Package net.datenwerke.oidc.server.provider

Interface OidcProvider

All Superinterfaces:

OidcProvider

All Known Implementing Classes:

Nimbus

public interface OidcProvider
extends OidcProvider

Method Summary

Modifier and Type	Method	Description
void	endSession(String idToken)	Ends the authenticated user’s session with the OpenID Connect (OIDC) provider without redirecting the user’s browser.
void	fetchMetadata()
TokenIntrospection	introspectToken(String token)	Introspects the given OAuth 2.0 access token using the OIDC provider's token introspection endpoint as defined in RFC 7662.
DecodedToken	parseToken(String token)

Methods inherited from interface net.datenwerke.oidc.shared.provider.OidcProvider

getIdToken, getLogoutUrl, getToken, login, registerCallback

Method Details

introspectToken

TokenIntrospection introspectToken(String token)

Introspects the given OAuth 2.0 access token using the OIDC provider's token introspection endpoint as defined in RFC 7662.

Token introspection is a mechanism that allows a protected resource to query the authorization server for metadata about an access token, including whether the token is currently active (valid) and additional claims describing the token's context.

Implementations are expected to throw an IllegalStateException if the token is invalid, inactive, or if the introspection request fails for any reason (network error, malformed response, missing endpoint, etc.).

Parameters:

token - The access token to validate. Must be a non-null, non-empty string.

Returns:

A map of token claims as defined by RFC 7662, if the token is valid and active. The returned map is guaranteed to contain the active claim, as mandated by RFC 7662, and may include additional claims such as exp, scope, client_id, sub, etc., depending on the OIDC provider and token type.

Throws:

IllegalStateException - If the token is invalid, inactive, or introspection fails.

parseToken

DecodedToken parseToken(String token)

endSession

void endSession(String idToken)

Ends the authenticated user’s session with the OpenID Connect (OIDC) provider without redirecting the user’s browser.

This variant calls the provider’s end-session (logout) endpoint directly using the id_token_hint parameter to identify the session to terminate. It is used in backend logout scenarios or when the application needs to trigger logout silently without user interaction, e.g. on errors.

Parameters:

idToken - the ID token of the authenticated user, used as id_token_hint in the logout request. Must not be null.

fetchMetadata

void fetchMetadata()
            throws Exception

Throws:

Exception