OIDCProviderMetadataFetcherState
Introduction and overview
OpenID providers have metadata describing their configuration such as the URL to their endpoints and URLs to key material (`http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). The AuthState OIDCProviderMetadataFetcherState fetches this provider metadata from the given URL and propagates it in the configured scope for further processing by other AuthStates.
Description
The following table describes the characteristics of the AuthState.
| Topic | Description |
|---|---|
| Class | ch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState |
| Logging | OIDCRelyingParty |
| Auditing | none |
| Marker | none |
| Properties | providerMetadataURL (string)The URL of the provider metadata document.This AuthState uses the HTTP or FTP protocol to fetch the metadata document (depends on the URL configured). It is thus susceptible to HTTP and FTP proxies, as described in chapter Configuring proxies. |
| propagationScope (string, session)Value or variable containing the Access Token to use in the Userinfo Request being sent to the Userinfo Endpoint. | |
| Methods | process: Requests the provider metadata from the configured URL. |
| Input | none |
| Transitions | failed: Error. If no valid provider metadata document could be retrieved. |
| ok: A valid metadata document could be retrieved. | |
| Output | session:[AuthStateName].providerMetadata The provider metadata retrieved from the configured URL. |
| Errors | none |
| Notes | none |
AuthState Config Example
<AuthState name="OIDCProviderMetadataFetcherState" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState" authLevel="auth.test">
<ResultCond name="ok" next="RelyingParty"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerMetadataURL" value="https://accounts.google.com/.well-known/openid-configuration" />
</AuthState>