Skip to main content
Version: 7.2405.x.x LTS

UserinfoClientState

nevisAuth 4.38.x HTTP client changes

The new HTTP client shipped with nevisAuth 4.38.0.12 will likely require changes in this auth state configuration, specifically in the area of certificate configuration and handling.

Visit Appendix H for additional information.

Introduction and overview

Given an access token and the provider configuration, the AuthState UserinfoClientState requests claims from a Userinfo Endpoint by sending a Userinfo Request.

Description

The following table and chapters describe the characteristics of the AuthState.

TopicDescription
Classch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState
LoggingOIDCRelyingParty
Auditingnone
Markernone
Methodsprocess (Issues a userinfo request to the userinfo endpoint configured via the provider configuration)

Properties

  • providerConfiguration (string)

    A string that contains either

    • provider metadata as specified in the RFC, or
    • a variable containing a provider metadata document.
  • accessToken (string)

    Value or variable containing the access token to use in the Userinfo Request being sent to the Userinfo Endpoint.

  • httpclient.* (String)

    Configure the outgoing HTTP communication towards the userinfo endpoint obtained from the metadata provider. For a list of valid HTTP properties, see HTTP Client.

Input

none

Transitions

  • failed

    Error when sending the Userinfo Request or Userinfo Error Response received.

  • ok

    Userinfo Success Response received and parsing was successful.

Output

  • session:[AuthStateName].userinfoResponse

    The value of fields of the received user info response.

Errors

none

Notes

none

Example

<AuthState name="UserinfoClient" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState"
authLevel="auth.test" final="false">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerConfiguration" value="${session:OIDCProviderMetadataFetcherState.providerMetadata}" />
<property name="accessToken" value="${session:RelyingParty.tokenResponse.access_token}" />
</AuthState>