In Java EE 7, JAX-RS 2.0 was introduced to provide a standard REST client API to work with RESTful services. One of the more recent standards in the world of OAuth 2.0 is the use of OpenID Connect to handle the identity of the user. One of the features of OpenID Connect is the notion of discovery where an OpenID Provider Configuration specifies the endpoints and capabilities. Having a standard prevents us from having to deal with keeping track of possible OAuth Endpoints. This post details how JAX-RS 2.0 Client API can be used to work with the OpenID Provider Configuration though it can be used with almost any JSON structure.
JAX-RS supports the JAXB annotations to build objects. The following an annotated POJO (minus the getters and setters) that describes the data that is returned by a OpenID Provider Configuration Request. Note that not all the fields needed for regular use and only the key ones are listed and missing fields should not crash the program.
@XmlRootElement
@XmlAccessorType(XmlAccessType.FIELD)
public class OpenIDProviderConfiguration {
@XmlElement(name = "authorization_endpoint")
private URI authorizationEndpoint;
@XmlElement(name = "issuer")
private String issuer;
@XmlElement(name = "jwks_uri")
private URI jwksUri;
@XmlElement(name = "token_endpoint")
private URI tokenEndpoint;
}To get the configuration is usually some base URI + .well-known/openid-configuration. For Salesforce it is https://login.salesforce.com/.well-known/openid-configuration. To get the data we create a new REST client using ClientBuilder.newClient() followed by targeting the URL, and performing a GET request specifying the class to build as shown in the following test.
@Test
public void testSalesforceOpenIdConfiguration() throws Exception {
Client restClient = ClientBuilder.newClient();
OpenIDProviderConfiguration config = restClient
.target("https://login.salesforce.com/.well-known/openid-configuration")
.request().get(OpenIDProviderConfiguration.class);
assertEquals("https://login.salesforce.com", config.getIssuer());
}That’s about all that is needed to perform parsing into an object from a REST client.
The only problem is that there is no API in the JAX-RS 2.0 Client API standards that I can see that discusses how to do the mapping of JSON string into an object without using the REST API.
Note
Ironically, Microsoft who is listed as one of the authors of the spec along with the JWK and JWT specs do not have this in place with their login.live.com servers does not provide an OpenID Configuration URL. So far only Google and Salesforce.com do this correctly (except Google got the issuer value wrong). Facebook, Yahoo and Twitter have not yet joined the bandwagon yet.