Class OidcDiscovery

java.lang.Object
cloud.opencode.base.oauth2.discovery.OidcDiscovery

public final class OidcDiscovery extends Object
OIDC Discovery Client OIDC 发现客户端

Fetches and caches OpenID Connect Discovery configuration documents from the well-known endpoint as defined in OIDC Discovery 1.0.

从 OIDC Discovery 1.0 定义的 well-known 端点获取和缓存 OpenID Connect 发现配置文档。

Features | 主要功能:

  • Fetches /.well-known/openid-configuration - 获取 /.well-known/openid-configuration
  • Thread-safe caching with ConcurrentHashMap - 使用 ConcurrentHashMap 的线程安全缓存
  • Issuer validation - 颁发者验证
  • Custom HTTP client support - 自定义 HTTP 客户端支持

Usage Examples | 使用示例:

// Discover OIDC configuration
DiscoveryDocument doc = OidcDiscovery.discover("https://accounts.google.com");

// With custom HTTP client
OAuth2HttpClient httpClient = new OAuth2HttpClient();
DiscoveryDocument doc = OidcDiscovery.discover("https://accounts.google.com", httpClient);

// Clear the cache
OidcDiscovery.clearCache();

Security | 安全性:

  • Validates issuer in response matches expected issuer - 验证响应中的颁发者与期望颁发者匹配
  • Uses HTTPS for all discovery requests - 所有发现请求使用 HTTPS

Thread Safety | 线程安全:

This class is thread-safe. The internal cache uses ConcurrentHashMap.

此类是线程安全的。内部缓存使用 ConcurrentHashMap。

Since:
JDK 25, opencode-base-oauth2 V1.0.3
Author:
Leon Soo www.LeonSoo.com
See Also:
  • Method Details

    • discover

      public static DiscoveryDocument discover(String issuerUrl)
      Discover OIDC configuration from the given issuer URL using a default HTTP client. 使用默认 HTTP 客户端从给定的颁发者 URL 发现 OIDC 配置。

      Results are cached by issuer URL. Subsequent calls with the same issuer return the cached document.

      结果按颁发者 URL 缓存。使用相同颁发者的后续调用返回缓存的文档。

      Parameters:
      issuerUrl - the issuer URL (e.g., "https://accounts.google.com") | 颁发者 URL
      Returns:
      the discovery document | 发现文档
      Throws:
      OAuth2Exception - with DISCOVERY_FAILED if the request fails | 如果请求失败则抛出 DISCOVERY_FAILED
      OAuth2Exception - with DISCOVERY_INVALID_RESPONSE if the response is invalid | 如果响应无效则抛出 DISCOVERY_INVALID_RESPONSE
      NullPointerException - if issuerUrl is null | 如果 issuerUrl 为 null
    • discover

      public static DiscoveryDocument discover(String issuerUrl, OAuth2HttpClient httpClient)
      Discover OIDC configuration from the given issuer URL using a custom HTTP client. 使用自定义 HTTP 客户端从给定的颁发者 URL 发现 OIDC 配置。

      Results are cached by issuer URL. Subsequent calls with the same issuer return the cached document.

      结果按颁发者 URL 缓存。使用相同颁发者的后续调用返回缓存的文档。

      Parameters:
      issuerUrl - the issuer URL (e.g., "https://accounts.google.com") | 颁发者 URL
      httpClient - the HTTP client to use | 要使用的 HTTP 客户端
      Returns:
      the discovery document | 发现文档
      Throws:
      OAuth2Exception - with DISCOVERY_FAILED if the request fails | 如果请求失败则抛出 DISCOVERY_FAILED
      OAuth2Exception - with DISCOVERY_INVALID_RESPONSE if the response is invalid | 如果响应无效则抛出 DISCOVERY_INVALID_RESPONSE
      NullPointerException - if issuerUrl or httpClient is null | 如果 issuerUrl 或 httpClient 为 null
    • clearCache

      public static void clearCache()
      Clear the discovery document cache. 清除发现文档缓存。