Class OpenIdConnectAuthenticator

java.lang.Object
org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectAuthenticator

public class OpenIdConnectAuthenticator extends Object
Handles an OpenID Connect Authentication response as received by the facilitator. In the case of an implicit flow, validates the ID Token and extracts the elasticsearch user properties from it. In the case of an authorization code flow, it first exchanges the code in the authentication response for an ID Token at the token endpoint of the OpenID Connect Provider.
  • Constructor Details

  • Method Details

    • authenticate

      public void authenticate(OpenIdConnectToken token, ActionListener<com.nimbusds.jwt.JWTClaimsSet> listener)
      Processes an OpenID Connect Response to an Authentication Request that comes in the form of a URL with the necessary parameters, that is contained in the provided Token. If the response is valid, it calls the provided listener with a set of OpenID Connect claims that identify the authenticated user. If the UserInfo endpoint is specified in the configuration, we attempt to make a UserInfo request and add the returned claims to the Id Token claims.
      Parameters:
      token - The OpenIdConnectToken to consume
      listener - The listener to notify with the resolved JWTClaimsSet
    • close

      protected void close()