Package org.projectnessie.client.auth.oauth2

Interface ImpersonationConfig

@Immutable
public interface ImpersonationConfig

Configuration for OAuth2 impersonation.

STILL IN BETA. API MAY CHANGE.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	ImpersonationConfig.Builder

Field Summary

Fields

Modifier and Type	Field	Description
static final List<String>	SCOPES_INHERIT

Method Summary

Modifier and Type	Method	Description
static ImpersonationConfig.Builder	builder()
static ImpersonationConfig	fromConfigSupplier(Function<String,String> config)
Optional<String>	getClientId()	An alternate client ID to use for impersonations only.
Optional<Secret>	getClientSecret()	An alternate client secret to use for impersonations only.
Optional<URI>	getIssuerUrl()	The root URL of an alternate OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations, but only for impersonation.
default List<String>	getScopes()	Custom OAuth2 scopes for impersonation only.
Optional<URI>	getTokenEndpoint()	An alternate OAuth2 token endpoint, for impersonation only.
default boolean	isEnabled()	Whether "impersonation" is enabled.

Field Details

SCOPES_INHERIT

static final List<String> SCOPES_INHERIT

Method Details

fromConfigSupplier

static ImpersonationConfig fromConfigSupplier(Function<String,String> config)

isEnabled

@Default
default boolean isEnabled()

Whether "impersonation" is enabled. If enabled, the access token obtained from the OAuth2 server with the configured initial grant will be exchanged for a new token, using the token exchange grant type.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_ENABLED

getClientId

Optional<String> getClientId()

An alternate client ID to use for impersonations only. If not provided, the global client ID will be used. If provided, and if the client is confidential, then its secret must be provided with getClientSecret() – the global client secret will NOT be used.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_CLIENT_ID

getClientSecret

Optional<Secret> getClientSecret()

An alternate client secret to use for impersonations only. Required if the alternate client obtained from getClientId() is confidential.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_CLIENT_SECRET

getIssuerUrl

Optional<URI> getIssuerUrl()

The root URL of an alternate OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations, but only for impersonation.

If neither this property nor getTokenEndpoint() are defined, the global token endpoint will be used for impersonation. This means that the same authorization server will be used for both the initial token request and the impersonation token exchange.

Endpoint discovery is performed using the OpenID Connect Discovery metadata published by the issuer. See OpenID Connect Discovery 1.0 for more information.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_ISSUER_URL

getTokenEndpoint

Optional<URI> getTokenEndpoint()

An alternate OAuth2 token endpoint, for impersonation only.

If neither this property nor getIssuerUrl() are defined, the global token endpoint will be used for impersonation. This means that the same authorization server will be used for both the initial token request and the impersonation token exchange.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_TOKEN_ENDPOINT

getScopes

@Default
default List<String> getScopes()

Custom OAuth2 scopes for impersonation only. Optional.

The special value SCOPES_INHERIT (default) means that the scopes will be inherited from the global OAuth2 configuration.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_IMPERSONATION_SCOPES

builder

static ImpersonationConfig.Builder builder()