Class OidcClient

java.lang.Object
cloud.opencode.base.oauth2.oidc.OidcClient
All Implemented Interfaces:
AutoCloseable

public class OidcClient extends Object implements AutoCloseable
OpenID Connect Client OpenID Connect 客户端

Extends OAuth2 client with OIDC-specific functionality.

使用 OIDC 特定功能扩展 OAuth2 客户端。

Features | 主要功能:

  • ID token validation - ID Token 验证
  • Nonce generation and validation - Nonce 生成和验证
  • User info endpoint access - 用户信息端点访问
  • Claims validation - 声明验证

Usage Examples | 使用示例:

// Create OIDC client
OidcClient client = OidcClient.builder()
    .oauth2Client(oauth2Client)
    .oidcConfig(OidcConfig.builder()
        .issuer("https://accounts.google.com")
        .validateIdToken(true)
        .build())
    .build();

// Generate authorization URL with nonce
String nonce = client.generateNonce();
String authUrl = client.getAuthorizationUrl(state, pkce, nonce);

// Exchange code and validate
OidcToken token = client.exchangeCode(code, pkce.verifier(), nonce);

// Get user info
UserInfo userInfo = client.getUserInfo(token);

Thread Safety | 线程安全:

This class is thread-safe.

此类是线程安全的。

Since:
JDK 25, opencode-base-oauth2 V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:
  • Method Details

    • oauth2Client

      public OAuth2Client oauth2Client()
      Get the underlying OAuth2 client 获取底层 OAuth2 客户端
      Returns:
      the OAuth2 client | OAuth2 客户端
    • oidcConfig

      public OidcConfig oidcConfig()
      Get the OIDC configuration 获取 OIDC 配置
      Returns:
      the OIDC config | OIDC 配置
    • generateNonce

      public String generateNonce()
      Generate a nonce for authorization request 为授权请求生成 nonce
      Returns:
      the nonce | nonce
    • getAuthorizationUrl

      public String getAuthorizationUrl(String state)
      Get authorization URL 获取授权 URL
      Parameters:
      state - the state parameter | state 参数
      Returns:
      the authorization URL | 授权 URL
    • getAuthorizationUrl

      public String getAuthorizationUrl(String state, PkceChallenge pkce)
      Get authorization URL with PKCE 获取带有 PKCE 的授权 URL
      Parameters:
      state - the state parameter | state 参数
      pkce - the PKCE challenge | PKCE 挑战
      Returns:
      the authorization URL | 授权 URL
    • getAuthorizationUrl

      public String getAuthorizationUrl(String state, PkceChallenge pkce, String nonce)
      Get authorization URL with PKCE and nonce 获取带有 PKCE 和 nonce 的授权 URL
      Parameters:
      state - the state parameter | state 参数
      pkce - the PKCE challenge | PKCE 挑战
      nonce - the nonce for ID token validation | 用于 ID Token 验证的 nonce
      Returns:
      the authorization URL | 授权 URL
    • exchangeCode

      public OidcToken exchangeCode(String code)
      Exchange authorization code for OIDC token 使用授权码交换 OIDC 令牌
      Parameters:
      code - the authorization code | 授权码
      Returns:
      the OIDC token | OIDC 令牌
    • exchangeCode

      public OidcToken exchangeCode(String code, String codeVerifier)
      Exchange authorization code for OIDC token with PKCE verifier 使用授权码和 PKCE 验证器交换 OIDC 令牌
      Parameters:
      code - the authorization code | 授权码
      codeVerifier - the PKCE code verifier | PKCE 代码验证器
      Returns:
      the OIDC token | OIDC 令牌
    • exchangeCode

      public OidcToken exchangeCode(String code, String codeVerifier, String expectedNonce)
      Exchange authorization code for OIDC token with validation 使用授权码交换带有验证的 OIDC 令牌
      Parameters:
      code - the authorization code | 授权码
      codeVerifier - the PKCE code verifier | PKCE 代码验证器
      expectedNonce - the expected nonce | 预期的 nonce
      Returns:
      the OIDC token | OIDC 令牌
      Throws:
      OAuth2Exception - if validation fails | 如果验证失败
    • validateIdToken

      public void validateIdToken(OidcToken token, String expectedNonce)
      Validate ID token 验证 ID Token
      Parameters:
      token - the OIDC token | OIDC 令牌
      expectedNonce - the expected nonce | 预期的 nonce
      Throws:
      OAuth2Exception - if validation fails | 如果验证失败
    • refreshToken

      public OidcToken refreshToken(OidcToken token)
      Refresh an OIDC token 刷新 OIDC 令牌
      Parameters:
      token - the token to refresh | 要刷新的令牌
      Returns:
      the new OIDC token | 新 OIDC 令牌
    • getValidToken

      public OidcToken getValidToken(String key)
      Get a valid OIDC token, refreshing if necessary 获取有效的 OIDC 令牌,必要时刷新
      Parameters:
      key - the storage key | 存储键
      Returns:
      the valid OIDC token | 有效的 OIDC 令牌
    • getUserInfo

      public UserInfo getUserInfo(OidcToken token)
      Get user info 获取用户信息
      Parameters:
      token - the OIDC token | OIDC 令牌
      Returns:
      the user info | 用户信息
    • getUserInfo

      public UserInfo getUserInfo(OAuth2Token token)
      Get user info using access token 使用访问令牌获取用户信息
      Parameters:
      token - the OAuth2 token | OAuth2 令牌
      Returns:
      the user info | 用户信息
    • storeToken

      public void storeToken(String key, OidcToken token)
      Store a token 存储令牌
      Parameters:
      key - the storage key | 存储键
      token - the OIDC token | OIDC 令牌
    • getStoredToken

      public Optional<OidcToken> getStoredToken(String key)
      Get a stored token 获取存储的令牌
      Parameters:
      key - the storage key | 存储键
      Returns:
      the OIDC token if found | 找到的 OIDC 令牌
    • removeToken

      public void removeToken(String key)
      Remove a stored token 移除存储的令牌
      Parameters:
      key - the storage key | 存储键
    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
    • builder

      public static OidcClient.Builder builder()
      Create a new builder 创建新的构建器
      Returns:
      the builder | 构建器