001/*- 002 * #%L 003 * Smile CDR - CDR 004 * %% 005 * Copyright (C) 2016 - 2025 Smile CDR, Inc. 006 * %% 007 * All rights reserved. 008 * #L% 009 */ 010package ca.cdr.api.security; 011 012import jakarta.annotation.Nonnull; 013import org.apache.http.message.BasicNameValuePair; 014 015import java.util.ArrayList; 016import java.util.List; 017 018/** 019 * Keeps user-defined parameters used for SMART client authentication. 020 * Before object is used to build {@code ClientAuthInterceptor}, one of myJwt or mySecret properties 021 * must be valid depending on the intended authorization flow: 022 * <ul><li>myJwt: for private_key_jwt workflow</li> 023 * <li>mySecret: for client_secret workflow</li></ul> 024 */ 025public class ClientAuthParams { 026 027 /** 028 * Client id configured in authentication server 029 */ 030 private final String myClientId; 031 032 /** 033 * Name of the client secret defined in authentication server. 034 * Used for client_secret client authentication flow. 035 */ 036 private String myClientSecret; 037 038 /** 039 * Name of the keystore containing the JWT used to authenticate token requests 040 * Used for private_key_jwt client authentication flow. 041 */ 042 private String myKeystoreName; 043 044 /** 045 * Some security servers don't accept https protocol in the audience. This flag 046 * forces http as the audience protocol 047 */ 048 private boolean myForceHttpInTokenRequestAudience; 049 050 /** 051 * Requested access token scope. 052 */ 053 private String myScope; 054 055 /** 056 * Used in jwt and client credentials flows 057 * List of pairs name-value which will be added to access token request 058 */ 059 protected final List<BasicNameValuePair> myCustomTokenRequestParams = new ArrayList<>(); 060 061 /** 062 * Client TLS configuration, if a TLS-enabled connection is desired 063 */ 064 private Object myClientTlsConfig; 065 066 public ClientAuthParams(@Nonnull String theClientId) { 067 myClientId = theClientId; 068 } 069 070 public ClientAuthParams withKeystore(String theKeystoreName) { 071 myKeystoreName = theKeystoreName; 072 return this; 073 } 074 075 public ClientAuthParams withClientSecret(String theClientSecret) { 076 myClientSecret = theClientSecret; 077 return this; 078 } 079 080 @SuppressWarnings("UnusedReturnValue") 081 public ClientAuthParams withScope(String theScope) { 082 myScope = theScope; 083 return this; 084 } 085 086 public ClientAuthParams withAdditionalParameters(List<BasicNameValuePair> theAdditionalParameters) { 087 myCustomTokenRequestParams.addAll(theAdditionalParameters); 088 return this; 089 } 090 091 public ClientAuthParams withForceHttpInTokenRequestAudience(boolean theForceHttp) { 092 myForceHttpInTokenRequestAudience = theForceHttp; 093 return this; 094 } 095 096 public ClientAuthParams withTlsConfig(Object theClientTlsConfig) { 097 myClientTlsConfig = theClientTlsConfig; 098 return this; 099 } 100 101 public boolean isForceHttpInTokenRequestAudience() { 102 return myForceHttpInTokenRequestAudience; 103 } 104 105 public String getKeystoreName() { 106 return myKeystoreName; 107 } 108 109 public String getClientId() { 110 return myClientId; 111 } 112 113 public List<BasicNameValuePair> getCustomTokenRequestParams() { 114 return myCustomTokenRequestParams; 115 } 116 117 public String getScope() { 118 return myScope; 119 } 120 121 public String getClientSecret() { 122 return myClientSecret; 123 } 124 125 public Object getClientTlsConfig() { 126 return myClientTlsConfig; 127 } 128}