Skip to content

Commit b7f9ead

Browse files
maximthomasmaximthomas
authored
Docs: add accessTokenResolver to the OAuth2ResourceServerFilter reference (#103)
1 parent 38c3976 commit b7f9ead

File tree

1 file changed

+22
-5
lines changed

1 file changed

+22
-5
lines changed

openig-doc/src/main/asciidoc/reference/filters-conf.adoc

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
information: "Portions copyright [year] [name of copyright owner]".
1313

1414
Copyright 2017 ForgeRock AS.
15-
Portions Copyright 2024 3A Systems LLC.
15+
Portions Copyright 2024-2025 3A Systems LLC.
1616
////
1717
1818
:figure-caption!:
@@ -1187,6 +1187,7 @@ If the scopes for the access token do not match the specified required scopes, t
11871187
"name": string,
11881188
"type": "OAuth2ResourceServerFilter",
11891189
"config": {
1190+
"accessTokenResolver": AccessTokenResolver reference,
11901191
"providerHandler": Handler reference,
11911192
"scopes": [ expression, ... ],
11921193
"tokenInfoEndpoint": URL string,
@@ -1203,6 +1204,22 @@ An alternative value for type is OAuth2RSFilter.
12031204
==== Properties
12041205
--
12051206
1207+
`"accessTokenResolver"`: __reference, optional__::
1208+
Resolves an access token against an Authorization Server. Currently, supports the link:{apidocs-url}/index.html?org/forgerock/openig/filter/oauth2/ScriptableAccessTokenResolver.html[`ScriptableAccessTokenResolver`, window=\_blank] to customize the default access token resolution algorithm. The example below utilizes the `token.groovy` script to resolve an access token.
1209+
+
1210+
[source, json]
1211+
----
1212+
{
1213+
"accessTokenResolver": {
1214+
"type": "ScriptableAccessTokenResolver",
1215+
"config": {
1216+
"type": "application/x-groovy",
1217+
"file": "token.groovy"
1218+
}
1219+
}
1220+
}
1221+
----
1222+
12061223
`"providerHandler"`: __Handler reference, optional__::
12071224
Invoke this HTTP client handler to send token info requests.
12081225
@@ -1231,13 +1248,13 @@ Duration for which to cache OAuth 2.0 access tokens.
12311248
Caching allows OpenIG to avoid repeated requests for token info when reusing the information over a short period.
12321249
+
12331250
A link:{apidocs-url}/index.html?org/forgerock/openig/util/Duration.html[duration, window=\_blank] is a lapse of time expressed in English, such as `23 hours 59 minutes and 59 seconds`.
1234-
1251+
+
12351252
Durations are not case sensitive.
1236-
1253+
+
12371254
Negative durations are not supported.
1238-
1255+
+
12391256
The following units can be used in durations:
1240-
1257+
+
12411258
* `indefinite`, `infinity`, `undefined`, `unlimited`: unlimited duration
12421259
12431260
* `zero`, `disabled`: zero-length duration

0 commit comments

Comments
 (0)