...
CXF-based clients can use a helper RefreshTokenGrant bean to request a new access token with OAuthClientUtils.
SAML and JWT Assertions
SAML2 Bearer assertions and JWT assertions can be used as token grants.
JWT assertion grants are supported in this package. JwtBearerClientCredentialsGrant is AccessTokenGrantHandler one can register with AccessTokenService. JwtBearerGrantHandler is a client side helper once can use with OAuthClientUtils. JwtBearerAuthHandler can be used as a generic client authentication filter (where the client authenticated with JWT token as opposed to with a username:password pair, etc).
Please also see JAXRS OAuth2 Assertions section for more information.
...
- JoseSessionTokenProvider can be used as a custom SessionAuthenticityTokenProvider with AuthorizationCodeGrantService or ImplicitService
- JoseClientCodeStateManager can be used with ClientCodeRequestFilter in confidential client web applications.
- JWT assertion client and server grant handlers are shipped in this package.
- JwtRequestCodeFilter and JwetRequestCodeGrant are provided to support securing authorization code and implicit flow request properties.
- Initial utility code for representing JWT as access tokens is provided and to be extended further.
- A number of utiliy classes for working with JWT are available: OAuthJoseJwtConsumer, OAuthJoseJwtProducer and OAuthServerJoseJwtProducer. These classes extend JOSE producer and consumer helpers and support the use of OAuth2 Client secrets and public certificates in JWS or JWE operations.
OAuth2 and OIDC
CXF shipis OIDC RP and IDP service code which depends on its OAuth2 and JOSE implementations. See this page for more information.
...