io.quarkus.oidc.runtime.OidcTokenCredentialProducer Maven / Gradle / Ivy
package io.quarkus.oidc.runtime;
import jakarta.annotation.Priority;
import jakarta.enterprise.context.RequestScoped;
import jakarta.enterprise.inject.Alternative;
import jakarta.enterprise.inject.Produces;
import jakarta.inject.Inject;
import org.jboss.logging.Logger;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.IdToken;
import io.quarkus.oidc.IdTokenCredential;
import io.quarkus.oidc.RefreshToken;
import io.quarkus.oidc.TokenIntrospection;
import io.quarkus.oidc.UserInfo;
import io.quarkus.security.identity.SecurityIdentity;
@RequestScoped
public class OidcTokenCredentialProducer {
private static final Logger LOG = Logger.getLogger(OidcTokenCredentialProducer.class);
@Inject
SecurityIdentity identity;
/**
* The producer method for the current id token
*
* @return the id token
*/
@Produces
@RequestScoped
IdTokenCredential currentIdToken() {
IdTokenCredential cred = identity.getCredential(IdTokenCredential.class);
if (cred == null || cred.getToken() == null) {
LOG.trace("IdToken is null");
cred = new IdTokenCredential();
}
return cred;
}
@Produces
@RequestScoped
@Alternative
@Priority(1)
AccessTokenCredential currentAccessToken() {
AccessTokenCredential cred = identity.getCredential(AccessTokenCredential.class);
if (cred == null || cred.getToken() == null) {
LOG.trace("AccessToken is null");
cred = new AccessTokenCredential();
}
return cred;
}
@Produces
@RequestScoped
RefreshToken currentRefreshToken() {
RefreshToken cred = identity.getCredential(RefreshToken.class);
if (cred == null) {
LOG.trace("RefreshToken is null");
cred = new RefreshToken();
}
return cred;
}
/**
* The producer method for the current UserInfo
*
* @return the user info
*/
@Produces
@RequestScoped
UserInfo currentUserInfo() {
UserInfo userInfo = (UserInfo) identity.getAttribute(OidcUtils.USER_INFO_ATTRIBUTE);
if (userInfo == null) {
LOG.trace("UserInfo is null");
userInfo = new UserInfo();
}
return userInfo;
}
/**
* The producer method for the ID token TokenIntrospection only.
*
* @return the ID token introspection
*/
@Produces
@RequestScoped
@IdToken
TokenIntrospection idTokenIntrospection() {
return tokenIntrospectionFromIdentityAttribute();
}
/**
* The producer method for the current TokenIntrospection.
*
* This TokenIntrospection always represents the bearer access token introspection when the bearer access tokens
* are used.
*
* In case of the authorization code flow, it represents a code flow access token introspection
* if it has been enabled by setting the `quarkus.oidc.authentication.verify-access-token` property to `true`
* and an ID token introspection otherwise. Use the `@IdToken` qualifier if both ID and code flow access tokens
* must be introspected.
*
* @return the token introspection
*/
@Produces
@RequestScoped
TokenIntrospection tokenIntrospection() {
TokenVerificationResult codeFlowAccessTokenResult = (TokenVerificationResult) identity
.getAttribute(OidcUtils.CODE_ACCESS_TOKEN_RESULT);
if (codeFlowAccessTokenResult == null) {
return tokenIntrospectionFromIdentityAttribute();
} else {
return codeFlowAccessTokenResult.introspectionResult;
}
}
TokenIntrospection tokenIntrospectionFromIdentityAttribute() {
TokenIntrospection introspection = (TokenIntrospection) identity.getAttribute(OidcUtils.INTROSPECTION_ATTRIBUTE);
if (introspection == null) {
LOG.trace("TokenIntrospection is null");
introspection = new TokenIntrospection();
}
return introspection;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy