OIDCProviderMetadataFetcherState
The new HTTP client shipped with nevisAuth 4.38.0.12 will likely require changes in this auth state configuration, specifically in the area of certificate configuration and handling.
Visit Appendix H for additional information.
Introduction and overview
OpenID providers have metadata describing their configuration such as the URL to their endpoints and URLs to key material. The AuthState OIDCProviderMetadataFetcherState fetches this provider metadata from the given URL and propagates it in the configured scope for further processing by other AuthStates.
Description
The following table and chapters describe the characteristics of the AuthState.
| Topic | Description |
|---|---|
| Class | ch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState |
| Logging | OIDCRelyingParty |
| Auditing | none |
| Marker | none |
| Methods | process (Requests the provider metadata from the configured URL) |
Properties
providerMetadataURL(string)The URL of the provider metadata document to be fetched over HTTP.
propagationScope(string, session)Value or variable containing the Access Token to use in the Userinfo Request being sent to the Userinfo Endpoint.
httpclient.*(String)Configure the outgoing HTTP communication towards the metadata provider. For a list of valid HTTP properties, see HTTP Client.
Input
none
Transitions
failedIf no valid provider metadata document could be retrieved.
okA valid metadata document could be retrieved.
Output
session:[AuthStateName].providerMetadataThe provider metadata retrieved from the configured URL.
Errors
none
Notes
none
Example
<AuthState name="OIDCProviderMetadataFetcherState" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState" authLevel="auth.test">
<ResultCond name="ok" next="RelyingParty"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerMetadataURL" value="https://accounts.google.com/.well-known/openid-configuration" />
</AuthState>