NAME

Lemonldap::NG::Portal::Lib::OIDCTokenExchange - Base class for building OpenID Connect token exchange systems.

SYNOPSIS

use Mouse
extends 'Lemonldap::NG::Portal::Lib::OIDCTokenExchange';

sub validateAudience {
  my ( $self, $req, $rp, $target, $requestedTokenType ) = @_;
  #
  # verify and update if needed:
  # * $target->{audience}
  # * $target->{rp}
  #
  return 1;
}

sub getUid {
  my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_;
  #
  # verify subjectToken
  #
  return 1;
}

DESCRIPTION

When Lemonldap::NG detects a Oauth2 token exchange request, it searches for a plugin able to respond. If no one returns a valid response, it rejects the requests.

Lemonldap::NG::Portal::Lib::OIDCTokenExchange permits one to build such plugin by just writing two methods. Of course you need then to load the module for example using Enabling custom plugin.

Methods to write

validateAudience

The goal of validateAudience() is to validate the requested audience.

If a non-null value is returned, then the request is accepted and Lemonldap::NG will build new access_token, id_token and refresh_token using the values included into $target hash.

If a null value is returned, Lemonldap::NG will try the next plugin.

Parameters:

$req, the Lemonldap::NG::Portal::Main::Request object
$rp, the internal LLNG name of the Relying Party which pushed the request
$target, a hash value with 2 keys:
- audience, the requested audience
- rp: if Lemonldap::NG found a known Relying Party which Client-ID matches with requested audience, its name is put here, else this value is undefined.
This value can be modified inside validateAudience and will be used to generate the new access_token.
$requestedTokenType, the type of the requested token. This value is always one of:
- access_token
- refresh_token
- id_token
- saml1
- saml2
- undef

getUid

getUid() is a boolean method to validate the token given in the request.

If a non-null value is returned, then the request is accepted. Else Lemonldap::NG will try the next plugin.

Parameters:

$req, the Lemonldap::NG::Portal::Main::Request object
$rp, the internal LLNG name of the Relying Party which pushed the request
$subjectToken, the token given in the request
$subjectTokenType, the type of the given token. This value is always one of:
- access_token
- refresh_token
- id_token
- saml1
- saml2
- undef

AUTHORS

LemonLDAP::NG team http://lemonldap-ng.org/team

BUG REPORT

Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues

DOWNLOAD

Lemonldap::NG is available at https://lemonldap-ng.org/download

COPYRIGHT AND LICENSE

See COPYING file for details.

This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

To install Lemonldap::NG::Portal, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Lemonldap::NG::Portal

CPAN shell

perl -MCPAN -e shell
install Lemonldap::NG::Portal

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)