Package google.registry.request.auth
Class OidcTokenAuthenticationMechanism
java.lang.Object
google.registry.request.auth.OidcTokenAuthenticationMechanism
- All Implemented Interfaces:
AuthenticationMechanism
public abstract class OidcTokenAuthenticationMechanism
extends Object
implements AuthenticationMechanism
An authenticam mechanism that verifies the OIDC token.
Currently, two flavors are supported: one that checkes for the OIDC token as a regular bearer
token, and another that checks for the OIDC token passed by IAP. In both cases, the AuthResult
with the highest AuthSettings.AuthLevel
possible is returned. So, if the email address for
which the token is minted exists both as a User
and as a service account, the returned
AuthResult
is at AuthSettings.AuthLevel.USER
.
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static interface
-
Field Summary
Modifier and TypeFieldDescriptionprotected final Optional
<com.google.auth.oauth2.TokenVerifier> static final com.google.common.flogger.FluentLogger
protected final OidcTokenAuthenticationMechanism.TokenExtractor
protected final com.google.auth.oauth2.TokenVerifier
-
Constructor Summary
ModifierConstructorDescriptionprotected
OidcTokenAuthenticationMechanism
(com.google.common.collect.ImmutableSet<String> serviceAccountEmails, com.google.auth.oauth2.TokenVerifier tokenVerifier, com.google.auth.oauth2.TokenVerifier fallbackTokenVerifier, OidcTokenAuthenticationMechanism.TokenExtractor tokenExtractor) -
Method Summary
Modifier and TypeMethodDescriptionauthenticate
(jakarta.servlet.http.HttpServletRequest request) Attempt to authenticate an incoming request.static void
setAuthResultForTesting
(AuthResult authResult) static void
-
Field Details
-
logger
public static final com.google.common.flogger.FluentLogger logger -
tokenVerifier
protected final com.google.auth.oauth2.TokenVerifier tokenVerifier -
fallbackTokenVerifier
-
tokenExtractor
-
-
Constructor Details
-
OidcTokenAuthenticationMechanism
protected OidcTokenAuthenticationMechanism(com.google.common.collect.ImmutableSet<String> serviceAccountEmails, com.google.auth.oauth2.TokenVerifier tokenVerifier, @Nullable com.google.auth.oauth2.TokenVerifier fallbackTokenVerifier, OidcTokenAuthenticationMechanism.TokenExtractor tokenExtractor)
-
-
Method Details
-
authenticate
Description copied from interface:AuthenticationMechanism
Attempt to authenticate an incoming request.- Specified by:
authenticate
in interfaceAuthenticationMechanism
- Parameters:
request
- the request to be authenticated- Returns:
- the results of the authentication check; if the request could not be authenticated, the mechanism should return AuthResult.NOT_AUTHENTICATED
-
setAuthResultForTesting
-
unsetAuthResultForTesting
public static void unsetAuthResultForTesting()
-