api

http4k / org.http4k.security / OAuthPersistence

OAuthPersistence

interface OAuthPersistence

Provides persistence for OAuth lifecycle values:

CrossSiteRequestForgeryToken - used to retrieve that authorisation code assignment responses are genuinely from the end-service.
AccessToken - provides time-limited access to protected API resources on the end-service.

Functions

Name	Summary
assignCsrf	Assign a CSRF token to this OAuth auth redirection (to the end-service) response. Opportunity here to modify the response returned to the user when the redirection happens.`abstract fun assignCsrf(redirect:` `Response, csrf:` `CrossSiteRequestForgeryToken):` `Response`
assignNonce	Assign a nonce to this OIDC auth redirection (to the end-service) response. Opportunity here to modify the response returned to the user when the redirection happens.`abstract fun assignNonce(redirect:` `Response, nonce:` `Nonce):` `Response`
assignOriginalUri	opportunity to store the uri that the request was made before authentication this will then be redirected back to after auth`abstract fun assignOriginalUri(redirect:` `Response, originalUri:` `Uri):` `Response`
assignToken	Assign the swapped AccessToken (and optional IdToken) returned by the end-service. Opportunity here to modify the response returned to the user when the redirection happens.`abstract fun assignToken(request:` `Request, redirect:` `Response, accessToken:` `AccessToken, idToken:` `IdToken? = null):` `Response`
authFailureResponse	Build the default failure response which occurs when a failure occurs during the callback process (eg. a mismatch/missing CSRF or failure occurring when calling into the end-service for the access-token.`open fun authFailureResponse():` `Response`
retrieveCsrf	Retrieve the stored CSRF token for this user request`abstract fun retrieveCsrf(request:` `Request):` `CrossSiteRequestForgeryToken?`
retrieveNonce	Retrieve the stored nonce token for this user request`abstract fun retrieveNonce(request:` `Request):` `Nonce?`
retrieveOriginalUri	Retrieve the stored original uri for this user request`abstract fun retrieveOriginalUri(request:` `Request):` `Uri?`
retrieveToken	Retrieve the stored AccessToken token for this user request`abstract fun retrieveToken(request:` `Request):` `AccessToken?`

Inheritors

Name	Summary
InsecureCookieBasedOAuthPersistence	This is an example implementation which stores CSRF and AccessToken values in an INSECURE client-side cookie. Access-tokens for end-services are fully available to the browser so do not use this in production!`class InsecureCookieBasedOAuthPersistence :` `OAuthPersistence`