Class OidcTokenAuthenticationMechanism

All Implemented Interfaces:

public abstract class OidcTokenAuthenticationMechanism extends Object implements AuthenticationMechanism
An authenticam mechanism that verifies the OIDC token.

Currently, two flavors are supported: one that checkes for the OIDC token as a regular bearer token, and another that checks for the OIDC token passed by IAP. In both cases, the AuthResult with the highest AuthSettings.AuthLevel possible is returned. So, if the email address for which the token is minted exists both as a User and as a service account, the returned AuthResult is at AuthSettings.AuthLevel.USER.

See Also:
  • Field Details

    • logger

      public static final logger
    • tokenVerifier

      protected final tokenVerifier
    • fallbackTokenVerifier

      protected final Optional<> fallbackTokenVerifier
    • tokenExtractor

      protected final OidcTokenAuthenticationMechanism.TokenExtractor tokenExtractor
  • Constructor Details

    • OidcTokenAuthenticationMechanism

      protected OidcTokenAuthenticationMechanism(<String> serviceAccountEmails, tokenVerifier, @Nullable fallbackTokenVerifier, OidcTokenAuthenticationMechanism.TokenExtractor tokenExtractor)
  • Method Details

    • authenticate

      public AuthResult authenticate(jakarta.servlet.http.HttpServletRequest request)
      Description copied from interface: AuthenticationMechanism
      Attempt to authenticate an incoming request.
      Specified by:
      authenticate in interface AuthenticationMechanism
      request - the request to be authenticated
      the results of the authentication check; if the request could not be authenticated, the mechanism should return AuthResult.NOT_AUTHENTICATED
    • setAuthResultForTesting

      public static void setAuthResultForTesting(@Nullable AuthResult authResult)
    • unsetAuthResultForTesting

      public static void unsetAuthResultForTesting()