Copyright © Cloud Software Group, Inc. All Rights Reserved
Copyright © Cloud Software Group, Inc. All Rights Reserved


Chapter 14 OAuth Service Provider Interface : Client Service Provider Interface
Client Service Provider Interface
The client service provider interface is used by the OAuth server to authenticate a client when the client is requesting the access token during the authorization code or client credential flow. It enables the OAuth server to authenticate the client and obtain attributes of the client.
Client Service Provider Interface (SPI) Flow
The following figure illustrates the flow for client service provider interface.
Figure 30 Client SPI Flow
 
Client Service Provider Interface (SPI) Java API
The following is the Java API of the client service provider interface:
 
/**
* ClientAdapter is the interface use by OpenID Provider to authenticate client.
* It is also for OpenID Provider to retrieve the clients scopes.
* <p/>
* A ClientAdapter is implemented by Portal Service who manages the client registration.
*
*/
public interface ClientAdapter {
/**
* This method is called when the instance of the adapter is first loaded.
* The properties is a map of properties from SecurityRuntime.cfg.
* The adapter may initialize itself using these properties.
*
* @param properties a map of properties from SecurityRuntime.cfg.
*/
public void init(Map<String, String> properties);
/**
* Authenticate the client with the specify id and secret.
*
* @param clientId client id to authenticate.
* @param secret secret to authenticate.
* @return a DirectoryResult that has the result of the authentication.
*/
public ClientResult authenticateClient(String clientId, String secret);
/**
* Retrieve scopes for the specify client.
*
* @param clientId the clientId to retrieve the scope.
* @return return a map that contains information of the scopes.
* scope -> array of scopes
* description -> array of descriptions
* @throws AdapterException an exception if failed to retrieve the scopes of the client.
*/
public Map<String, String> getClientAttributes(String clientId)
throws AdapterException;
}
 
getAttributes
The required attributes for getAttributes are as follows:
Table 142 Required Attributes For getAttributes
Attribute
Description
dn
Specifies the distinguish name for the client.
oidcClientID
Specifies the unique ID for the client.
oidcClientRedirectURI
Specifies the redirect or callback URL.
scopes
Specifies a list of comma separated scopes.
Sample attributes:
The following table shows the sample attributes:
Attribute
Sample Value
oidcClientID
playground
dn
oidcClientIDplayground
ou
client
dc
tibco
scopes
public playground
oidcClientRedirectURI
https://redirectHost/site/client/redirectEndpoint
oidcAppName
Playground
oidcAppLogoURL
https://redirectHost/site/client/logo
oidcClientEmail
playground.asg@tibco.com
Copyright © Cloud Software Group, Inc. All Rights Reserved
Copyright © Cloud Software Group, Inc. All Rights Reserved