Serialized Form

Package com.broadleafcommerce.auth.authorization.provider.jpa.domain

Class com.broadleafcommerce.auth.authorization.provider.jpa.domain.JpaOAuth2Authorization

class JpaOAuth2Authorization extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessTokenExpiresAt

Long accessTokenExpiresAt

accessTokenIssuedAt

Long accessTokenIssuedAt

accessTokenMetadata

String accessTokenMetadata

accessTokenScopes

String accessTokenScopes

accessTokenType

String accessTokenType

accessTokenValue

String accessTokenValue

See Also:

• JpaOAuth2Authorization.getAccessTokenValueHash()

accessTokenValueHash

String accessTokenValueHash

The column length of JpaOAuth2Authorization.getAccessTokenValue() forces it to be a non-queryable, non-indexable Lob on certain database providers.

This column should contain some hashed representation of the JpaOAuth2Authorization.getAccessTokenValue() (if present). The main idea is for indexing and queries to be run against this smaller hash rather than the raw value directly.

Note - the hashing algorithm must be strongly collision resistant to minimize the chances of multiple values sharing the same hash. Furthermore, even with a strong hashing algorithm, all queries must account for the fact that collisions are inevitable and should not assume that a query for a particular hash will only ever return a single result. Queries should examine the result list, and if more than one result is returned for the same hash, perform direct in-memory comparison of JpaOAuth2Authorization.getAccessTokenValue() to drop unexpected results.

See Also:

• JpaOAuth2AuthorizationHashValueProvider

attributes

String attributes

authorizationCodeExpiresAt

Long authorizationCodeExpiresAt

authorizationCodeIssuedAt

Long authorizationCodeIssuedAt

authorizationCodeMetadata

String authorizationCodeMetadata

authorizationCodeValue

String authorizationCodeValue

authorizationGrantType

String authorizationGrantType

authorizedScopes

String authorizedScopes

deviceCodeExpiresAt

Long deviceCodeExpiresAt

deviceCodeIssuedAt

Long deviceCodeIssuedAt

deviceCodeMetadata

String deviceCodeMetadata

deviceCodeValue

String deviceCodeValue

id

String id

oicdIdTokenExpiresAt

Long oicdIdTokenExpiresAt

oid

String oid

oidcIdTokenIssuedAt

Long oidcIdTokenIssuedAt

oidcIdTokenMetadata

String oidcIdTokenMetadata

oidcIdTokenValue

String oidcIdTokenValue

See Also:

• JpaOAuth2Authorization.getOidcIdTokenValueHash()

oidcIdTokenValueHash

String oidcIdTokenValueHash

The column length of JpaOAuth2Authorization.getOidcIdTokenValue() forces it to be a non-queryable, non-indexable Lob on certain database providers.

This column should contain some hashed representation of the JpaOAuth2Authorization.getOidcIdTokenValue() (if present). The main idea is for indexing and queries to be run against this smaller hash rather than the raw value directly.

Note - the hashing algorithm must be strongly collision resistant to minimize the chances of multiple values sharing the same hash. Furthermore, even with a strong hashing algorithm, all queries must account for the fact that collisions are inevitable and should not assume that a query for a particular hash will only ever return a single result. Queries should examine the result list, and if more than one result is returned for the same hash, perform direct in-memory comparison of JpaOAuth2Authorization.getOidcIdTokenValue() to drop unexpected results.

See Also:

• JpaOAuth2AuthorizationHashValueProvider

principalName

String principalName

refreshTokenExpiresAt

Long refreshTokenExpiresAt

refreshTokenIssuedAt

Long refreshTokenIssuedAt

refreshTokenMetadata

String refreshTokenMetadata

refreshTokenValue

String refreshTokenValue

registeredClientId

String registeredClientId

state

String state

userCodeExpiresAt

Long userCodeExpiresAt

userCodeIssuedAt

Long userCodeIssuedAt

userCodeMetadata

String userCodeMetadata

userCodeValue

String userCodeValue

Package com.broadleafcommerce.auth.authorization.security.embedded.code

Class com.broadleafcommerce.auth.authorization.security.embedded.code.EmbeddedLoginCodeAuthenticationToken

class EmbeddedLoginCodeAuthenticationToken extends org.springframework.security.authentication.AbstractAuthenticationToken implements Serializable

Serialized Fields

additionalParameters

Map<String,Object> additionalParameters

clientId

String clientId

code

String code

purpose

String purpose

requestedScopes

Set<String> requestedScopes

userDetails

OAuth2UserDetails userDetails

username

String username

Package com.broadleafcommerce.auth.authorization.security.embedded.exception

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedLoginNotAllowedException

class EmbeddedLoginNotAllowedException extends org.springframework.security.core.AuthenticationException implements Serializable

Serialized Fields

authServerId

String authServerId

ID of the AuthorizationServer that received the request.

clientId

String clientId

ID of the AuthorizedClient that received the request.

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedLoginOTPResponseException

class EmbeddedLoginOTPResponseException extends org.springframework.security.core.AuthenticationException implements Serializable

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedRegistrationNotAllowedException

class EmbeddedRegistrationNotAllowedException extends RuntimeException implements Serializable

Serialized Fields

authServerId

String authServerId

ID of the AuthorizationServer that received the request.

clientId

String clientId

ID of the AuthorizedClient that received the request.

Package com.broadleafcommerce.auth.authorization.security.embedded.login

Class com.broadleafcommerce.auth.authorization.security.embedded.login.EmbeddedLoginAuthenticationToken

class EmbeddedLoginAuthenticationToken extends FormLoginAuthenticationToken implements Serializable

serialVersionUID:

1L

Package com.broadleafcommerce.auth.client.domain

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationProviderDetails

class OAuthClientRegistrationProviderDetails extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationUri

String authorizationUri

See Also:

• ClientRegistration.ProviderDetails.getAuthorizationUri()

configurationMetadata

Map<String,Object> configurationMetadata

See Also:

• ClientRegistration.ProviderDetails.getConfigurationMetadata()

issuerUri

String issuerUri

URI that can either be an OpenID Connect discovery endpoint or an OAuth 2.0 Authorization Server Metadata endpoint defined by RFC 8414.

This is used to gather the provider details which would otherwise be unknown since some providers only provide this to integrators.

jwkSetUri

String jwkSetUri

See Also:

• ClientRegistration.ProviderDetails.getJwkSetUri()

registrationId

String registrationId

The ID of the registered provider. Should match OAuthClientRegistrationWrapper.getRegistrationId().

tokenUri

String tokenUri

See Also:

• ClientRegistration.ProviderDetails.getTokenUri()

userInfoEndpoint

OAuthClientRegistrationProviderDetails.UserInfoEndpoint userInfoEndpoint

See Also:

• ClientRegistration.ProviderDetails.getUserInfoEndpoint()

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationProviderDetails.UserInfoEndpoint

class UserInfoEndpoint extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authenticationMethod

String authenticationMethod

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getAuthenticationMethod()

uri

String uri

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getUri()

userNameAttributeName

String userNameAttributeName

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getUserNameAttributeName()

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationWrapper

class OAuthClientRegistrationWrapper extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationGrantType

String authorizationGrantType

See Also:

• ClientRegistration.getAuthorizationGrantType()

clientAuthenticationMethod

String clientAuthenticationMethod

See Also:

• ClientRegistration.getClientAuthenticationMethod()

clientId

String clientId

See Also:

• ClientRegistration.getClientId()

clientName

String clientName

See Also:

• ClientRegistration.getClientName()

clientSecret

String clientSecret

See Also:

• ClientRegistration.getClientSecret()

id

String id

The system ID of the registration

providerDetails

OAuthClientRegistrationProviderDetails providerDetails

See Also:

• ClientRegistration.getProviderDetails()
• OAuthClientRegistrationProviderDetails

redirectUriTemplate

String redirectUriTemplate

See Also:

• ClientRegistration.getRedirectUri()

registrationId

String registrationId

See Also:

• ClientRegistration.getRegistrationId()

scopes

Set<String> scopes

See Also:

• ClientRegistration.getScopes()

tenantId

String tenantId

The ID of the Tenant this registration belongs to. Different tenants can have different credentials for the same client provider (e.g. Facebook, Google).

Package com.broadleafcommerce.auth.client.provider.authentication

Class com.broadleafcommerce.auth.client.provider.authentication.BroadleafOAuthClientAuthenticationDetails

class BroadleafOAuthClientAuthenticationDetails extends Object implements Serializable

Serialized Fields

clientId

String clientId

Package com.broadleafcommerce.auth.client.provider.jpa.domain

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuthClientProviderDetails

class JpaOAuthClientProviderDetails extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationUri

String authorizationUri

configurationMetadata

Map<String,Object> configurationMetadata

id

String id

jwkSetUri

String jwkSetUri

registrationId

String registrationId

tokenUri

String tokenUri

userInfoAuthenticationMethod

String userInfoAuthenticationMethod

userInfoUri

String userInfoUri

userInfoUserNameAttributeName

String userInfoUserNameAttributeName

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuthClientRegistration

class JpaOAuthClientRegistration extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationGrantType

String authorizationGrantType

clientAuthenticationMethod

String clientAuthenticationMethod

clientId

String clientId

clientName

String clientName

clientSecret

String clientSecret

id

String id

providerDetails

JpaOAuthClientProviderDetails providerDetails

redirectUriTemplate

String redirectUriTemplate

registrationId

String registrationId

scopes

Set<String> scopes

tenantId

String tenantId

Package com.broadleafcommerce.auth.client.web.authentication.session.exception

Exception com.broadleafcommerce.auth.client.web.authentication.session.exception.MissingOAuth2AuthenticationAttributeException

class MissingOAuth2AuthenticationAttributeException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.passcode.service

Exception com.broadleafcommerce.auth.passcode.service.PasscodeNotConsumedException

class PasscodeNotConsumedException extends Exception implements Serializable

Package com.broadleafcommerce.auth.repository.provider.hibernate.generation

Class com.broadleafcommerce.auth.repository.provider.hibernate.generation.ULIDGenerationStrategy

class ULIDGenerationStrategy extends Object implements Serializable

Package com.broadleafcommerce.auth.resource.domain

Class com.broadleafcommerce.auth.resource.domain.AccountRole

class AccountRole extends Object implements Serializable

Serialized Fields

accountId

String accountId

active

boolean active

id

String id

roleRef

UserRoleRef roleRef

userId

String userId

Class com.broadleafcommerce.auth.resource.domain.RestrictedPermission

class RestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

permission

UserPermissionRef permission

Represents the permission that is being restricted.

restriction

Restriction restriction

Represents the restriction on this permission.

Class com.broadleafcommerce.auth.resource.domain.RestrictedRole

class RestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

restriction

Restriction restriction

Represents the restriction on this role.

role

UserRoleRef role

Represents the role that is being restricted.

Class com.broadleafcommerce.auth.resource.domain.Restriction

class Restriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

targets

Set<String> targets

Represents the targets of the restriction.

type

String type

Represents the type of the restriction.

Class com.broadleafcommerce.auth.resource.domain.User

class User extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRoles

List<AccountRole> accountRoles

Roles this user has under specific Account contexts.

active

boolean active

A flag indicating whether the user account is enabled. If false, they will not be able to log in.

This flag should be used if a user needs to be enabled/disabled for administrative reasons.

applicationAccess

boolean applicationAccess

Indicates whether this user has access at the application level or not.

This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

applicationIds

Set<String> applicationIds

This field only applies to UserType.ADMIN users.

The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

archived

boolean archived

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

attributes

Map<String,Object> attributes

Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.

changePasswordRequired

boolean changePasswordRequired

A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.

customerContextId

String customerContextId

This field only applies to UserType.CUSTOMER users.

The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

defaultAccountId

String defaultAccountId

The default account for the customer. If set, the customer will automatically have this account selected on login.

email

String email

The user's email address.

expired

boolean expired

A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

externalId

String externalId

Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.

firstName

String firstName

The first name of the user, if the fullName is not being used for the user.

fullName

String fullName

The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.

id

String id

impersonationAllowed

boolean impersonationAllowed

A flag indicated whether or not this user is allowed to be impersonated.

lastName

String lastName

The last name of the user, if the fullName is not being used for the user.

lastUpdated

Instant lastUpdated

Indicates when this record was last updated.

locked

boolean locked

A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

This flag is used to limit invalid login attempt.

lockedTime

Instant lockedTime

If this user is locked out, the time that the user was locked.

middleName

String middleName

The middle name of the user, if the fullName is not being used for the user.

passwordLastUpdated

Instant passwordLastUpdated

The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one.

permissions

Set<UserPermissionRef> permissions

The permissions that this user is directly assigned (in addition to permissions granted through User.roles).

restrictedPermissions

Set<RestrictedPermission> restrictedPermissions

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictedRoles

Set<RestrictedRole> restrictedRoles

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictions

Set<Restriction> restrictions

The data restrictions that control the data this user is permitted to access.

roles

Set<UserRoleRef> roles

The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.

serverId

String serverId

The ID of the authorization server that this user is a member of.

serviceId

String serviceId

If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

If this value is set, there should also be a value set for User.type.

There is a requirement that only if both values are non-null, a combination of this field and User.type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null User.type.

See Also:

• User.type

tenantAccess

boolean tenantAccess

Indicates whether this user has access at the tenant level or not.

This field only applies to UserType.ADMIN users.

tenantId

String tenantId

The id of the tenant this user is associated with.

type

String type

Represents the type of user this is. This value must be supplied if User.serviceId is set.

See Also:

• UserType
• User.serviceId

username

String username

What this user uses to actually log in. May be the same as User.email, but that is not required.

The username is case insensitive, so it will always be stored lowercase.

Class com.broadleafcommerce.auth.resource.domain.UserHistoricalPassword

class UserHistoricalPassword extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

The date when the password was created.

Package com.broadleafcommerce.auth.resource.web.endpoint.exception

Exception com.broadleafcommerce.auth.resource.web.endpoint.exception.InvalidApplicationContextException

class InvalidApplicationContextException extends Exception implements Serializable

Exception com.broadleafcommerce.auth.resource.web.endpoint.exception.InvalidApplicationIdException

class InvalidApplicationIdException extends Exception implements Serializable

Package com.broadleafcommerce.auth.security.domain

Class com.broadleafcommerce.auth.security.domain.JpaAccountRoleXref

class JpaAccountRoleXref extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountId

String accountId

active

boolean active

id

String id

role

JpaUserRole role

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserPermission

class JpaUserPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountPermission

boolean accountPermission

archived

boolean archived

See Also:

• UserPermission.archived

id

String id

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• UserPermission.lastUpdated

name

String name

userAssignable

boolean userAssignable

Class com.broadleafcommerce.auth.security.domain.JpaUserRestrictedPermission

class JpaUserRestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

permission

JpaUserPermission permission

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRestrictedRole

class JpaUserRestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

role

JpaUserRole role

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRestriction

class JpaUserRestriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRole

class JpaUserRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRole

boolean accountRole

archived

boolean archived

See Also:

• UserRole.archived

description

String description

friendlyName

String friendlyName

id

String id

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• UserRole.lastUpdated

name

String name

parentRoleId

String parentRoleId

A soft reference to the parent of this role.

See Also:

• UserRole.parentRoleId

permissions

Set<JpaUserPermission> permissions

Class com.broadleafcommerce.auth.security.domain.PermissionScope

class PermissionScope extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

permission

String permission

The permission or base root of a permission which can expand to a CRUD operation.

Note that if a permission name starts with a PermissionType prefix, it must be declared as a permission root by setting PermissionScope.permissionRoot to true.

See Also:

• PermissionType
• PermissionScope.permissionRoot

permissionRoot

boolean permissionRoot

Is this the root of a permission? If this is false this is a direct mapping between a permission and a scope. In other words, the usual CREATE_, READ_, UPDATE_, DELETE_, ALL_ prefixes do not apply to this scope/permission relationship.

scope

SecurityScope scope

Class com.broadleafcommerce.auth.security.domain.SecurityScope

class SecurityScope extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

open

boolean open

Whether all users should have this scope assigned to them, regardless of what their underlying permissions are.

Package com.broadleafcommerce.auth.security.service.exception

Exception com.broadleafcommerce.auth.security.service.exception.InvalidUserRoleDeleteException

class InvalidUserRoleDeleteException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.server.domain

Class com.broadleafcommerce.auth.server.domain.AuthorizedClient

class AuthorizedClient extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

applicationId

String applicationId

Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.

attributes

Map<String,Object> attributes

Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.

authCodeTimeoutSeconds

Integer authCodeTimeoutSeconds

The period of time, in seconds, that an auth code issued will be valid for.

authoritativeResourceIds

boolean authoritativeResourceIds

When true, AuthorizedClient.getResourceIds() are considered authoritative. In other words, the tokens issued for this client will only contain audience values from AuthorizedClient.getResourceIds() and no other values. This can be useful in scenarios where a client needs to have highly specific resource restrictions.

When false, AuthorizedClient.getResourceIds() are considered additive on top of defaults inherited from other places such as AuthorizationServerProperties.OAuth2.getAdditionalAudiences(). In other words, the tokens issued for this client will contain audience values from both AuthorizedClient.getResourceIds() and any other inherited value.

See Also:

• AuthorizedClient.getResourceIds()

clientAuthenticationMethods

Set<String> clientAuthenticationMethods

The authentication method(s) that the client may use. This should just be ClientAuthenticationMethod.getValue(). Use ClientAuthenticationMethod.NONE for public clients.

This particularly affects how a client would provide its credentials to the '/token' endpoint.

See Also:

• RegisteredClient.getClientAuthenticationMethods()

clientId

String clientId

The OAuth2 client ID for this authorized client. Usually generated as a randomized string.

clientIdIssuedAt

Instant clientIdIssuedAt

Indicates the time at which the AuthorizedClient.getClientId() was issued. This is a completely optional field, and is not set by Broadleaf by default.

See Also:

• RegisteredClient.getClientIdIssuedAt()

clientSecret

String clientSecret

The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.

clientSecretExpiresAt

Instant clientSecretExpiresAt

Indicates the time at which AuthorizedClient.getClientSecret() expires. If not set, the client secret does not expire. Broadleaf does not set this value by default.

See Also:

• RegisteredClient.getClientSecretExpiresAt()

defaultRedirectUri

String defaultRedirectUri

The default redirect URI to use if a user accesses an authentication operation without a valid requested redirect location.

In many cases, this is effectively the default value to use if a match is not found in AuthorizedClient.getPostAuthenticationSuccessRedirectUris() or if no value was explicitly requested.

This is distinct from AuthorizedClient.getRedirectUris() and is not intended for use with OAuth-specific validations.

See Also:

• AuthorizedClient.getPostAuthenticationSuccessRedirectUris()

friendlyName

String friendlyName

The friendly name of this authorized client. Intended for display purposes

grantTypes

Set<String> grantTypes

The grant types for which this client is authorized.

id

String id

The primary key of this authorized client.

isAdmin

boolean isAdmin

Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.

permissions

Set<String> permissions

Returns the Broadleaf permissions that are assigned as authorities to this client in an OAuth2 flow. These apply to client-only flows (ex: AuthorizationGrantType.CLIENT_CREDENTIALS). These do not apply to user flows.

See Also:

• PermissionRepository
• PermissionScope.getPermission()

postAuthenticationSuccessRedirectUris

Set<String> postAuthenticationSuccessRedirectUris

A whitelist of redirect URIs that the caller can request redirect to after successful authentication related operations. This can contain relative and absolute values.

If none are configured or none match the request, AuthorizedClient.getDefaultRedirectUri() should be used.

Critically, this is distinct from AuthorizedClient.getRedirectUris() and is not intended for use in OAuth validation.

See Also:

• ClientRedirectService.isValidPostAuthenticationSuccessUrl(String, String)

postLogoutRedirectUris

Set<String> postLogoutRedirectUris

The post logout redirect URI(s) that the client may use for logout.

This is only applicable when using the OpenID Connect RP-Initiated Logout 1.0 flow.

See Also:

• RegisteredClient.getPostLogoutRedirectUris()
• OidcLogoutAuthenticationProvider

proofKeyRequired

Boolean proofKeyRequired

Whether the client is explicitly opted-in to PKCE for auth code flows. The default is true if this value is unset.

redirectUris

Set<String> redirectUris

The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

Any of these values may be relative, and if so, the AuthorizedClientService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final RegisteredClient.getRedirectUris().

These are exclusively intended to be for OAuth redirect validation, and not for validation of arbitrary redirects from various authentication operations such as login. See AuthorizedClient.getPostAuthenticationSuccessRedirectUris() for more information.

See Also:

• AuthorizedClientService.resolveAbsolutePathsForRelativeRedirectUris(AuthorizedClient)
• TenantUrlResolver

refreshTokenTimeoutSeconds

Integer refreshTokenTimeoutSeconds

The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.

relaxRedirectUrisValidation

boolean relaxRedirectUrisValidation

If true, AuthorizedClient.getRedirectUris() will be dynamically modified/expanded at runtime (persisted state does not change) to effectively relax certain validations. If false, AuthorizedClient.getRedirectUris() will be used as-is, resulting in strict comparison semantics.

In most cases, setting this value to true is reasonable and can avoid requests being rejected for frivolous reasons such as trailing slash mismatches. However, in scenarios where AuthorizedClient.getRedirectUris() must be interpreted verbatim as defined, setting to false can ensure exact match semantics apply and any variations are not allowed.

See Also:

• AuthorizedClientService.preProcessAndConvertToRegisteredClient(AuthorizedClient)

requireAuthorizationConsent

boolean requireAuthorizationConsent

Set to true if authorization consent is required when the client requests access. This applies to all interactive flows (ex: authorization_code).

This should typically be set to false for 'first-party' clients (such as the Broadleaf admin application) - this ensures the user is not shown a consent form whenever scopes are requested.

NOTE - at this time, Broadleaf does not have OOB support for consent flows, so only set to true if there is a valid available implementation of OAuth2AuthorizationConsentService that can persist/load/validate OAuth2AuthorizationConsent.

See Also:

• ClientSettings.isRequireAuthorizationConsent()

resetPasswordBaseUri

String resetPasswordBaseUri

The base URI for the reset password form. This is used when generating a reset password link so the user is directed to the right domain hosting the form. If blank, AuthorizedClient.defaultRedirectUri will be used.

This can be different from AuthorizedClient.defaultRedirectUri in cases where the frontend app is on a different domain than Auth and SSO is still being used, i.e., the reset password form is on https://www.my-auth-server.com and the frontend is https://www.my-store.com. In such a case, the defaultRedirectUri would be https://www.my-store.com but resetPasswordBaseUri would be https://www.my-auth-server.com.

resourceIds

Set<String> resourceIds

These are values contributed to the AccessTokenClaimKeys.RegisteredClaims.AUDIENCE_CLAIM set on access tokens issued for this client.

See Also:

• AuthorizationServerProperties.OAuth2.getAdditionalAudiences()
• AuthorizedClient.isAuthoritativeResourceIds()

scopes

Set<String> scopes

The scopes for this client. Empty if the client isn't scoped.

The scopes represent the "upper-bound" of what scopes a client is allowed to request. They will also be used as default scopes if no scopes are requested.

When this client is expected to be the final principal (ex: client credentials flow), these values represent all scopes that can be requested. Typically, the client credentials token request does not include any scopes, and all these scopes are granted.

For flows where a user is the final principal (ex: authorization code flow), these values represent the upper-bound of what can be granted. Token requests typically include a scope that must be declared in this field.

See Also:

• DefaultClientScopeAuthorizationCodeRequestConverter.getClientScopes(OAuth2AuthorizationCodeRequestAuthenticationToken)
• DefaultClientScopeClientCredentialsRequestConverter.getClientScopes(OAuth2ClientCredentialsAuthenticationToken)
• DefaultOAuth2AuthorizationCodeRequestAuthenticationValidator

serverId

String serverId

The ID of the authorization server this authorized client is part of.

tokenTimeoutSeconds

Integer tokenTimeoutSeconds

The period of time, in seconds, that an access token issued will be valid for.

useRedirectUriToGenerateConsumeTokenUrl

boolean useRedirectUriToGenerateConsumeTokenUrl

Controls whether auth uses the ImpersonationRequest.getRedirect_uri() when building the consume-token redirect URL after a successful impersonation request. The consume token endpoint will add a session cookie identifying the user as a CSR so they do not need to log in on the storefront. The alternative is to build a relative URL to redirect to the same domain as the impersonation endpoint.

This is true by default.

The reason to redirect to the consume-token endpoint using the ImpersonationRequest.getRedirect_uri() is to ensure the cookie is set on the same domain as the storefront in cases where the admin and storefront are on separate domains but both can access Auth on their own domains. That is possible when using the standard deployment configuration where all apps and services are deployed behind the Admin and Commerce Gateways.

Suppose that admin and storefront apps are on different domains: admin.mycompany.com and store.mycompany.com, in this case if the impersonate endpoint added the cookie, it would be on admin.mycompany.com and therefore not accessible on store.mycompany.com. To work around this limitation, the system can redirect to store.mycompany.com/auth/consume-token and then add the session token so that it is on the same domain as the storefront.

However, if Auth is accessed through a different domain than the storefront app (e.g., auth.mycompany.com), then this redirect will not be useful. Such a case typically occurs when also using refresh-token-rotation.

Package com.broadleafcommerce.auth.server.provider.jpa.domain

Class com.broadleafcommerce.auth.server.provider.jpa.domain.JpaAuthorizationServer

class JpaAuthorizationServer extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

crossOrigin

boolean crossOrigin

defaultRedirectUri

String defaultRedirectUri

defaultUserPermissions

Set<JpaUserPermission> defaultUserPermissions

defaultUserRoles

Set<JpaUserRole> defaultUserRoles

embeddedLoginEnabled

boolean embeddedLoginEnabled

failedLoginAttemptsAllowed

Integer failedLoginAttemptsAllowed

friendlyName

String friendlyName

id

String id

inactivityTimeoutSeconds

Integer inactivityTimeoutSeconds

lockedUserCanResetPassword

Boolean lockedUserCanResetPassword

lockoutDurationMinutes

Long lockoutDurationMinutes

loginFailDecayMinutes

Long loginFailDecayMinutes

name

String name

requireLoginTimeoutSeconds

Integer requireLoginTimeoutSeconds

resetPasswordUnlocksUser

Boolean resetPasswordUnlocksUser

ssoEnabled

boolean ssoEnabled

templatePath

String templatePath

tenantId

String tenantId

Class com.broadleafcommerce.auth.server.provider.jpa.domain.JpaAuthorizedClient

class JpaAuthorizedClient extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

applicationId

String applicationId

attributes

Map<String,Object> attributes

authCodeTimeoutSeconds

Integer authCodeTimeoutSeconds

authoritativeResourceIds

boolean authoritativeResourceIds

See Also:

• AuthorizedClient.isAuthoritativeResourceIds()

clientAuthenticationMethods

Set<String> clientAuthenticationMethods

See Also:

• AuthorizedClient.getClientAuthenticationMethods()

clientId

String clientId

clientIdIssuedAt

Instant clientIdIssuedAt

See Also:

• AuthorizedClient.getClientIdIssuedAt()

clientSecret

String clientSecret

clientSecretExpiresAt

Instant clientSecretExpiresAt

See Also:

• AuthorizedClient.getClientSecretExpiresAt()

defaultRedirectUri

String defaultRedirectUri

friendlyName

String friendlyName

grantTypes

Set<String> grantTypes

id

String id

isAdmin

boolean isAdmin

permissions

Set<String> permissions

postAuthenticationSuccessRedirectUris

Set<String> postAuthenticationSuccessRedirectUris

See Also:

• AuthorizedClient.getPostAuthenticationSuccessRedirectUris()

postLogoutRedirectUris

Set<String> postLogoutRedirectUris

See Also:

• AuthorizedClient.getPostLogoutRedirectUris()

redirectUris

Set<String> redirectUris

refreshTokenTimeoutSeconds

Integer refreshTokenTimeoutSeconds

relaxRedirectUrisValidation

boolean relaxRedirectUrisValidation

See Also:

• AuthorizedClient.isRelaxRedirectUrisValidation()

requireAuthorizationConsent

boolean requireAuthorizationConsent

See Also:

• AuthorizedClient.isRequireAuthorizationConsent()

requireProofKey

Boolean requireProofKey

resetPasswordBaseUri

String resetPasswordBaseUri

resourceIds

Set<String> resourceIds

scopes

Set<String> scopes

serverId

String serverId

tokenTimeoutSeconds

int tokenTimeoutSeconds

useRedirectUriToGenerateConsumeTokenUrl

boolean useRedirectUriToGenerateConsumeTokenUrl

Package com.broadleafcommerce.auth.server.web.endpoint

Class com.broadleafcommerce.auth.server.web.endpoint.ClientDiscoveryEndpoint.ClientDiscoveryResponse

class ClientDiscoveryResponse extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

The discovered authorized client ID

serverId

String serverId

The discovered authorization server ID

Package com.broadleafcommerce.auth.tenant.provider.jpa.domain

Class com.broadleafcommerce.auth.tenant.provider.jpa.domain.JpaApplication

class JpaApplication extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

customerContextId

String customerContextId

See Also:

• Application.getCustomerContextId()

deactivated

boolean deactivated

See Also:

• Application.isDeactivated()

id

String id

See Also:

• Application.getId()

identifierType

String identifierType

See Also:

• Application.getIdentifierType()

identifierValue

String identifierValue

See Also:

• Application.getIdentifierValue()

isMarketplace

boolean isMarketplace

See Also:

• Application.isMarketplace()

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• Application.lastUpdated

tenantId

String tenantId

Package com.broadleafcommerce.auth.user.api.dto

Class com.broadleafcommerce.auth.user.api.dto.ChangePasswordForm

class ChangePasswordForm extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

currentPassword

String currentPassword

newPassword

String newPassword

newPasswordConfirm

String newPasswordConfirm

Class com.broadleafcommerce.auth.user.api.dto.ResetPasswordForm

class ResetPasswordForm extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

password

String password

token

String token

username

String username

Package com.broadleafcommerce.auth.user.autoconfigure.support.keys

Class com.broadleafcommerce.auth.user.autoconfigure.support.keys.DynamicPropertyPrivateKey

class DynamicPropertyPrivateKey extends AbstractDynamicPropertyKey<RSAPrivateKey> implements Serializable

Serialized Fields

authorizationServerProperties

AuthorizationServerProperties authorizationServerProperties

Class com.broadleafcommerce.auth.user.autoconfigure.support.keys.DynamicPropertyPublicKey

class DynamicPropertyPublicKey extends AbstractDynamicPropertyKey<RSAPublicKey> implements Serializable

Serialized Fields

authorizationServerProperties

AuthorizationServerProperties authorizationServerProperties

Package com.broadleafcommerce.auth.user.domain

Class com.broadleafcommerce.auth.user.domain.AuthenticationEvent

class AuthenticationEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Any additional attributes that a service receiving the request may need

contextInfo

com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo

The ContextInfo derived from the original request containing tenant and sandbox info.

messageType

String messageType

The message type for this event.

See Also:

• AuthenticationMessageType

user

User user

The user that made the request

Class com.broadleafcommerce.auth.user.domain.DefaultOAuth2UserDetails

class DefaultOAuth2UserDetails extends org.springframework.security.core.userdetails.User implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

id

String id

impersonationAllowed

boolean impersonationAllowed

restrictedAuthorities

Map<String,Map<String,Set<String>>> restrictedAuthorities

restrictions

Map<String,Set<String>> restrictions

Package com.broadleafcommerce.auth.user.endpoint

Class com.broadleafcommerce.auth.user.endpoint.ImpersonationRequest

class ImpersonationRequest extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

Id of the AuthorizedClient initiating this request.

impersonate_self

Boolean impersonate_self

Indicates that CSR is not impersonating as a customer but is operating as themselves. This is typically used for things like quote management.

impersonated_client_id

String impersonated_client_id

The id of the AuthorizedClient that the user-to-be-impersonated belongs to.

impersonated_sub

String impersonated_sub

The username of the user to impersonate if any.

redirect_uri

String redirect_uri

Uri to redirect to upon successful request.

Package com.broadleafcommerce.auth.user.exception

Exception com.broadleafcommerce.auth.user.exception.UserNotActiveException

class UserNotActiveException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.listener.domain

Class com.broadleafcommerce.auth.user.listener.domain.AdminPermission

class AdminPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

businessDomainType

String businessDomainType

id

String id

name

String name

tenantId

String tenantId

Class com.broadleafcommerce.auth.user.listener.domain.AdminPermissionRef

class AdminPermissionRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestrictedPermission

class AdminRestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

permission

String permission

The id of the permission that is being restricted.

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestrictedRole

class AdminRestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

role

String role

id of the role that is being restricted.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestriction

class AdminRestriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

Represents the id of the User restriction.

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRole

class AdminRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

businessDomainType

String businessDomainType

id

String id

name

String name

parentRoleId

String parentRoleId

permissions

Set<AdminPermissionRef> permissions

tenantId

String tenantId

Class com.broadleafcommerce.auth.user.listener.domain.AdminRoleRef

class AdminRoleRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

Class com.broadleafcommerce.auth.user.listener.domain.AdminUser

class AdminUser extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

active

boolean active

applicationAccess

boolean applicationAccess

applicationIds

Set<String> applicationIds

businessDomainType

String businessDomainType

changePasswordRequired

boolean changePasswordRequired

email

String email

expired

boolean expired

id

String id

locked

boolean locked

name

String name

permissionIds

Set<String> permissionIds

permissions

Set<AdminPermissionRef> permissions

Deprecated.

restrictedPermissions

Set<AdminRestrictedPermission> restrictedPermissions

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictedRoles

Set<AdminRestrictedRole> restrictedRoles

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictions

Set<AdminRestriction> restrictions

The data restrictions that control the data this user is permitted to access.

roleIds

Set<String> roleIds

roles

Set<AdminRoleRef> roles

Deprecated.

tenantAccess

boolean tenantAccess

tenantId

String tenantId

username

String username

Package com.broadleafcommerce.auth.user.messaging

Class com.broadleafcommerce.auth.user.messaging.CartApprovalRequestEvent

class CartApprovalRequestEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountId

String accountId

ID of the account the submitter belongs to.

approvers

List<CartApprovalRequestEvent.ApproverRef> approvers

attributes

Map<String,Object> attributes

Map holding any additional attributes passed in the request not matching any defined properties.

contextInfo

com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo

The ContextInfo containing tenant and sandbox info.

Class com.broadleafcommerce.auth.user.messaging.CartApprovalRequestEvent.ApproverRef

class ApproverRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

additionalAttributes

Map<String,Object> additionalAttributes

Any additional attributes to include.

emailAddress

String emailAddress

The user's email.

fullName

String fullName

The user's full name.

id

String id

The user's id.

Class com.broadleafcommerce.auth.user.messaging.UserCreationEvent

class UserCreationEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Additional custom information that was provided as part of the user registration process.

Client implementations may choose to populate and utilize this field for custom behavior.

See Also:

• UserRegistration.attributes

preview

boolean preview

Indicates whether the user was created from a preview context.

user

User user

Package com.broadleafcommerce.auth.user.provider.jpa.domain

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaCustomerAccount

class JpaCustomerAccount extends Object implements Serializable

Serialized Fields

active

boolean active

id

String id

parentAccountId

String parentAccountId

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaPasswordToken

class JpaPasswordToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

dateUsed

Instant dateUsed

id

String id

purpose

String purpose

token

String token

used

boolean used

userId

String userId

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUser

class JpaUser extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRoles

List<JpaAccountRoleXref> accountRoles

See Also:

• User.getAccountRoles()

active

boolean active

See Also:

• User.isActive()

applicationAccess

boolean applicationAccess

See Also:

• User.isApplicationAccess()

applicationIds

Set<String> applicationIds

See Also:

• User.getApplicationIds()

archived

boolean archived

See Also:

• User.isArchived()

attributes

Map<String,Object> attributes

See Also:

• User.getAttributes()

changePasswordRequired

boolean changePasswordRequired

See Also:

• User.isChangePasswordRequired()

customerContextId

String customerContextId

See Also:

• User.getCustomerContextId()

defaultAccountId

String defaultAccountId

email

String email

See Also:

• User.getEmail()

expired

boolean expired

See Also:

• User.isExpired()

externalId

String externalId

See Also:

• User.getExternalId()

firstName

String firstName

See Also:

• User.getFirstName()

fullName

String fullName

See Also:

• User.getFullName()

id

String id

impersonationAllowed

boolean impersonationAllowed

See Also:

• User.isImpersonationAllowed()

lastName

String lastName

See Also:

• User.getLastName()

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• User.getLastUpdated()

locked

boolean locked

See Also:

• User.isLocked()

lockedTime

Instant lockedTime

See Also:

• User.getLockedTime()

middleName

String middleName

See Also:

• User.getMiddleName()

password

String password

See Also:

• User.getPassword()

passwordHistory

List<JpaUserHistoricalPassword> passwordHistory

See Also:

• User.getPasswordHistory()

passwordLastUpdated

Instant passwordLastUpdated

See Also:

• User.getPasswordLastUpdated()

permissions

Set<JpaUserPermission> permissions

See Also:

• User.getPermissions()

restrictedPermissions

Set<JpaUserRestrictedPermission> restrictedPermissions

See Also:

• User.getRestrictedPermissions()

restrictedRoles

Set<JpaUserRestrictedRole> restrictedRoles

See Also:

• User.getRestrictedRoles()

restrictions

Set<JpaUserRestriction> restrictions

See Also:

• User.getRestrictions()

roles

Set<JpaUserRole> roles

See Also:

• User.getRoles()

serverId

String serverId

See Also:

• User.getServerId()

serviceId

String serviceId

See Also:

• User.getServiceId()

tenantAccess

boolean tenantAccess

See Also:

• User.isTenantAccess()

tenantId

String tenantId

See Also:

• User.getTenantId()

type

String type

See Also:

• User.getType()

username

String username

See Also:

• User.getUsername()

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserHistoricalPassword

class JpaUserHistoricalPassword extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

The date when the password was created.

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserLoginAttempt

class JpaUserLoginAttempt extends Object implements Serializable

Serialized Fields

attemptTime

Instant attemptTime

authServerId

String authServerId

considered

boolean considered

id

String id

loginAttemptResult

String loginAttemptResult

userId

String userId

username

String username

The username used in the login attempt. Required.

Package com.broadleafcommerce.auth.user.service.password

Exception com.broadleafcommerce.auth.user.service.password.AccountLockedException

class AccountLockedException extends Exception implements Serializable

Exception com.broadleafcommerce.auth.user.service.password.ResetPasswordException

class ResetPasswordException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.session

Class com.broadleafcommerce.auth.user.session.BasicSavedRequest

class BasicSavedRequest extends Object implements Serializable

Serialized Fields

redirectUrl

String redirectUrl

Class com.broadleafcommerce.auth.user.session.DefaultOAuth2SessionToken

class DefaultOAuth2SessionToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

claims

Map<String,Object> claims

value

String value

Class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationToken

class FormLoginAuthenticationToken extends org.springframework.security.authentication.UsernamePasswordAuthenticationToken implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

Class com.broadleafcommerce.auth.user.session.OAuth2SessionAuthenticationToken

class OAuth2SessionAuthenticationToken extends org.springframework.security.authentication.AbstractAuthenticationToken implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

The OAuth2 client ID.

principal

Object principal

The OAuth2 principal.

token

OAuth2SessionToken token

The JWT token from the BLSID-[client_id] session cookie.

Package com.broadleafcommerce.auth.user.web.endpoint

Class com.broadleafcommerce.auth.user.web.endpoint.EmbeddedAuthenticationController.PasswordResetEmailRequest

class PasswordResetEmailRequest extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

username

String username

Username of the user trying to reset their password.

Package com.broadleafcommerce.auth.user.web.endpoint.exception

Exception com.broadleafcommerce.auth.user.web.endpoint.exception.ClientValidationException

class ClientValidationException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.web.endpoint.model

Class com.broadleafcommerce.auth.user.web.endpoint.model.OAuth2IdentityProvider

class OAuth2IdentityProvider extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

icon

String icon

The path to a static resource that represents an icon to display on the action component for this IDP.

id

String id

The registration ID of the of the IDP.

name

String name

The name of the IDP. This will be displayed to the user.

url

String url

The action URL to take the user to the authentication page for this IDP.