1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.syncope.common.lib.auth;
20
21 public abstract class AbstractOIDCAuthModuleConf extends AbstractOAuth20AuthModuleConf {
22
23 private static final long serialVersionUID = -471527731042579422L;
24
25 protected String discoveryUri;
26
27 /**
28 * Whether an initial nonce should be to used
29 * initially for replay attack mitigation.
30 */
31 protected boolean useNonce;
32
33 /**
34 * The JWS algorithm to use forcefully when validating ID tokens.
35 * If none is defined, the first algorithm from metadata will be used.
36 */
37 protected String preferredJwsAlgorithm;
38
39 /**
40 * Clock skew in order to account for drift, when validating id tokens.
41 */
42 protected String maxClockSkew;
43
44 /**
45 * The response mode specifies how the result of the authorization request is formatted.
46 * Possible values includes "query", "fragment", "form_post", or "web_message"
47 */
48 protected String responseMode;
49
50 /**
51 * Checks if sessions expire with token expiration.
52 */
53 protected boolean expireSessionWithToken;
54
55 /**
56 * Default time period advance (in seconds) for considering an access token expired.
57 * This settings supports the java.time.Duration syntax.
58 * The format of the value will be PTnHnMnS, where n is the relevant hours, minutes or
59 * seconds part of the duration. Any fractional seconds are placed after a decimal point in the seconds section.
60 * If a section has a zero value, it is omitted. The hours, minutes and seconds will all have the same sign.
61 * Example values could be in the form of PT20S, PT15M, PT10H, PT6D, P2DT3H4M.
62 * If the value is set to 0 or never, the duration will be set to zero. If the value is blank, set to -1, or
63 * infinite, the value will effectively represent an unending duration.
64 */
65 protected String tokenExpirationAdvance;
66
67 public String getDiscoveryUri() {
68 return discoveryUri;
69 }
70
71 public void setDiscoveryUri(final String discoveryUri) {
72 this.discoveryUri = discoveryUri;
73 }
74
75 public boolean isUseNonce() {
76 return useNonce;
77 }
78
79 public void setUseNonce(final boolean useNonce) {
80 this.useNonce = useNonce;
81 }
82
83 public String getPreferredJwsAlgorithm() {
84 return preferredJwsAlgorithm;
85 }
86
87 public void setPreferredJwsAlgorithm(final String preferredJwsAlgorithm) {
88 this.preferredJwsAlgorithm = preferredJwsAlgorithm;
89 }
90
91 public String getMaxClockSkew() {
92 return maxClockSkew;
93 }
94
95 public void setMaxClockSkew(final String maxClockSkew) {
96 this.maxClockSkew = maxClockSkew;
97 }
98
99 public String getResponseMode() {
100 return responseMode;
101 }
102
103 public void setResponseMode(final String responseMode) {
104 this.responseMode = responseMode;
105 }
106
107 public boolean isExpireSessionWithToken() {
108 return expireSessionWithToken;
109 }
110
111 public void setExpireSessionWithToken(final boolean expireSessionWithToken) {
112 this.expireSessionWithToken = expireSessionWithToken;
113 }
114
115 public String getTokenExpirationAdvance() {
116 return tokenExpirationAdvance;
117 }
118
119 public void setTokenExpirationAdvance(final String tokenExpirationAdvance) {
120 this.tokenExpirationAdvance = tokenExpirationAdvance;
121 }
122 }