table of contents
- bookworm-backports 2.20.2+ds-1~bpo12+1
- testing 2.20.2+ds-1
- unstable 2.20.2+ds-1
| Lemonldap::NG::Portal::Lib::OIDCTokenExchange(3pm) | User Contributed Perl Documentation | Lemonldap::NG::Portal::Lib::OIDCTokenExchange(3pm) |
NAME¶
Lemonldap::NG::Portal::Lib::OIDCTokenExchange - Base class for building OpenID Connect token exchange systems.
SYNOPSIS¶
use Mouse
extends 'Lemonldap::NG::Portal::Lib::OIDCTokenExchange';
sub validateAudience {
my ( $self, $req, $rp, $target, $requestedTokenType ) = @_;
#
# verify and update if needed:
# * $target->{audience}
# * $target->{rp}
#
return 1;
}
sub getUid {
my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_;
#
# verify subjectToken
#
return 1;
}
DESCRIPTION¶
When Lemonldap::NG <https://lemonldap-ng.org> detects a Oauth2 token exchange <https://datatracker.ietf.org/doc/html/rfc8693> request, it searches for a plugin able to respond. If no one returns a valid response, it rejects the requests.
Lemonldap::NG::Portal::Lib::OIDCTokenExchange permits one to build such plugin by just writing two methods. Of course you need then to load the module for example using Enabling custom plugin <https://lemonldap-ng.org/documentation/latest/plugincustom.html#enabling-your-plugin>.
Methods to write¶
validateAudience
The goal of "validateAudience()" is to validate the requested audience.
If a non-null value is returned, then the request is accepted and Lemonldap::NG will build new "access_token", "id_token" and "refresh_token" using the values included into $target hash.
If a null value is returned, Lemonldap::NG will try the next plugin.
Parameters:
- $req, the Lemonldap::NG::Portal::Main::Request object
- $rp, the internal LLNG name of the Relying Party which pushed the request
- $target, a hash value with 2 keys:
- audience, the requested audience
- rp: if Lemonldap::NG found a known Relying Party which Client-ID matches with requested audience, its name is put here, else this value is undefined.
This value can be modified inside "validateAudience" and will be used to generate the new "access_token".
- •
- $requestedTokenType, the type of the requested token. This value is always one of:
- access_token
- refresh_token
- id_token
- saml1
- saml2
- undef
getUid
"getUid()" is a boolean method to validate the token given in the request.
If a non-null value is returned, then the request is accepted. Else Lemonldap::NG will try the next plugin.
Parameters:
- $req, the Lemonldap::NG::Portal::Main::Request object
- $rp, the internal LLNG name of the Relying Party which pushed the request
- $subjectToken, the token given in the request
- $subjectTokenType, the type of the given token. This value is always one of:
- access_token
- refresh_token
- id_token
- saml1
- saml2
- undef
AUTHORS¶
- •
- LemonLDAP::NG team <http://lemonldap-ng.org/team>
BUG REPORT¶
Use OW2 system to report bug or ask for features: <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
DOWNLOAD¶
Lemonldap::NG is available at <https://lemonldap-ng.org/download>
COPYRIGHT AND LICENSE¶
See COPYING file for details.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
| 2025-01-29 | perl v5.36.0 |