1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.syncope.common.lib.auth; 20 21 public abstract class AbstractOIDCAuthModuleConf extends AbstractOAuth20AuthModuleConf { 22 23 private static final long serialVersionUID = -471527731042579422L; 24 25 protected String discoveryUri; 26 27 /** 28 * Whether an initial nonce should be to used 29 * initially for replay attack mitigation. 30 */ 31 protected boolean useNonce; 32 33 /** 34 * The JWS algorithm to use forcefully when validating ID tokens. 35 * If none is defined, the first algorithm from metadata will be used. 36 */ 37 protected String preferredJwsAlgorithm; 38 39 /** 40 * Clock skew in order to account for drift, when validating id tokens. 41 */ 42 protected String maxClockSkew; 43 44 /** 45 * The response mode specifies how the result of the authorization request is formatted. 46 * Possible values includes "query", "fragment", "form_post", or "web_message" 47 */ 48 protected String responseMode; 49 50 /** 51 * Checks if sessions expire with token expiration. 52 */ 53 protected boolean expireSessionWithToken; 54 55 /** 56 * Default time period advance (in seconds) for considering an access token expired. 57 * This settings supports the java.time.Duration syntax. 58 * The format of the value will be PTnHnMnS, where n is the relevant hours, minutes or 59 * seconds part of the duration. Any fractional seconds are placed after a decimal point in the seconds section. 60 * If a section has a zero value, it is omitted. The hours, minutes and seconds will all have the same sign. 61 * Example values could be in the form of PT20S, PT15M, PT10H, PT6D, P2DT3H4M. 62 * If the value is set to 0 or never, the duration will be set to zero. If the value is blank, set to -1, or 63 * infinite, the value will effectively represent an unending duration. 64 */ 65 protected String tokenExpirationAdvance; 66 67 public String getDiscoveryUri() { 68 return discoveryUri; 69 } 70 71 public void setDiscoveryUri(final String discoveryUri) { 72 this.discoveryUri = discoveryUri; 73 } 74 75 public boolean isUseNonce() { 76 return useNonce; 77 } 78 79 public void setUseNonce(final boolean useNonce) { 80 this.useNonce = useNonce; 81 } 82 83 public String getPreferredJwsAlgorithm() { 84 return preferredJwsAlgorithm; 85 } 86 87 public void setPreferredJwsAlgorithm(final String preferredJwsAlgorithm) { 88 this.preferredJwsAlgorithm = preferredJwsAlgorithm; 89 } 90 91 public String getMaxClockSkew() { 92 return maxClockSkew; 93 } 94 95 public void setMaxClockSkew(final String maxClockSkew) { 96 this.maxClockSkew = maxClockSkew; 97 } 98 99 public String getResponseMode() { 100 return responseMode; 101 } 102 103 public void setResponseMode(final String responseMode) { 104 this.responseMode = responseMode; 105 } 106 107 public boolean isExpireSessionWithToken() { 108 return expireSessionWithToken; 109 } 110 111 public void setExpireSessionWithToken(final boolean expireSessionWithToken) { 112 this.expireSessionWithToken = expireSessionWithToken; 113 } 114 115 public String getTokenExpirationAdvance() { 116 return tokenExpirationAdvance; 117 } 118 119 public void setTokenExpirationAdvance(final String tokenExpirationAdvance) { 120 this.tokenExpirationAdvance = tokenExpirationAdvance; 121 } 122 }