vck-openid/at.asitplus.wallet.lib.oauth2

Package-level declarations

Types

Strategy to implement authorization for credential requests (with scope or OpenIdAuthorizationDetails) in SimpleAuthorizationService.

BearerTokenGenerationService

class BearerTokenGenerationService(nonceService: NonceService = DefaultNonceService()) : TokenGenerationService

Simple bearer token generation for an OAuth 2.0 authorization server.

BearerTokenVerificationService

class BearerTokenVerificationService(nonceService: NonceService, tokenGenerationService: BearerTokenGenerationService) : TokenVerificationService

Verifies Bearer tokens that have been generated by BearerTokenGenerationService. This does only work for internal authorization servers, because we could not store the actual user data otherwise.

ClientAuthenticationService

class ClientAuthenticationService( enforceClientAuthentication: Boolean = false, verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(), verifyClientAttestationJwt: suspend (JwsSigned<JsonWebToken>) -> Boolean = { true })

Simple client authentication service for an OAuth2.0 AS.

ClientAuthRequest

data class ClientAuthRequest( val issuedCode: String, val userInfo: OidcUserInfoExtended, val scope: String? = null, val authnDetails: Collection<AuthorizationDetails>? = null, val codeChallenge: String? = null)

Extracted information from at.asitplus.openid.AuthenticationRequestParameters, to store what the client has initially requested (which scope and/or authnDetails).

JwtTokenGenerationService

class JwtTokenGenerationService( nonceService: NonceService = DefaultNonceService(), publicContext: String = "https://wallet.a-sit.at/authorization-server", verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(), jwsService: JwsService = DefaultJwsService(DefaultCryptoService(EphemeralKeyWithoutCert())), clock: Clock = System, issueRefreshToken: Boolean = false) : TokenGenerationService

Simple DPoP token generation for an OAuth 2.0 authorization server, with OpenId4VciAccessToken as payload.

JwtTokenVerificationService

class JwtTokenVerificationService( nonceService: NonceService, issuerKey: JsonWebKey, verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(), clock: Clock = System, timeLeeway: Duration = 5.minutes) : TokenVerificationService

Verifies JWT tokens that have been generated by JwtTokenGenerationService, as OpenId4VciAccessToken.

OAuth2Client

class OAuth2Client( val clientId: String = "https://wallet.a-sit.at/app", val redirectUrl: String = "/callback", stateToCodeStore: MapStore<String, String> = DefaultMapStore(), val jwsService: JwsService? = DefaultJwsService(DefaultCryptoService(EphemeralKeyWithSelfSignedCert())))

Simple OAuth 2.0 client to authorize the client against an OAuth 2.0 Authorization Server and request tokens.

OpenId4VciAccessToken

@Serializable

data class OpenId4VciAccessToken( val issuer: String? = null, val audience: String? = null, val notBefore: Instant? = null, val expiration: Instant? = null, val jwtId: String? = null, val confirmationClaim: ConfirmationClaim? = null, val userInfo: JsonObject? = null, val scope: String? = null, val authorizationDetails: Set<AuthorizationDetails>? = null)

RequestInfo

data class RequestInfo( val url: String, val method: HttpMethod, val dpop: String? = null, val clientAttestation: String? = null, val clientAttestationPop: String? = null)

Holds information about the HTTP request the client has made, to validate client authentication.

SimpleAuthorizationService

class SimpleAuthorizationService( strategy: AuthorizationServiceStrategy, dataProvider: OAuth2DataProvider, codeService: CodeService = DefaultCodeService(), val publicContext: String = "https://wallet.a-sit.at/authorization-server", authorizationEndpointPath: String = "/authorize", tokenEndpointPath: String = "/token", pushedAuthorizationRequestEndpointPath: String = "/par", issuerStateToCredentialOffer: MapStore<String, CredentialOffer> = DefaultMapStore(), codeToClientAuthRequest: MapStore<String, ClientAuthRequest> = DefaultMapStore(), refreshTokenToAuthRequest: MapStore<String, ClientAuthRequest> = DefaultMapStore(), requestUriToPushedAuthorizationRequest: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore(), tokenService: TokenService = TokenService.bearer( nonceService = DefaultNonceService(), ), clientAuthenticationService: ClientAuthenticationService = ClientAuthenticationService( enforceClientAuthentication = false, verifierJwsService = DefaultVerifierJwsService(), verifyClientAttestationJwt = { true } ), requestParser: RequestParser = RequestParser( /** By default, do not retrieve authn requests referenced by `request_uri`. */ remoteResourceRetriever = { null }, /** Trust all JWS signatures, client will be authenticated anyway. */ requestObjectJwsVerifier = { true }, /** Not necessary to load the authn request referenced by `request_uri`. */ buildRequestObjectParameters = { null } )) : OAuth2AuthorizationServerAdapter

Simple authorization server implementation, to be used for CredentialIssuer, with the actual authentication and authorization logic implemented in strategy.

TokenGenerationService

interface TokenGenerationService

Strategy to generate access tokens, to use in SimpleAuthorizationService.

TokenService

data class TokenService( val generation: TokenGenerationService, val verification: TokenVerificationService, val dpopSigningAlgValuesSupportedStrings: Set<String>? = null)

Combines access token generation and verification.

TokenVerificationService

interface TokenVerificationService

Verifies access tokens and refresh tokens, that may have been generated by a TokenGenerationService, or by any other OAuth 2.0 authorization server.

ValidatedAccessToken

data class ValidatedAccessToken( val token: String, val userInfoExtended: OidcUserInfoExtended? = null, val authorizationDetails: Set<AuthorizationDetails>? = null, val scope: String? = null)