Package org.projectnessie.client.auth.oauth2

Interface OAuth2AuthenticatorConfig

@Immutable(lazyhash=true)
public interface OAuth2AuthenticatorConfig

Configuration options for OAuth2Authenticator.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	OAuth2AuthenticatorConfig.Builder

Method Summary

Modifier and Type	Method	Description
static OAuth2AuthenticatorConfig.Builder	builder()
static OAuth2AuthenticatorConfig	fromConfigSupplier(Function<String,String> config)	Creates a new OAuth2AuthenticatorConfig from the given configuration supplier.
Optional<URI>	getAuthEndpoint()	The OAuth2 authorization endpoint.
default Duration	getAuthorizationCodeFlowTimeout()	How long to wait for an authorization code.
OptionalInt	getAuthorizationCodeFlowWebServerPort()	The port to use for the local web server that listens for the authorization code.
default Duration	getBackgroundThreadIdleTimeout()	The maximum time a background thread can be idle before it is closed.
String	getClientId()	The OAuth2 client ID.
Secret	getClientSecret()	The OAuth2 client secret.
default Duration	getDefaultAccessTokenLifespan()	The default access token lifespan.
default Duration	getDefaultRefreshTokenLifespan()	The default refresh token lifespan.
Optional<URI>	getDeviceAuthEndpoint()	The OAuth2 device authorization endpoint.
default Duration	getDeviceCodeFlowPollInterval()	How often to poll the token endpoint.
default Duration	getDeviceCodeFlowTimeout()	How long to wait for the device code flow to complete.
default ScheduledExecutorService	getExecutor()	The executor to use for background tasks such as refreshing tokens.
default GrantType	getGrantType()	The OAuth2 grant type.
Optional<URI>	getIssuerUrl()	The root URL of the OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations.
default com.fasterxml.jackson.databind.ObjectMapper	getObjectMapper()	The ObjectMapper to use for JSON serialization and deserialization.
Optional<Secret>	getPassword()	The OAuth2 password.
default Duration	getPreemptiveTokenRefreshIdleTimeout()	For how long the OAuth2 client should keep the tokens fresh, if the client is not being actively used.
default Duration	getRefreshSafetyWindow()	The refresh safety window.
Optional<String>	getScope()	The OAuth2 scope.
Optional<SSLContext>	getSslContext()	The SSL context to use for HTTPS connections to the authentication provider, if the server uses a self-signed certificate or a certificate signed by a CA that is not in the default trust store of the JVM.
Optional<URI>	getTokenEndpoint()	The OAuth2 token endpoint.
default boolean	getTokenExchangeEnabled()	Whether token exchange is enabled.
Optional<String>	getUsername()	The OAuth2 username.

Method Details

fromConfigSupplier

static OAuth2AuthenticatorConfig fromConfigSupplier(Function<String,String> config)

Creates a new OAuth2AuthenticatorConfig from the given configuration supplier.

Parameters:

config - the configuration supplier

Returns:

a new OAuth2AuthenticatorConfig

Throws:

NullPointerException - if config is null, or a required configuration option is missing

IllegalArgumentException - if the configuration is otherwise invalid

See Also:

• NessieConfigConstants

getIssuerUrl

Optional<URI> getIssuerUrl()

The root URL of the OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations.

Endpoint discovery is performed using the OpenID Connect Discovery metadata published by the issuer. See OpenID Connect Discovery 1.0 for more information.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_ISSUER_URL

getTokenEndpoint

Optional<URI> getTokenEndpoint()

The OAuth2 token endpoint. Either this or getIssuerUrl() must be set.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_ENDPOINT

getAuthEndpoint

Optional<URI> getAuthEndpoint()

The OAuth2 authorization endpoint. Either this or getIssuerUrl() must be set, if the grant type is GrantType.AUTHORIZATION_CODE.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTH_ENDPOINT

getDeviceAuthEndpoint

Optional<URI> getDeviceAuthEndpoint()

The OAuth2 device authorization endpoint. Either this or getIssuerUrl() must be set, if the grant type is GrantType.DEVICE_CODE.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_AUTH_ENDPOINT

getGrantType

@Default
default GrantType getGrantType()

The OAuth2 grant type. Defaults to GrantType.CLIENT_CREDENTIALS.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_GRANT_TYPE

getClientId

String getClientId()

The OAuth2 client ID. Must be set.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_ID

getClientSecret

Secret getClientSecret()

The OAuth2 client secret. Must be set.

Once read by the Nessie client, the secret contents will be cleared from memory.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SECRET

getUsername

Optional<String> getUsername()

The OAuth2 username. Only relevant for GrantType.PASSWORD grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_USERNAME

getPassword

Optional<Secret> getPassword()

The OAuth2 password. Only relevant for GrantType.PASSWORD grant type.

Once read by the Nessie client, the password contents will be cleared from memory.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_PASSWORD

getScope

Optional<String> getScope()

The OAuth2 scope. Optional.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SCOPES

getTokenExchangeEnabled

@Default
default boolean getTokenExchangeEnabled()

Whether token exchange is enabled. Defaults to true.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_ENABLED

getDefaultAccessTokenLifespan

@Default
default Duration getDefaultAccessTokenLifespan()

The default access token lifespan. Optional, defaults to NessieConfigConstants.DEFAULT_DEFAULT_ACCESS_TOKEN_LIFESPAN.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_ACCESS_TOKEN_LIFESPAN

getDefaultRefreshTokenLifespan

@Default
default Duration getDefaultRefreshTokenLifespan()

The default refresh token lifespan. Optional, defaults to NessieConfigConstants.DEFAULT_DEFAULT_REFRESH_TOKEN_LIFESPAN.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_REFRESH_TOKEN_LIFESPAN

getRefreshSafetyWindow

@Default
default Duration getRefreshSafetyWindow()

The refresh safety window. A new token will be fetched when the current token's remaining lifespan is less than this value. Optional, defaults to NessieConfigConstants.DEFAULT_REFRESH_SAFETY_WINDOW.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_REFRESH_SAFETY_WINDOW

getPreemptiveTokenRefreshIdleTimeout

@Default
default Duration getPreemptiveTokenRefreshIdleTimeout()

For how long the OAuth2 client should keep the tokens fresh, if the client is not being actively used. Defaults to NessieConfigConstants.DEFAULT_PREEMPTIVE_TOKEN_REFRESH_IDLE_TIMEOUT.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_PREEMPTIVE_TOKEN_REFRESH_IDLE_TIMEOUT

getBackgroundThreadIdleTimeout

@Default
default Duration getBackgroundThreadIdleTimeout()

The maximum time a background thread can be idle before it is closed. Only relevant when using the default executor. Defaults to NessieConfigConstants.DEFAULT_BACKGROUND_THREAD_IDLE_TIMEOUT.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_BACKGROUND_THREAD_IDLE_TIMEOUT

getAuthorizationCodeFlowTimeout

@Default
default Duration getAuthorizationCodeFlowTimeout()

How long to wait for an authorization code. Defaults to NessieConfigConstants.DEFAULT_AUTHORIZATION_CODE_FLOW_TIMEOUT. Only relevant when using the GrantType.AUTHORIZATION_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_TIMEOUT

getAuthorizationCodeFlowWebServerPort

OptionalInt getAuthorizationCodeFlowWebServerPort()

The port to use for the local web server that listens for the authorization code. Optional. If not set or set to zero, a random port from the dynamic client port range will be used. Only relevant when using the GrantType.AUTHORIZATION_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_WEB_PORT

getDeviceCodeFlowTimeout

@Default
default Duration getDeviceCodeFlowTimeout()

How long to wait for the device code flow to complete. Defaults to NessieConfigConstants.DEFAULT_DEVICE_CODE_FLOW_TIMEOUT. Only relevant when using the GrantType.DEVICE_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_TIMEOUT

getDeviceCodeFlowPollInterval

@Default
default Duration getDeviceCodeFlowPollInterval()

How often to poll the token endpoint. Defaults to NessieConfigConstants.DEFAULT_DEVICE_CODE_FLOW_POLL_INTERVAL. Only relevant when using the GrantType.DEVICE_CODE grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_POLL_INTERVAL

getSslContext

Optional<SSLContext> getSslContext()

The SSL context to use for HTTPS connections to the authentication provider, if the server uses a self-signed certificate or a certificate signed by a CA that is not in the default trust store of the JVM. Optional; if not set, the default SSL context is used.

getObjectMapper

@Default
default com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()

The ObjectMapper to use for JSON serialization and deserialization. Defaults to a vanilla instance.

getExecutor

@Default
default ScheduledExecutorService getExecutor()

The executor to use for background tasks such as refreshing tokens. Defaults to a thread pool with daemon threads, and a single thread initially. The pool will grow as needed and can also shrink to zero threads if no activity is detected for getBackgroundThreadIdleTimeout().

builder

static OAuth2AuthenticatorConfig.Builder builder()