Package org.forgerock.openam.sts.rest.token.provider

Interface RestTokenProviderParameters<T>

  • @SupportedAll
public interface RestTokenProviderParameters<T>
    Parameter state passed to JsonTokenProvider instances. Generic type corresponds to the token state necessary to produce the token produced by the RestTokenProvider. The token creation state necessary to create a SAML2 assertion includes the SubjectConfirmation and the ProofTokenState (for HolderOfKey assertions). The token creation state necessary to create a OIDC token includes a nonce and the authentication time. This state is too heterogeneous to subsume in anything other than a marker interface. Note also that this type is reflected in the RestTokenProvider interface, and it should be as generic as possible, as to support user-defined RestTokenProvider implementations.

    • Method Detail

      • getTokenCreationState

        T getTokenCreationState()
        Gets the token state necessary to produce the token - e.g. the SubjectConfirmation or proof token state for a SAML2 assertion.
        Returns:
        the token creation state.

      • getInputTokenType

        TokenTypeId getInputTokenType()
        Gets the type of the input token. Necessary to generate the authentication context class ref for a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes the TokenTypeId as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping implementations which produce the amr and acr claims.
        Returns:
        the type of the input token.

      • getInputToken

        JsonValue getInputToken()
        Gets the json representation of the input token. Necessary to generate the authentication context class ref for a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes the json representation of the token as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping implementations which produce the amr and acr claims.
        Returns:
        the json representation of the input token.