Loading...
Searching...
No Matches
tenduke::oidc::IdTokenSession Class Reference
#include <IdTokenSession.h>
Detailed Description
A tenduke::oidc::OIDCSession, which uses ID-token as the source-of-truth for expiration times.
Certain APIs use OIDC ID-tokens instead of OAuth access tokens for authorization.
NOTE: The OIDC specification does not require ID-token in refresh responses (see https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse). In this case this service will try to refresh but as it realizes, that the ID-token is still expired, it will request the user to re-login.
Inheritance diagram for tenduke::oidc::IdTokenSession:
Public Member Functions | |
| IdTokenSession (std::unique_ptr< tenduke::oidc::OIDCState > state, const std::shared_ptr< const tenduke::oidc::OIDCLogin > &oidc, const std::shared_ptr< const tenduke::oidc::OIDCClient > &oidcClient, const std::shared_ptr< tenduke::time::Clock > &clock, const std::shared_ptr<::tenduke::oidc::OIDCSessionEventListener > &eventListener, uint64_t validitySafetyMarginS, const std::chrono::seconds &loginTimeout) | |
| Constructs new instance. | |
| bool | isValid () override |
| Checks that local session is valid. | |
| void | refreshOrLogin () override |
| Performs either refresh, or if it fails, new login. | |
 Public Member Functions inherited from tenduke::oidc::OIDCSessionImpl | |
| OIDCSessionImpl (std::unique_ptr< tenduke::oidc::OIDCState > state, const std::shared_ptr< const tenduke::oidc::OIDCLogin > &oidc, const std::shared_ptr< const tenduke::oidc::OIDCClient > &oidcClient, const std::shared_ptr< tenduke::time::Clock > &clock, const std::shared_ptr<::tenduke::oidc::OIDCSessionEventListener > &eventListener=nullptr, uint64_t validitySafetyMarginS=DEFAULT_SAFETY_MARGIN_S, std::chrono::milliseconds loginTimeout=DEFAULT_SESSION_LOGIN_TIMEOUT) | |
| Constructs new instance. | |
| void | ensureValidSession () override |
| Checks that the OIDC session is valid, but if it is NOT, either refreshes the access token or authenticates the user. | |
| std::string | getAccessToken () override |
| Returns access token of the session. | |
| std::shared_ptr< const tenduke::oidc::OIDCState > | getOIDCState () override |
| Returns the current OIDC-state for inspection. | |
| bool | heartbeat () override |
| Executes a heartbeat with the backend, checking that the current access token really works. | |
| void | invalidate () override |
| Invalidates the session. | |
| bool | isValid () override |
| Checks that local session is valid. | |
| void | reEstablish () override |
| Re-establishes the session: Tries first to refresh the state, if it fails, re-authenticates the user. | |
| void | refresh () override |
| Forces refresh of the session. | |
Additional Inherited Members | |
| Static Public Attributes inherited from tenduke::oidc::OIDCSessionImpl | |
| static const std::uint64_t | DEFAULT_SAFETY_MARGIN_S = 30 |
| Default safety margin in seconds for checking access token expiration. | |
| Protected Member Functions inherited from tenduke::oidc::OIDCSessionImpl | |
| virtual bool | hasRefreshableState () |
| Checks if the session has state, which can be refreshed. | |
| virtual void | login () |
| Performs login. | |
| Protected Attributes inherited from tenduke::oidc::OIDCSessionImpl | |
| std::shared_ptr< tenduke::oidc::OIDCState > | state |
| The OIDC-state. | |
| std::unique_ptr< tenduke::oidc::OIDCLoginRequest > | loginRequest |
| Current login request. | |
| const std::chrono::milliseconds | loginTimeout |
| Login timeout. | |
| const std::uint64_t | validitySafetyMarginS |
| Safety margin in seconds for checking if access token has expired. | |
| const std::shared_ptr< tenduke::time::Clock > | clock |
| Clock for checking session validity locally. | |
| const std::shared_ptr< const tenduke::oidc::OIDCLogin > | oidc |
| Service to perform OIDC login. | |
| const std::shared_ptr< const tenduke::oidc::OIDCClient > | oidcClient |
| The OIDC-client. | |
| const std::shared_ptr< tenduke::oidc::OIDCSessionEventListener > | notify |
| Listener for OIDC session events. | |
Constructor & Destructor Documentation
◆ IdTokenSession()
| tenduke::oidc::IdTokenSession::IdTokenSession | ( | std::unique_ptr< tenduke::oidc::OIDCState > | state, |
| const std::shared_ptr< const tenduke::oidc::OIDCLogin > & | oidc, | ||
| const std::shared_ptr< const tenduke::oidc::OIDCClient > & | oidcClient, | ||
| const std::shared_ptr< tenduke::time::Clock > & | clock, | ||
| const std::shared_ptr<::tenduke::oidc::OIDCSessionEventListener > & | eventListener, | ||
| uint64_t | validitySafetyMarginS, | ||
| const std::chrono::seconds & | loginTimeout | ||
| ) |
Constructs new instance.
- Parameters
-
state - oidc - oidcClient - clock - eventListener - validitySafetyMarginS - loginTimeout -
Member Function Documentation
◆ isValid()
|
overridevirtual |
Checks that local session is valid.
This method checks that there is a session and it has not expired.
Note that this method only checks the local session information, it does not verify the state from the backend. This means that requests using the access token might fail even if this method returns true, because .e.g.
- The state might have expired in the backend, but the client believes that the session is valid, because there is a clock skew or some other inaccuracy
- The state might have been invalidated in the backend (e.g. by admin user)
- Returns
- -
- Exceptions
-
tenduke::TimedOut when concurrent access times out
Implements tenduke::oidc::OIDCSession.
◆ refreshOrLogin()
|
overridevirtual |
Performs either refresh, or if it fails, new login.
Reimplemented from tenduke::oidc::OIDCSessionImpl.
The documentation for this class was generated from the following files:
- core/oidc/core/src/oidc/idtoken/IdTokenSession.h
- core/oidc/core/src/oidc/idtoken/IdTokenSession.cpp
