UserinfoClientState
Introduction and overview
Given an access token and the provider configuration, the AuthState UserinfoClientState requests claims from a Userinfo Endpoint by sending a Userinfo Request.
Description
The following table describes the characteristics of the AuthState.
| Topic | Description |
|---|---|
| Class | ch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState |
| Logging | OIDCRelyingParty |
| Auditing | none |
| Marker | none |
| Properties | providerConfiguration (string)A string that contains eitherprovider metadata as specified in the RFC, or a variable containing a provider metadata document. This AuthState uses the HTTP or FTP protocol to fetch the metadata document (depends on the URL configured). It is thus susceptible to HTTP and FTP proxies, as described in chapter Configuring proxies. |
| accessToken (string)Value or variable containing the access token to use in the Userinfo Request being sent to the Userinfo Endpoint. | |
| Methods | process: Issues a userinfo request to the userinfo endpoint configured via the provider configuration. |
| Input | none |
| Transitions | failed: Error when sending the Userinfo Request or Userinfo Error Response received |
| ok: Userinfo Success Response received and parsing was successful | |
| Output | session:[AuthStateName].userinfoResponse The value of fields of the received user info response. |
| Errors | none |
| Notes | none |
AuthState Config Example
<AuthState name="UserinfoClient" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState"
authLevel="auth.test" final="false">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerConfiguration" value="${session:OIDCProviderMetadataFetcherState.providerMetadata}" />
<property name="accessToken" value="${session:RelyingParty.tokenResponse.access_token}" />
</AuthState>