UserinfoClientState
The new HTTP client shipped with nevisAuth 4.38.0.12 will likely require changes in this auth state configuration, specifically in the area of certificate configuration and handling.
Visit the migration guide for additional information.
Introduction and overview
Given an access token and the provider configuration, the AuthState UserinfoClientState requests claims from a Userinfo Endpoint by sending a Userinfo Request.
Description
The following table and chapters describe the characteristics of the AuthState.
Topic | Description |
---|---|
Class | ch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState |
Logging | OIDCRelyingParty |
Auditing | none |
Marker | none |
Methods | process (Issues a userinfo request to the userinfo endpoint configured via the provider configuration) |
Properties
providerConfiguration
(string)A string that contains either
- provider metadata as specified in the RFC, or
- a variable containing a provider metadata document.
accessToken
(string)Value or variable containing the access token to use in the Userinfo Request being sent to the Userinfo Endpoint.
httpclient.*
(String)Configure the outgoing HTTP communication towards the userinfo endpoint obtained from the metadata provider. For a list of valid HTTP properties, see HTTP Client.
Input
none
Transitions
failed
Error when sending the Userinfo Request or Userinfo Error Response received.
ok
Userinfo Success Response received and parsing was successful.
Output
session:[AuthStateName].userinfoResponse
The value of fields of the received user info response.
Errors
none
Notes
none
Example
<AuthState name="UserinfoClient" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.UserinfoClientState"
authLevel="auth.test" final="false">
<ResultCond name="ok" next="AuthDone"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerConfiguration" value="${session:OIDCProviderMetadataFetcherState.providerMetadata}" />
<property name="accessToken" value="${session:RelyingParty.tokenResponse.access_token}" />
</AuthState>