint()	The OAuth2 token endpoint.
default TokenExchangeConfig	getTokenExchangeConfig()	The token exchange configuration.
default boolean	getTokenExchangeEnabled()	Deprecated.
Optional<String>	getUsername()	The OAuth2 username.
static Map<String,String>	parseExtraParams(String text)

Method Details

fromConfigSupplier

static OAuth2AuthenticatorConfig fromConfigSupplier(Function<String,String> config)

Creates a new OAuth2AuthenticatorConfig from the given configuration supplier.

Parameters:

config - the configuration supplier

Returns:

a new OAuth2AuthenticatorConfig

Throws:

NullPointerException - if config is null, or a required configuration option is missing

IllegalArgumentException - if the configuration is otherwise invalid

See Also:

• NessieConfigConstants

parseExtraParams

static Map<String,String> parseExtraParams(String text)

getIssuerUrl

Optional<URI> getIssuerUrl()

The root URL of the OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations.

Endpoint discovery is performed using the OpenID Connect Discovery metadata published by the issuer. See OpenID Connect Discovery 1.0 for more information.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_ISSUER_URL

getTokenEndpoint

Optional<URI> getTokenEndpoint()

The OAuth2 token endpoint. Either this or getIssuerUrl() must be set.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_ENDPOINT

getAuthEndpoint

Optional<URI> getAuthEndpoint()

The OAuth2 authorization endpoint. Either this or getIssuerUrl() must be set, if the grant type is GrantType.AUTHORIZATION_CODE.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTH_ENDPOINT

getDeviceAuthEndpoint

Optional<URI> getDeviceAuthEndpoint()

The OAuth2 device authorization endpoint. Either this or getIssuerUrl() must be set, if the grant type is GrantType.DEVICE_CODE.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_AUTH_ENDPOINT

getGrantType

@Default
default GrantType getGrantType()

The OAuth2 grant type. Defaults to GrantType.CLIENT_CREDENTIALS.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_GRANT_TYPE

getClientId

String getClientId()

The OAuth2 client ID. Must be set.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_ID

getClientSecret

@Redacted
Optional<Secret> getClientSecret()

The OAuth2 static client secret. Either this attribute or getClientSecretSupplier() must be set, if a client secret is required by the IdP.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SECRET

getClientSecretSupplier

@Redacted
Optional<Supplier<String>> getClientSecretSupplier()

The OAuth2 client secret supplier. Either this attribute or getClientSecret() must be set, if a client secret is required by the IdP.

getUsername

Optional<String> getUsername()

The OAuth2 username. Only relevant for GrantType.PASSWORD grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_USERNAME

getPassword

@Redacted
Optional<Secret> getPassword()

The OAuth2 static password. Only relevant for GrantType.PASSWORD grant type. Either this attribute or getPasswordSupplier() must be set if a password is required.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_PASSWORD

getPasswordSupplier

@Redacted
Optional<Supplier<String>> getPasswordSupplier()

The OAuth2 password supplier. Only relevant for GrantType.PASSWORD grant type. Either this attribute or getPassword() must be set if a password is required.

getScope

@Derived
@Deprecated
default Optional<String> getScope()

Deprecated.

getScopes

List<String> getScopes()

The OAuth2 scopes. Optional.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SCOPES

getExtraRequestParameters

Map<String,String> getExtraRequestParameters()

Additional parameters to be included in the request. This is useful for custom parameters that are not covered by the standard OAuth2.0 specification.

getTokenExchangeEnabled

@Deprecated
@Default
default boolean getTokenExchangeEnabled()

Deprecated.

getTokenExchangeConfig

@Default
default TokenExchangeConfig getTokenExchangeConfig()

The token exchange configuration. Optional.

getImpersonationConfig

@Default
default ImpersonationConfig getImpersonationConfig()

The impersonation configuration. Optional.

getDefaultAccessTokenLifespan

@Default
default Duration getDefaultAccessTokenLifespan()

The default access token lifespan. Optional, defaults to NessieConfigConstants.DEFAULT_DEFAULT_ACCESS_TOKEN_LIFESPAN.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_ACCESS_TOKEN_LIFESPAN

getDefaultRefreshTokenLifespan

@Default
default Duration getDefaultRefreshTokenLifespan()

The default refresh token lifespan. Optional, defaults to NessieConfigConstants.DEFAULT_DEFAULT_REFRESH_TOKEN_LIFESPAN.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_REFRESH_TOKEN_LIFESPAN

getRefreshSafetyWindow

@Default
default Duration getRefreshSafetyWindow()

The refresh safety window. A new token will be fetched when the current token's remaining lifespan is less than this value. Optional, defaults to NessieConfigConstants.DEFAULT_REFRESH_SAFETY_WINDOW.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_REFRESH_SAFETY_WINDOW

getPreemptiveTokenRefreshIdleTimeout

@Default
default Duration getPreemptiveTokenRefreshIdleTimeout()

For how long the OAuth2 client should keep the tokens fresh, if the client is not being actively used. Defaults to NessieConfigConstants.DEFAULT_PREEMPTIVE_TOKEN_REFRESH_IDLE_TIMEOUT.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_PREEMPTIVE_TOKEN_REFRESH_IDLE_TIMEOUT

getBackgroundThreadIdleTimeout

@Default
default Duration getBackgroundThreadIdleTimeout()

The maximum time a background thread can be idle before it is closed. Only relevant when using the default executor. Defaults to NessieConfigConstants.DEFAULT_BACKGROUND_THREAD_IDLE_TIMEOUT.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_BACKGROUND_THREAD_IDLE_TIMEOUT

getAuthorizationCodeFlowTimeout

@Default
default Duration getAuthorizationCodeFlowTimeout()

How long to wait for an authorization code. Defaults to NessieConfigConstants.DEFAULT_AUTHORIZATION_CODE_FLOW_TIMEOUT. Only relevant when using the GrantType.AUTHORIZATION_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_TIMEOUT

getAuthorizationCodeFlowWebServerPort

OptionalInt getAuthorizationCodeFlowWebServerPort()

The port to use for the local web server that listens for the authorization code.

When running a client inside a container make sure to specify a port and forward the port to the container host.

If not set or set to zero, a random port from the dynamic client port range will be used. Only relevant when using the GrantType.AUTHORIZATION_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_WEB_PORT

getDeviceCodeFlowTimeout

@Default
default Duration getDeviceCodeFlowTimeout()

How long to wait for the device code flow to complete. Defaults to NessieConfigConstants.DEFAULT_DEVICE_CODE_FLOW_TIMEOUT. Only relevant when using the GrantType.DEVICE_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_TIMEOUT

getDeviceCodeFlowPollInterval

@Default
default Duration getDeviceCodeFlowPollInterval()

How often to poll the token endpoint. Defaults to NessieConfigConstants.DEFAULT_DEVICE_CODE_FLOW_POLL_INTERVAL. Only relevant when using the GrantType.DEVICE_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_POLL_INTERVAL

getSslContext

Optional<SSLContext> getSslContext()

The SSL context to use for HTTPS connections to the authentication provider, if the server uses a self-signed certificate or a certificate signed by a CA that is not in the default trust store of the JVM. Optional; if not set, the default SSL context is used.

getObjectMapper

@Default
default com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()

The ObjectMapper to use for JSON serialization and deserialization. Defaults to a vanilla instance.

getExecutor

Optional<ScheduledExecutorService> getExecutor()

The executor to use for background tasks such as refreshing tokens. Defaults to a thread pool with daemon threads, and a single thread initially. The pool will grow as needed and can also shrink to zero threads if no activity is detected for getBackgroundThreadIdleTimeout().

builder

static OAuth2AuthenticatorConfig.Builder builder()