|
Wt
4.10.4
|
Endpoint at which user info can be requested. More...
#include <Wt/Auth/OidcUserInfoEndpoint.h>
Public Member Functions | |
| OidcUserInfoEndpoint (AbstractUserDatabase &db) | |
| Constructor. | |
| virtual void | handleRequest (const Http::Request &request, Http::Response &response) override |
| Handles a request. | |
| void | setScopeToken (const std::string &scopeToken, const std::set< std::string > &claims) |
| Maps the given scope token to the given set of claims. | |
| const std::map< std::string, std::set< std::string > > & | scopeTokens () const |
| Retrieves the set of claims that has been mapped to the given scope token. | |
Public Member Functions inherited from Wt::WResource | |
| WResource () | |
| Creates a new resource. | |
| ~WResource () | |
| Destroys the resource. | |
| void | suggestFileName (const Wt::WString &name, ContentDisposition disposition=ContentDisposition::Attachment) |
| Suggests a filename to the user for the data streamed by this resource. | |
| const Wt::WString & | suggestedFileName () const |
| Returns the suggested file name. | |
| void | setDispositionType (ContentDisposition cd) |
| Configures the Content-Disposition header. | |
| ContentDisposition | dispositionType () const |
| Returns the currently configured content disposition. | |
| void | setChanged () |
| Generates a new URL for this resource and emits the changed signal. | |
| void | setInvalidAfterChanged (bool enabled) |
| Return "page not found" for prior resource URLs after change. | |
| bool | invalidAfterChanged () const |
| Should "page not found" be returned for outdated resource URLs. | |
| void | setInternalPath (const std::string &path) |
| Sets an internal path for this resource. | |
| std::string | internalPath () const |
| Returns the internal path. | |
| const std::string & | generateUrl () |
| Generates an URL for this resource. | |
| const std::string & | url () const |
| Returns the current URL for this resource. | |
| Signal & | dataChanged () |
| Signal emitted when the data presented in this resource has changed. | |
| void | setUploadProgress (bool enabled) |
| Indicate interest in upload progress. | |
| Signal< ::uint64_t, ::uint64_t > & | dataReceived () |
| Signal emitted when data has been received for this resource. | |
| void | write (std::ostream &out, const Http::ParameterMap ¶meters=Http::ParameterMap(), const Http::UploadedFileMap &files=Http::UploadedFileMap()) |
| Stream the resource to a stream. | |
| virtual void | handleAbort (const Http::Request &request) |
| Handles a continued request being aborted. | |
| void | haveMoreData () |
| Indicate that more data is available. | |
| void | setTakesUpdateLock (bool enabled) |
| Set whether this resource takes the WApplication's update lock. | |
| bool | takesUpdateLock () const |
| Returns whether this resources takes the WApplication's update lock. | |
Public Member Functions inherited from Wt::WObject | |
| void | addChild (std::unique_ptr< WObject > child) |
| Add a child WObject whose lifetime is determined by this WObject. | |
| template<typename Child > | |
| Child * | addChild (std::unique_ptr< Child > child) |
| Add a child WObject, returning a raw pointer. | |
| std::unique_ptr< WObject > | removeChild (WObject *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| template<typename Child > | |
| std::unique_ptr< Child > | removeChild (Child *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. | |
| virtual std::string | objectName () const |
| Returns the object name. | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. | |
| void | isNotStateless () |
| Marks the current function as not stateless. | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. | |
Public Member Functions inherited from Wt::Core::observable | |
| observable () noexcept | |
| Default constructor. | |
| virtual | ~observable () |
| Destructor. | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...)) noexcept |
| Protects a method call against object destruction. | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
| Protects a const method call against object destruction. | |
| template<typename Function > | |
| auto | bindSafe (const Function &function) noexcept |
| Protects a function against object destruction. | |
Protected Member Functions | |
| virtual Json::Object | generateUserInfo (const User &user, const std::set< std::string > &scope) |
| Generates the JSON containing the claims for the given scope. | |
Protected Member Functions inherited from Wt::WResource | |
| void | beingDeleted () |
| Prepares the resource for deletion. | |
Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. | |
Additional Inherited Members | |
Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
Endpoint at which user info can be requested.
The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User. To obtain the requested Claims about the End-User, the Client makes a request to the UserInfo Endpoint using an Access Token obtained through OpenID Connect Authentication. These Claims are normally represented by a JSON object that contains a collection of name and value pairs for the Claims.
One can use setScopeToken to map claims to a scopeToken. The value of these claims will be retrieved using the AbstractUserDatabase::idpJsonClaim function.
You can look at http://openid.net/specs/openid-connect-core-1_0.html#UserInfo for more information.
This endpoint is implemented as a WResource, so it's usually deployed using WServer::addResource.
This class relies on the implementation of several functions in the AbstractUserDatabase. Namely AbstractUserDatabase::idpJsonClaim, AbstractUserDatabase::idpTokenFindWithValue, AbstractUserDatabase::idpTokenUser, and AbstractUserDatabase::idpTokenScope.
Must be deployed using TLS.
|
protectedvirtual |
Generates the JSON containing the claims for the given scope.
Can be overridden, but by default it uses the configured mapping set by setScopeToken, and AbstractUserDatabase::idpJsonClaim.
|
overridevirtual |
Handles a request.
Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.
A request may also concern a continuation, indicated in Http::Request::continuation(), in which case the next part for a previously created continuation should be served.
While handling a request, which may happen at any time together with event handling, the library makes sure that the resource is not being concurrently deleted, but multiple requests may happend simultaneously for a single resource.
Implements Wt::WResource.
| void Wt::Auth::OidcUserInfoEndpoint::setScopeToken | ( | const std::string & | scopeToken, |
| const std::set< std::string > & | claims ) |
Maps the given scope token to the given set of claims.
The value of these claims will be retrieved from the AbstractUserDatabase using the AbstractUserDatabase::idpJsonClaim function.
At construction, the following default scopes are automatically populated: profile -> {name} and email -> {email, email_verified}
A scope can be erased by setting it to an empty set of claims.