Class OidcClient
java.lang.Object
cloud.opencode.base.oauth2.oidc.OidcClient
- All Implemented Interfaces:
AutoCloseable
OpenID Connect Client
OpenID Connect 客户端
Extends OAuth2 client with OIDC-specific functionality.
使用 OIDC 特定功能扩展 OAuth2 客户端。
Features | 主要功能:
- ID token validation - ID Token 验证
- Nonce generation and validation - Nonce 生成和验证
- User info endpoint access - 用户信息端点访问
- Claims validation - 声明验证
Usage Examples | 使用示例:
// Create OIDC client
OidcClient client = OidcClient.builder()
.oauth2Client(oauth2Client)
.oidcConfig(OidcConfig.builder()
.issuer("https://accounts.google.com")
.validateIdToken(true)
.build())
.build();
// Generate authorization URL with nonce
String nonce = client.generateNonce();
String authUrl = client.getAuthorizationUrl(state, pkce, nonce);
// Exchange code and validate
OidcToken token = client.exchangeCode(code, pkce.verifier(), nonce);
// Get user info
UserInfo userInfo = client.getUserInfo(token);
Thread Safety | 线程安全:
This class is thread-safe.
此类是线程安全的。
- Since:
- JDK 25, opencode-base-oauth2 V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classOidcClient Builder OidcClient 构建器 -
Method Summary
Modifier and TypeMethodDescriptionstatic OidcClient.Builderbuilder()Create a new builder 创建新的构建器voidclose()exchangeCode(String code) Exchange authorization code for OIDC token 使用授权码交换 OIDC 令牌exchangeCode(String code, String codeVerifier) Exchange authorization code for OIDC token with PKCE verifier 使用授权码和 PKCE 验证器交换 OIDC 令牌exchangeCode(String code, String codeVerifier, String expectedNonce) Exchange authorization code for OIDC token with validation 使用授权码交换带有验证的 OIDC 令牌Generate a nonce for authorization request 为授权请求生成 noncegetAuthorizationUrl(String state) Get authorization URL 获取授权 URLgetAuthorizationUrl(String state, PkceChallenge pkce) Get authorization URL with PKCE 获取带有 PKCE 的授权 URLgetAuthorizationUrl(String state, PkceChallenge pkce, String nonce) Get authorization URL with PKCE and nonce 获取带有 PKCE 和 nonce 的授权 URLgetStoredToken(String key) Get a stored token 获取存储的令牌getUserInfo(OAuth2Token token) Get user info using access token 使用访问令牌获取用户信息getUserInfo(OidcToken token) Get user info 获取用户信息getValidToken(String key) Get a valid OIDC token, refreshing if necessary 获取有效的 OIDC 令牌,必要时刷新Get the underlying OAuth2 client 获取底层 OAuth2 客户端Get the OIDC configuration 获取 OIDC 配置refreshToken(OidcToken token) Refresh an OIDC token 刷新 OIDC 令牌voidremoveToken(String key) Remove a stored token 移除存储的令牌voidstoreToken(String key, OidcToken token) Store a token 存储令牌voidvalidateIdToken(OidcToken token, String expectedNonce) Validate ID token 验证 ID Token
-
Method Details
-
oauth2Client
Get the underlying OAuth2 client 获取底层 OAuth2 客户端- Returns:
- the OAuth2 client | OAuth2 客户端
-
oidcConfig
Get the OIDC configuration 获取 OIDC 配置- Returns:
- the OIDC config | OIDC 配置
-
generateNonce
Generate a nonce for authorization request 为授权请求生成 nonce- Returns:
- the nonce | nonce
-
getAuthorizationUrl
-
getAuthorizationUrl
Get authorization URL with PKCE 获取带有 PKCE 的授权 URL- Parameters:
state- the state parameter | state 参数pkce- the PKCE challenge | PKCE 挑战- Returns:
- the authorization URL | 授权 URL
-
getAuthorizationUrl
Get authorization URL with PKCE and nonce 获取带有 PKCE 和 nonce 的授权 URL- Parameters:
state- the state parameter | state 参数pkce- the PKCE challenge | PKCE 挑战nonce- the nonce for ID token validation | 用于 ID Token 验证的 nonce- Returns:
- the authorization URL | 授权 URL
-
exchangeCode
-
exchangeCode
-
exchangeCode
Exchange authorization code for OIDC token with validation 使用授权码交换带有验证的 OIDC 令牌- Parameters:
code- the authorization code | 授权码codeVerifier- the PKCE code verifier | PKCE 代码验证器expectedNonce- the expected nonce | 预期的 nonce- Returns:
- the OIDC token | OIDC 令牌
- Throws:
OAuth2Exception- if validation fails | 如果验证失败
-
validateIdToken
Validate ID token 验证 ID Token- Parameters:
token- the OIDC token | OIDC 令牌expectedNonce- the expected nonce | 预期的 nonce- Throws:
OAuth2Exception- if validation fails | 如果验证失败
-
refreshToken
-
getValidToken
-
getUserInfo
-
getUserInfo
Get user info using access token 使用访问令牌获取用户信息- Parameters:
token- the OAuth2 token | OAuth2 令牌- Returns:
- the user info | 用户信息
-
storeToken
-
getStoredToken
-
removeToken
Remove a stored token 移除存储的令牌- Parameters:
key- the storage key | 存储键
-
close
public void close()- Specified by:
closein interfaceAutoCloseable
-
builder
-