Serialized Form

Package com.broadleafcommerce.auth.authorization.provider.jpa.domain

Class com.broadleafcommerce.auth.authorization.provider.jpa.domain.JpaOAuth2Authorization

class JpaOAuth2Authorization extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessTokenExpiresAt

Long accessTokenExpiresAt

accessTokenIssuedAt

Long accessTokenIssuedAt

accessTokenMetadata

String accessTokenMetadata

accessTokenScopes

String accessTokenScopes

accessTokenType

String accessTokenType

accessTokenValue

String accessTokenValue

See Also:

• JpaOAuth2Authorization.getAccessTokenValueHash()

accessTokenValueHash

String accessTokenValueHash

The column length of JpaOAuth2Authorization.getAccessTokenValue() forces it to be a non-queryable, non-indexable Lob on certain database providers.

This column should contain some hashed representation of the JpaOAuth2Authorization.getAccessTokenValue() (if present). The main idea is for indexing and queries to be run against this smaller hash rather than the raw value directly.

Note - the hashing algorithm must be strongly collision resistant to minimize the chances of multiple values sharing the same hash. Furthermore, even with a strong hashing algorithm, all queries must account for the fact that collisions are inevitable and should not assume that a query for a particular hash will only ever return a single result. Queries should examine the result list, and if more than one result is returned for the same hash, perform direct in-memory comparison of JpaOAuth2Authorization.getAccessTokenValue() to drop unexpected results.

See Also:

• JpaOAuth2AuthorizationHashValueProvider

attributes

String attributes

authorizationCodeExpiresAt

Long authorizationCodeExpiresAt

authorizationCodeIssuedAt

Long authorizationCodeIssuedAt

authorizationCodeMetadata

String authorizationCodeMetadata

authorizationCodeValue

String authorizationCodeValue

authorizationGrantType

String authorizationGrantType

authorizedScopes

String authorizedScopes

deviceCodeExpiresAt

Long deviceCodeExpiresAt

deviceCodeIssuedAt

Long deviceCodeIssuedAt

deviceCodeMetadata

String deviceCodeMetadata

deviceCodeValue

String deviceCodeValue

id

String id

oicdIdTokenExpiresAt

Long oicdIdTokenExpiresAt

oid

String oid

oidcIdTokenIssuedAt

Long oidcIdTokenIssuedAt

oidcIdTokenMetadata

String oidcIdTokenMetadata

oidcIdTokenValue

String oidcIdTokenValue

See Also:

• JpaOAuth2Authorization.getOidcIdTokenValueHash()

oidcIdTokenValueHash

String oidcIdTokenValueHash

The column length of JpaOAuth2Authorization.getOidcIdTokenValue() forces it to be a non-queryable, non-indexable Lob on certain database providers.

This column should contain some hashed representation of the JpaOAuth2Authorization.getOidcIdTokenValue() (if present). The main idea is for indexing and queries to be run against this smaller hash rather than the raw value directly.

Note - the hashing algorithm must be strongly collision resistant to minimize the chances of multiple values sharing the same hash. Furthermore, even with a strong hashing algorithm, all queries must account for the fact that collisions are inevitable and should not assume that a query for a particular hash will only ever return a single result. Queries should examine the result list, and if more than one result is returned for the same hash, perform direct in-memory comparison of JpaOAuth2Authorization.getOidcIdTokenValue() to drop unexpected results.

See Also:

• JpaOAuth2AuthorizationHashValueProvider

principalName

String principalName

refreshTokenExpiresAt

Long refreshTokenExpiresAt

refreshTokenIssuedAt

Long refreshTokenIssuedAt

refreshTokenMetadata

String refreshTokenMetadata

refreshTokenValue

String refreshTokenValue

registeredClientId

String registeredClientId

state

String state

userCodeExpiresAt

Long userCodeExpiresAt

userCodeIssuedAt

Long userCodeIssuedAt

userCodeMetadata

String userCodeMetadata

userCodeValue

String userCodeValue

Package com.broadleafcommerce.auth.authorization.security.embedded.code

Class com.broadleafcommerce.auth.authorization.security.embedded.code.EmbeddedLoginCodeAuthenticationToken

class EmbeddedLoginCodeAuthenticationToken extends org.springframework.security.authentication.AbstractAuthenticationToken implements Serializable

Serialized Fields

additionalParameters

Map<String,Object> additionalParameters

clientId

String clientId

code

String code

purpose

String purpose

requestedScopes

Set<String> requestedScopes

userDetails

OAuth2UserDetails userDetails

username

String username

Package com.broadleafcommerce.auth.authorization.security.embedded.exception

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedLoginNotAllowedException

class EmbeddedLoginNotAllowedException extends org.springframework.security.core.AuthenticationException implements Serializable

Serialized Fields

authServerId

String authServerId

ID of the AuthorizationServer that received the request.

clientId

String clientId

ID of the AuthorizedClient that received the request.

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedLoginOTPResponseException

class EmbeddedLoginOTPResponseException extends org.springframework.security.core.AuthenticationException implements Serializable

Exception com.broadleafcommerce.auth.authorization.security.embedded.exception.EmbeddedRegistrationNotAllowedException

class EmbeddedRegistrationNotAllowedException extends RuntimeException implements Serializable

Serialized Fields

authServerId

String authServerId

ID of the AuthorizationServer that received the request.

clientId

String clientId

ID of the AuthorizedClient that received the request.

Package com.broadleafcommerce.auth.authorization.security.embedded.login

Class com.broadleafcommerce.auth.authorization.security.embedded.login.EmbeddedLoginAuthenticationToken

class EmbeddedLoginAuthenticationToken extends FormLoginAuthenticationToken implements Serializable

serialVersionUID:

1L

Package com.broadleafcommerce.auth.authorization.security.rememberme.provider.jpa.domain

Class com.broadleafcommerce.auth.authorization.security.rememberme.provider.jpa.domain.JpaPersistentRememberMeToken

class JpaPersistentRememberMeToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

lastUsed

Instant lastUsed

See Also:

• PersistentRememberMeToken.getDate()

series

String series

See Also:

• PersistentRememberMeToken.getSeries()

token

String token

See Also:

• PersistentRememberMeToken.getTokenValue()

username

String username

See Also:

• PersistentRememberMeToken.getUsername()

Package com.broadleafcommerce.auth.authorization.service

Class com.broadleafcommerce.auth.authorization.service.CleanupSweepEvent

class CleanupSweepEvent extends org.springframework.context.ApplicationEvent implements Serializable

Serialized Fields

recordsProcessed

int recordsProcessed

recordsUpdated

int recordsUpdated

Package com.broadleafcommerce.auth.client.domain

Class com.broadleafcommerce.auth.client.domain.OAuth2AuthorizedClientEntity

class OAuth2AuthorizedClientEntity extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessTokenExpiresAt

Instant accessTokenExpiresAt

See Also:

• OAuth2AuthorizedClient.getAccessToken()

accessTokenIssuedAt

Instant accessTokenIssuedAt

See Also:

• OAuth2AuthorizedClient.getAccessToken()

accessTokenScopes

Set<String> accessTokenScopes

See Also:

• OAuth2AuthorizedClient.getAccessToken()

accessTokenType

String accessTokenType

See Also:

• OAuth2AuthorizedClient.getAccessToken()

accessTokenValue

String accessTokenValue

See Also:

• OAuth2AuthorizedClient.getAccessToken()

clientRegistrationId

String clientRegistrationId

See Also:

• OAuth2AuthorizedClient.getClientRegistration()

principalName

String principalName

See Also:

• OAuth2AuthorizedClient.getPrincipalName()

refreshTokenExpiresAt

Instant refreshTokenExpiresAt

See Also:

• OAuth2AuthorizedClient.getRefreshToken()

refreshTokenIssuedAt

Instant refreshTokenIssuedAt

See Also:

• OAuth2AuthorizedClient.getRefreshToken()

refreshTokenValue

String refreshTokenValue

See Also:

• OAuth2AuthorizedClient.getRefreshToken()

tenantId

String tenantId

See Also:

• TenantAwareOAuth2AuthorizedClient.getTenantId()

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationProviderDetails

class OAuthClientRegistrationProviderDetails extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationUri

String authorizationUri

See Also:

• ClientRegistration.ProviderDetails.getAuthorizationUri()

configurationMetadata

Map<String,Object> configurationMetadata

See Also:

• ClientRegistration.ProviderDetails.getConfigurationMetadata()

issuerUri

String issuerUri

URI that can either be an OpenID Connect discovery endpoint or an OAuth 2.0 Authorization Server Metadata endpoint defined by RFC 8414.

This is used to gather the provider details which would otherwise be unknown since some providers only provide this to integrators.

jwkSetUri

String jwkSetUri

See Also:

• ClientRegistration.ProviderDetails.getJwkSetUri()

registrationId

String registrationId

The ID of the registered provider. Should match OAuthClientRegistrationWrapper.getRegistrationId().

tokenUri

String tokenUri

See Also:

• ClientRegistration.ProviderDetails.getTokenUri()

userInfoEndpoint

OAuthClientRegistrationProviderDetails.UserInfoEndpoint userInfoEndpoint

See Also:

• ClientRegistration.ProviderDetails.getUserInfoEndpoint()

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationProviderDetails.UserInfoEndpoint

class UserInfoEndpoint extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authenticationMethod

String authenticationMethod

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getAuthenticationMethod()

uri

String uri

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getUri()

userNameAttributeName

String userNameAttributeName

See Also:

• ClientRegistration.ProviderDetails.UserInfoEndpoint.getUserNameAttributeName()

Class com.broadleafcommerce.auth.client.domain.OAuthClientRegistrationWrapper

class OAuthClientRegistrationWrapper extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationGrantType

String authorizationGrantType

See Also:

• ClientRegistration.getAuthorizationGrantType()

clientAuthenticationMethod

String clientAuthenticationMethod

See Also:

• ClientRegistration.getClientAuthenticationMethod()

clientId

String clientId

See Also:

• ClientRegistration.getClientId()

clientName

String clientName

See Also:

• ClientRegistration.getClientName()

clientSecret

String clientSecret

See Also:

• ClientRegistration.getClientSecret()

id

String id

The system ID of the registration

providerDetails

OAuthClientRegistrationProviderDetails providerDetails

See Also:

• ClientRegistration.getProviderDetails()
• OAuthClientRegistrationProviderDetails

redirectUriTemplate

String redirectUriTemplate

See Also:

• ClientRegistration.getRedirectUri()

registrationId

String registrationId

See Also:

• ClientRegistration.getRegistrationId()

scopes

Set<String> scopes

See Also:

• ClientRegistration.getScopes()

tenantId

String tenantId

The ID of the Tenant this registration belongs to. Different tenants can have different credentials for the same client provider (e.g. Facebook, Google).

Class com.broadleafcommerce.auth.client.domain.TenantAwareOAuth2AuthorizedClient

class TenantAwareOAuth2AuthorizedClient extends org.springframework.security.oauth2.client.OAuth2AuthorizedClient implements Serializable

serialVersionUID:

1L

Serialized Fields

tenantId

String tenantId

The tenant ID this client is for. This should match the OAuthClientRegistrationWrapper.getTenantId() from the client registration.

Package com.broadleafcommerce.auth.client.provider.authentication

Class com.broadleafcommerce.auth.client.provider.authentication.BroadleafOAuthClientAuthenticationDetails

class BroadleafOAuthClientAuthenticationDetails extends Object implements Serializable

Serialized Fields

clientId

String clientId

Package com.broadleafcommerce.auth.client.provider.jpa.domain

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuth2AuthorizedClientEntity

class JpaOAuth2AuthorizedClientEntity extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accessTokenExpiresAt

Instant accessTokenExpiresAt

See Also:

• OAuth2AuthorizedClientEntity.getAccessTokenExpiresAt()

accessTokenIssuedAt

Instant accessTokenIssuedAt

See Also:

• OAuth2AuthorizedClientEntity.getAccessTokenIssuedAt()

accessTokenScopes

Set<String> accessTokenScopes

See Also:

• OAuth2AuthorizedClientEntity.getAccessTokenScopes()

accessTokenType

String accessTokenType

See Also:

• OAuth2AuthorizedClientEntity.getAccessTokenType()

accessTokenValue

String accessTokenValue

See Also:

• OAuth2AuthorizedClientEntity.getAccessTokenValue()

clientRegistrationId

String clientRegistrationId

See Also:

• OAuth2AuthorizedClientEntity.getClientRegistrationId()

principalName

String principalName

See Also:

• OAuth2AuthorizedClientEntity.getPrincipalName()

refreshTokenExpiresAt

Instant refreshTokenExpiresAt

See Also:

• OAuth2AuthorizedClientEntity.getRefreshTokenExpiresAt()

refreshTokenIssuedAt

Instant refreshTokenIssuedAt

See Also:

• OAuth2AuthorizedClientEntity.getRefreshTokenIssuedAt()

refreshTokenValue

String refreshTokenValue

See Also:

• OAuth2AuthorizedClientEntity.getRefreshTokenValue()

tenantId

String tenantId

See Also:

• OAuth2AuthorizedClientEntity.getTenantId()

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuth2AuthorizedClientEntityId

class JpaOAuth2AuthorizedClientEntityId extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

clientRegistrationId

String clientRegistrationId

See Also:

• JpaOAuth2AuthorizedClientEntity.getClientRegistrationId()

principalName

String principalName

See Also:

• JpaOAuth2AuthorizedClientEntity.getPrincipalName()

tenantId

String tenantId

See Also:

• JpaOAuth2AuthorizedClientEntity.getTenantId()

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuthClientProviderDetails

class JpaOAuthClientProviderDetails extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationUri

String authorizationUri

configurationMetadata

Map<String,Object> configurationMetadata

id

String id

jwkSetUri

String jwkSetUri

registrationId

String registrationId

tokenUri

String tokenUri

userInfoAuthenticationMethod

String userInfoAuthenticationMethod

userInfoUri

String userInfoUri

userInfoUserNameAttributeName

String userInfoUserNameAttributeName

Class com.broadleafcommerce.auth.client.provider.jpa.domain.JpaOAuthClientRegistration

class JpaOAuthClientRegistration extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

authorizationGrantType

String authorizationGrantType

clientAuthenticationMethod

String clientAuthenticationMethod

clientId

String clientId

clientName

String clientName

clientSecret

String clientSecret

id

String id

providerDetails

JpaOAuthClientProviderDetails providerDetails

redirectUriTemplate

String redirectUriTemplate

registrationId

String registrationId

scopes

Set<String> scopes

tenantId

String tenantId

Package com.broadleafcommerce.auth.client.web.authentication.session.exception

Exception com.broadleafcommerce.auth.client.web.authentication.session.exception.MissingOAuth2AuthenticationAttributeException

class MissingOAuth2AuthenticationAttributeException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.passcode.service

Exception com.broadleafcommerce.auth.passcode.service.PasscodeNotConsumedException

class PasscodeNotConsumedException extends Exception implements Serializable

Package com.broadleafcommerce.auth.repository.provider.hibernate.generation

Class com.broadleafcommerce.auth.repository.provider.hibernate.generation.ULIDGenerationStrategy

class ULIDGenerationStrategy extends Object implements Serializable

Package com.broadleafcommerce.auth.resource.domain

Class com.broadleafcommerce.auth.resource.domain.AccountRole

class AccountRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountId

String accountId

active

boolean active

id

String id

roleRef

UserRoleRef roleRef

userId

String userId

Class com.broadleafcommerce.auth.resource.domain.ApplicationRef

class ApplicationRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

applicationId

String applicationId

Class com.broadleafcommerce.auth.resource.domain.CustomerAccount

class CustomerAccount extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

active

boolean active

id

String id

parentAccountId

String parentAccountId

Class com.broadleafcommerce.auth.resource.domain.ExternalRoleMapping

class ExternalRoleMapping extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

archived

boolean archived

Indicate if this entity archived.

description

String description

Optional. A description of this external role mapping.

externalRoleIdentifier

String externalRoleIdentifier

The external role identifier. This may be a name, id, or any identifier that uniquely describes the role.

id

String id

name

String name

The name of this external role mapping.

roleId

String roleId

The ID of the role this external role maps to.

Class com.broadleafcommerce.auth.resource.domain.RestrictedPermission

class RestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

permission

UserPermissionRef permission

Represents the permission that is being restricted.

restriction

Restriction restriction

Represents the restriction on this permission.

Class com.broadleafcommerce.auth.resource.domain.RestrictedRole

class RestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

restriction

Restriction restriction

Represents the restriction on this role.

role

UserRoleRef role

Represents the role that is being restricted.

Class com.broadleafcommerce.auth.resource.domain.Restriction

class Restriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

targets

Set<String> targets

Represents the targets of the restriction.

type

String type

Represents the type of the restriction.

Class com.broadleafcommerce.auth.resource.domain.User

class User extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRoles

List<AccountRole> accountRoles

Roles this user has under specific Account contexts.

active

boolean active

A flag indicating whether the user account is enabled. If false, they will not be able to log in.

This flag should be used if a user needs to be enabled/disabled for administrative reasons.

applicationAccess

boolean applicationAccess

Indicates whether this user has access at the application level or not.

This field only applies to UserType.ADMIN users. UserType.CUSTOMER will always have application level access regardless of this value.

applicationIds

Set<String> applicationIds

This field only applies to UserType.ADMIN users.

The ids of applications this user is a member of. If this is non-empty, this user is restricted to these applications.

archived

boolean archived

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

attributes

Map<String,Object> attributes

Arbitrary attributes associated with this user. May include custom claims, customer segment ids, or any other attributes that are not first class user fields.

changePasswordRequired

boolean changePasswordRequired

A flag indicating whether the admin user account requires a password reset. If true, they will not be able to log in until they reset their password.

customerContextId

String customerContextId

This field only applies to UserType.CUSTOMER users.

The id of the customer context this user is a member of. If this is set, this user is restricted to this customer context.

defaultAccountId

String defaultAccountId

The default account for the customer. If set, the customer will automatically have this account selected on login.

defaultApplicationId

String defaultApplicationId

This field only applies to UserType.ADMIN users.

The application that user will have as a pre-selected on sign in. In the case a user has applications assigned User.applicationIds list, default application should be in that list, otherwise this setting will be ignored.

email

String email

The user's email address.

expired

boolean expired

A flag indicating whether the admin user account is expired. If false, they will not be able to log in.

This flag can be used to declare an account as expired and unusable, but currently there is no logic for that. It will always be false.

externalId

String externalId

Intended to hold any unique identifier for this user as known by an external (non-BLC) system. For example, many implementations may integrate or import/export data from other systems that manage their own unique identifiers.

firstName

String firstName

The first name of the user, if the fullName is not being used for the user.

fullName

String fullName

The full name of the user, if the component parts firstName, middleName, and lastName are not being used to comprise the full name.

id

String id

impersonationAllowed

boolean impersonationAllowed

A flag indicated whether or not this user is allowed to be impersonated.

lastName

String lastName

The last name of the user, if the fullName is not being used for the user.

lastUpdated

Instant lastUpdated

Indicates when this record was last updated.

locked

boolean locked

A flag indicating whether the admin user account is locked. If false, they will not be able to log in and a LockedException will be thrown on a login attempt.

This flag is used to limit invalid login attempt.

lockedTime

Instant lockedTime

If this user is locked out, the time that the user was locked.

middleName

String middleName

The middle name of the user, if the fullName is not being used for the user.

passwordLastUpdated

Instant passwordLastUpdated

The time the password was last updated. Used to enforce rules around how long a password may remain unchanged before forcing the user to make a new one.

permissions

Set<UserPermissionRef> permissions

The permissions that this user is directly assigned (in addition to permissions granted through User.roles).

restrictedPermissions

Set<RestrictedPermission> restrictedPermissions

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictedRoles

Set<RestrictedRole> restrictedRoles

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictions

Set<Restriction> restrictions

The data restrictions that control the data this user is permitted to access.

roles

Set<UserRoleRef> roles

The roles that this user is assigned. The user is granted all permissions that each of these roles are directly assigned or inherit from their ancestors.

serverId

String serverId

The ID of the authorization server that this user is a member of.

serviceId

String serviceId

If this user was synchronized from a BLC service (ex: the admin user service or the customer service), this field will be the ID value used by that service for this user.

If this value is set, there should also be a value set for User.type.

There is a requirement that only if both values are non-null, a combination of this field and User.type will be unique across all records. There is no uniqueness guarantee for records which have a null service ID or null User.type.

See Also:

• User.type

tenantAccess

boolean tenantAccess

Indicates whether this user has access at the tenant level or not.

This field only applies to UserType.ADMIN users.

tenantId

String tenantId

The id of the tenant this user is associated with.

type

String type

Represents the type of user this is. This value must be supplied if User.serviceId is set.

See Also:

• UserType
• User.serviceId

username

String username

What this user uses to actually log in. May be the same as User.email, but that is not required.

The username is case insensitive, so it will always be stored lowercase.

Class com.broadleafcommerce.auth.resource.domain.UserFieldMapping

class UserFieldMapping extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributeName

String attributeName

The attribute name where this field's value should be stored in User.getAttributes().

contextState

com.broadleafcommerce.data.tracking.core.filtering.business.domain.ContextState contextState

A subset of Tracking information to expose the context state for this object.

id

String id

includeAsTokenClaim

boolean includeAsTokenClaim

Whether to also include the attribute as a claim on the token. UserFieldMapping.attributeName will be converted to snake case (phoneNumber -> phone_number) if it is not already when added as a claim.

Note, this will only work if the value is a String, other objects cannot be used as claims.

targetKey

String targetKey

The target key corresponding to the augmentation used to produce this user field mapping.

tenantId

String tenantId

The ID of the tenant to which this user field mapping belongs. This should be unique when combined with UserFieldMapping.attributeName

valuePath

String valuePath

The JsonPath on the Customer or AdminUser to retrieve the value(s) which should be stored in that attribute.

Class com.broadleafcommerce.auth.resource.domain.UserHistoricalPassword

class UserHistoricalPassword extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

The date when the password was created.

Class com.broadleafcommerce.auth.resource.domain.UserOperation

class UserOperation extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

operationTypes

Set<PermissionType> operationTypes

The set of operation types that are allowed for the scope.

scope

String scope

The scope of the user operation.

Class com.broadleafcommerce.auth.resource.domain.UserOperationInformation

class UserOperationInformation extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

content

List<UserOperation> content

Class com.broadleafcommerce.auth.resource.domain.UserPermission

class UserPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountPermission

boolean accountPermission

Indicates whether this permission is an account type permission. Account users are always customers, so these permissions are only assignable to account roles. Account permissions are the only permissions that may be assigned to an account role.

archived

boolean archived

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

id

String id

lastUpdated

Instant lastUpdated

Indicates when this record was last updated.

name

String name

The name for this permission. This is not guaranteed to be unique.

userAssignable

boolean userAssignable

In the large majority of cases, this should be set to true. If true, this permission is user assignable. If false, users may not be assigned this permission. This value is useful in the scenario that certain functions may require an API to be exposed, but not be directly invoked by a user. For example, system-to-system calls may need to be invoked for a specific process, but those calls should never be directly invoked by a user.

Attempts to assign a non user-assignable permission to a user will result in an error. In addition, non user-assignable permissions may not be assigned to a role.

Class com.broadleafcommerce.auth.resource.domain.UserPermissionRef

class UserPermissionRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

Class com.broadleafcommerce.auth.resource.domain.UserRole

class UserRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRole

boolean accountRole

Indicates whether this role is an account type role. Account roles are roles that may be assigned to account users. Account users are always customers, so these roles are not assignable to admins, whereas non-account roles have no such limitation. In addition, the only permissions that are allowed to be assigned to these roles are account permissions.

archived

boolean archived

This entity is soft-deleted instead of hard-deleted, and this field is set to true when the entity is soft-deleted.

description

String description

The description of this role for display purposes. Optional, but recommended for account roles.

friendlyName

String friendlyName

The friendly name of this role for display purposes. Required for account roles.

id

String id

lastUpdated

Instant lastUpdated

Indicates when this record was last updated.

name

String name

The name for this role. This has no purpose other than labeling, and is not guaranteed to be unique.

parentRoleId

String parentRoleId

The id of the parent of this role (if any).

This role will effectively inherit all of the UserRole.permissions of its parent and any ancestors further up in the hierarchy.

In standard CRUD operations, there is validation in place to prevent cycles from being created in a role's ancestry (role cannot become a parent of itself). However, as roles may be modified by persistence messages, there may temporarily be broken references or cycles in this hierarchy. To guard against trouble when fetching a role's ancestry, use UserRoleAncestryHydrationService.

See Also:

• UserRoleValidator
• UserRoleAncestryHydrationService
• AdminRolePersistenceHandler

permissions

Set<UserPermissionRef> permissions

The permissions that this role has been directly assigned. The role inherits other permissions from its ancestors as described for UserRole.parentRoleId.

Class com.broadleafcommerce.auth.resource.domain.UserRoleRef

class UserRoleRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

thirdPartyAssigned

boolean thirdPartyAssigned

Package com.broadleafcommerce.auth.resource.web.endpoint.exception

Exception com.broadleafcommerce.auth.resource.web.endpoint.exception.InvalidApplicationContextException

class InvalidApplicationContextException extends Exception implements Serializable

Exception com.broadleafcommerce.auth.resource.web.endpoint.exception.InvalidApplicationIdException

class InvalidApplicationIdException extends Exception implements Serializable

Package com.broadleafcommerce.auth.security.domain

Class com.broadleafcommerce.auth.security.domain.JpaAccountRoleXref

class JpaAccountRoleXref extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountId

String accountId

active

boolean active

id

String id

role

JpaUserRole role

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaExternalRoleMapping

class JpaExternalRoleMapping extends Object implements Serializable

Serialized Fields

archived

boolean archived

description

String description

externalRoleIdentifier

String externalRoleIdentifier

id

String id

name

String name

roleId

String roleId

Class com.broadleafcommerce.auth.security.domain.JpaUserFieldMapping

class JpaUserFieldMapping extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributeName

String attributeName

id

String id

includeAsTokenClaim

boolean includeAsTokenClaim

targetKey

String targetKey

tenantId

String tenantId

valuePath

String valuePath

Class com.broadleafcommerce.auth.security.domain.JpaUserPermission

class JpaUserPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountPermission

boolean accountPermission

archived

boolean archived

See Also:

• UserPermission.archived

id

String id

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• UserPermission.lastUpdated

name

String name

userAssignable

boolean userAssignable

Class com.broadleafcommerce.auth.security.domain.JpaUserRestrictedPermission

class JpaUserRestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

permission

JpaUserPermission permission

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRestrictedRole

class JpaUserRestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

role

JpaUserRole role

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRestriction

class JpaUserRestriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

restrictionTargets

Set<String> restrictionTargets

restrictionType

String restrictionType

user

JpaUser user

Class com.broadleafcommerce.auth.security.domain.JpaUserRole

class JpaUserRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRole

boolean accountRole

archived

boolean archived

See Also:

• UserRole.archived

description

String description

friendlyName

String friendlyName

id

String id

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• UserRole.lastUpdated

name

String name

parentRoleId

String parentRoleId

A soft reference to the parent of this role.

See Also:

• UserRole.parentRoleId

permissions

Set<JpaUserPermission> permissions

Class com.broadleafcommerce.auth.security.domain.PermissionScope

class PermissionScope extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

permission

String permission

The permission or base root of a permission which can expand to a CRUD operation.

Note that if a permission name starts with a PermissionType prefix, it must be declared as a permission root by setting PermissionScope.permissionRoot to true.

See Also:

• PermissionType
• PermissionScope.permissionRoot

permissionRoot

boolean permissionRoot

Is this the root of a permission? If this is false this is a direct mapping between a permission and a scope. In other words, the usual CREATE_, READ_, UPDATE_, DELETE_, ALL_ prefixes do not apply to this scope/permission relationship.

scope

SecurityScope scope

Class com.broadleafcommerce.auth.security.domain.SecurityScope

class SecurityScope extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

open

boolean open

Whether all users should have this scope assigned to them, regardless of what their underlying permissions are.

Package com.broadleafcommerce.auth.security.service.exception

Exception com.broadleafcommerce.auth.security.service.exception.InvalidUserRoleDeleteException

class InvalidUserRoleDeleteException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.security.service.hydration

Class com.broadleafcommerce.auth.security.service.hydration.UserRoleAncestryHydrationResponse

class UserRoleAncestryHydrationResponse extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

errorMessage

String errorMessage

If the operation was not UserRoleAncestryHydrationResponse.successful, this will contain an error message describing why.

roleAndAncestors

List<UserRole> roleAndAncestors

If the operation was UserRoleAncestryHydrationResponse.successful, this will contain the role itself along with all of its ancestors. This will be sorted starting with the role itself, followed by its direct parent and so on with the last element being the root-level ancestor.

successful

boolean successful

Reports whether the hydration of the ancestry was successful.

Package com.broadleafcommerce.auth.server.domain

Class com.broadleafcommerce.auth.server.domain.AuthorizationServer

class AuthorizationServer extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Additional attributes associated with this authorization server.

changePasswordFailDecayMinutes

Long changePasswordFailDecayMinutes

How long, in minutes, it takes for failed change password attempts to "decay". Failed change password attempts that have decayed will not be taken into account when determining if a user should be locked out. Null indicates attempts never decay.

crossOrigin

boolean crossOrigin

Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false.

defaultRedirectUri

String defaultRedirectUri

The default redirect URI to use if a user accesses a login page without a valid redirect cookie

defaultUserPermissions

Set<UserPermissionRef> defaultUserPermissions

The default permissions a user is assigned when authenticating against this server.

defaultUserRoles

Set<UserRoleRef> defaultUserRoles

The default roles a user is assigned when authenticating against this server.

embeddedLoginEnabled

boolean embeddedLoginEnabled

Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.

failedChangePasswordAttemptsAllowed

Integer failedChangePasswordAttemptsAllowed

How many failed change password attempts are allowed before a user is locked out. Zero or null indicates unlimited change password attempts.

failedLoginAttemptsAllowed

Integer failedLoginAttemptsAllowed

How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts.

failedResetPasswordAttemptsAllowed

Integer failedResetPasswordAttemptsAllowed

How many failed reset password attempts are allowed before a user is locked out. Zero or null indicates unlimited reset password attempts.

friendlyName

String friendlyName

The friendly name of this authorization server. Intended for display purposes.

id

String id

The primary ID of this server

inactivityTimeoutSeconds

Integer inactivityTimeoutSeconds

The period of time, in seconds, that the user's session will timeout if no action is taken.

lockedUserCanResetPassword

String lockedUserCanResetPassword

Can a locked user initiate a password reset? See User.isLocked()

lockoutDurationMinutes

Long lockoutDurationMinutes

The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration.

loginFailDecayMinutes

Long loginFailDecayMinutes

How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a user should be locked out. Null indicates attempts never decay.

name

String name

The unique name for this authorization server. This value is not updatable.

requireLoginTimeoutSeconds

Integer requireLoginTimeoutSeconds

The maximum amount of time, in seconds, a user's session will persist before requiring re-login.

resetPasswordFailDecayMinutes

Long resetPasswordFailDecayMinutes

How long, in minutes, it takes for failed reset password attempts to "decay". Failed reset password attempts that have decayed will not be taken into account when determining if a user should be locked out. Null indicates attempts never decay.

resetPasswordUnlocksUser

String resetPasswordUnlocksUser

Will a successful reset password unlock this user if they're locked? See User.isLocked()

ssoEnabled

boolean ssoEnabled

Whether or not SSO is enabled for this authorization server.

templatePath

String templatePath

The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/`

tenantId

String tenantId

The ID of the tenant this authorization server is associated with. This value is not updatable.

Class com.broadleafcommerce.auth.server.domain.AuthorizedClient

class AuthorizedClient extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

applicationId

String applicationId

Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.

attributes

Map<String,Object> attributes

Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.

authCodeTimeoutSeconds

Integer authCodeTimeoutSeconds

The period of time, in seconds, that an auth code issued will be valid for.

authoritativeResourceIds

boolean authoritativeResourceIds

When true, AuthorizedClient.getResourceIds() are considered authoritative. In other words, the tokens issued for this client will only contain audience values from AuthorizedClient.getResourceIds() and no other values. This can be useful in scenarios where a client needs to have highly specific resource restrictions.

When false, AuthorizedClient.getResourceIds() are considered additive on top of defaults inherited from other places such as AuthorizationServerProperties.OAuth2.getAdditionalAudiences(). In other words, the tokens issued for this client will contain audience values from both AuthorizedClient.getResourceIds() and any other inherited value.

See Also:

• AuthorizedClient.getResourceIds()

clientAuthenticationMethods

Set<String> clientAuthenticationMethods

The authentication method(s) that the client may use. This should just be ClientAuthenticationMethod.getValue(). Use ClientAuthenticationMethod.NONE for public clients.

This particularly affects how a client would provide its credentials to the '/token' endpoint.

See Also:

• RegisteredClient.getClientAuthenticationMethods()

clientId

String clientId

The OAuth2 client ID for this authorized client. Usually generated as a randomized string.

clientIdIssuedAt

Instant clientIdIssuedAt

Indicates the time at which the AuthorizedClient.getClientId() was issued. This is a completely optional field, and is not set by Broadleaf by default.

See Also:

• RegisteredClient.getClientIdIssuedAt()

clientSecret

String clientSecret

The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.

clientSecretExpiresAt

Instant clientSecretExpiresAt

Indicates the time at which AuthorizedClient.getClientSecret() expires. If not set, the client secret does not expire. Broadleaf does not set this value by default.

See Also:

• RegisteredClient.getClientSecretExpiresAt()

defaultRedirectUri

String defaultRedirectUri

The default redirect URI to use if a user accesses an authentication operation without a valid requested redirect location.

In many cases, this is effectively the default value to use if a match is not found in AuthorizedClient.getPostAuthenticationSuccessRedirectUris() or if no value was explicitly requested.

This is distinct from AuthorizedClient.getRedirectUris() and is not intended for use with OAuth-specific validations.

See Also:

• AuthorizedClient.getPostAuthenticationSuccessRedirectUris()

friendlyName

String friendlyName

The friendly name of this authorized client. Intended for display purposes

grantTypes

Set<String> grantTypes

The grant types for which this client is authorized.

id

String id

The primary key of this authorized client.

isAdmin

boolean isAdmin

Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.

permissions

Set<String> permissions

Returns the Broadleaf permissions that are assigned as authorities to this client in an OAuth2 flow. These apply to client-only flows (ex: AuthorizationGrantType.CLIENT_CREDENTIALS). These do not apply to user flows.

See Also:

• PermissionRepository
• PermissionScope.getPermission()

postAuthenticationSuccessRedirectUris

Set<String> postAuthenticationSuccessRedirectUris

A whitelist of redirect URIs that the caller can request redirect to after successful authentication related operations. This can contain relative and absolute values.

If none are configured or none match the request, AuthorizedClient.getDefaultRedirectUri() should be used.

Critically, this is distinct from AuthorizedClient.getRedirectUris() and is not intended for use in OAuth validation.

See Also:

• ClientRedirectService.isValidPostAuthenticationSuccessUrl(String, String)

postLogoutRedirectUris

Set<String> postLogoutRedirectUris

The post logout redirect URI(s) that the client may use for logout.

This is only applicable when using the OpenID Connect RP-Initiated Logout 1.0 flow.

See Also:

• RegisteredClient.getPostLogoutRedirectUris()
• OidcLogoutAuthenticationProvider

proofKeyRequired

Boolean proofKeyRequired

Whether the client is explicitly opted-in to PKCE for auth code flows. The default is true if this value is unset.

redirectUris

Set<String> redirectUris

The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

Any of these values may be relative, and if so, the AuthorizedClientService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final RegisteredClient.getRedirectUris().

These are exclusively intended to be for OAuth redirect validation, and not for validation of arbitrary redirects from various authentication operations such as login. See AuthorizedClient.getPostAuthenticationSuccessRedirectUris() for more information.

See Also:

• AuthorizedClientService.resolveAbsolutePathsForRelativeRedirectUris(AuthorizedClient)
• TenantUrlResolver

refreshTokenTimeoutSeconds

Integer refreshTokenTimeoutSeconds

The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.

relaxRedirectUrisValidation

boolean relaxRedirectUrisValidation

If true, AuthorizedClient.getRedirectUris() will be dynamically modified/expanded at runtime (persisted state does not change) to effectively relax certain validations. If false, AuthorizedClient.getRedirectUris() will be used as-is, resulting in strict comparison semantics.

In most cases, setting this value to true is reasonable and can avoid requests being rejected for frivolous reasons such as trailing slash mismatches. However, in scenarios where AuthorizedClient.getRedirectUris() must be interpreted verbatim as defined, setting to false can ensure exact match semantics apply and any variations are not allowed.

See Also:

• AuthorizedClientService.preProcessAndConvertToRegisteredClient(AuthorizedClient)

requireAuthorizationConsent

boolean requireAuthorizationConsent

Set to true if authorization consent is required when the client requests access. This applies to all interactive flows (ex: authorization_code).

This should typically be set to false for 'first-party' clients (such as the Broadleaf admin application) - this ensures the user is not shown a consent form whenever scopes are requested.

NOTE - at this time, Broadleaf does not have OOB support for consent flows, so only set to true if there is a valid available implementation of OAuth2AuthorizationConsentService that can persist/load/validate OAuth2AuthorizationConsent.

See Also:

• ClientSettings.isRequireAuthorizationConsent()

resetPasswordBaseUri

String resetPasswordBaseUri

The base URI for the reset password form. This is used when generating a reset password link so the user is directed to the right domain hosting the form. If blank, AuthorizedClient.defaultRedirectUri will be used.

This can be different from AuthorizedClient.defaultRedirectUri in cases where the frontend app is on a different domain than Auth and SSO is still being used, i.e., the reset password form is on https://www.my-auth-server.com and the frontend is https://www.my-store.com. In such a case, the defaultRedirectUri would be https://www.my-store.com but resetPasswordBaseUri would be https://www.my-auth-server.com.

resourceIds

Set<String> resourceIds

These are values contributed to the AccessTokenClaimKeys.RegisteredClaims.AUDIENCE_CLAIM set on access tokens issued for this client.

See Also:

• AuthorizationServerProperties.OAuth2.getAdditionalAudiences()
• AuthorizedClient.isAuthoritativeResourceIds()

scopes

Set<String> scopes

The scopes for this client. Empty if the client isn't scoped.

The scopes represent the "upper-bound" of what scopes a client is allowed to request. They will also be used as default scopes if no scopes are requested.

When this client is expected to be the final principal (ex: client credentials flow), these values represent all scopes that can be requested. Typically, the client credentials token request does not include any scopes, and all these scopes are granted.

For flows where a user is the final principal (ex: authorization code flow), these values represent the upper-bound of what can be granted. Token requests typically include a scope that must be declared in this field.

See Also:

• DefaultClientScopeAuthorizationCodeRequestConverter.getClientScopes(OAuth2AuthorizationCodeRequestAuthenticationToken)
• DefaultClientScopeClientCredentialsRequestConverter.getClientScopes(OAuth2ClientCredentialsAuthenticationToken)
• DefaultOAuth2AuthorizationCodeRequestAuthenticationValidator

serverId

String serverId

The ID of the authorization server this authorized client is part of.

tokenTimeoutSeconds

Integer tokenTimeoutSeconds

The period of time, in seconds, that an access token issued will be valid for.

useRedirectUriToGenerateConsumeTokenUrl

boolean useRedirectUriToGenerateConsumeTokenUrl

Controls whether auth uses the ImpersonationRequest.getRedirect_uri() when building the consume-token redirect URL after a successful impersonation request. The consume token endpoint will add a session cookie identifying the user as a CSR so they do not need to log in on the storefront. The alternative is to build a relative URL to redirect to the same domain as the impersonation endpoint.

This is true by default.

The reason to redirect to the consume-token endpoint using the ImpersonationRequest.getRedirect_uri() is to ensure the cookie is set on the same domain as the storefront in cases where the admin and storefront are on separate domains but both can access Auth on their own domains. That is possible when using the standard deployment configuration where all apps and services are deployed behind the Admin and Commerce Gateways.

Suppose that admin and storefront apps are on different domains: admin.mycompany.com and store.mycompany.com, in this case if the impersonate endpoint added the cookie, it would be on admin.mycompany.com and therefore not accessible on store.mycompany.com. To work around this limitation, the system can redirect to store.mycompany.com/auth/consume-token and then add the session token so that it is on the same domain as the storefront.

However, if Auth is accessed through a different domain than the storefront app (e.g., auth.mycompany.com), then this redirect will not be useful. Such a case typically occurs when also using refresh-token-rotation.

Package com.broadleafcommerce.auth.server.provider.jpa.domain

Class com.broadleafcommerce.auth.server.provider.jpa.domain.JpaAuthorizationServer

class JpaAuthorizationServer extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

changePasswordFailDecayMinutes

Long changePasswordFailDecayMinutes

crossOrigin

boolean crossOrigin

defaultRedirectUri

String defaultRedirectUri

defaultUserPermissions

Set<JpaUserPermission> defaultUserPermissions

defaultUserRoles

Set<JpaUserRole> defaultUserRoles

embeddedLoginEnabled

boolean embeddedLoginEnabled

failedChangePasswordAttemptsAllowed

Integer failedChangePasswordAttemptsAllowed

failedLoginAttemptsAllowed

Integer failedLoginAttemptsAllowed

failedResetPasswordAttemptsAllowed

Integer failedResetPasswordAttemptsAllowed

friendlyName

String friendlyName

id

String id

inactivityTimeoutSeconds

Integer inactivityTimeoutSeconds

lockedUserCanResetPassword

Boolean lockedUserCanResetPassword

lockoutDurationMinutes

Long lockoutDurationMinutes

loginFailDecayMinutes

Long loginFailDecayMinutes

name

String name

requireLoginTimeoutSeconds

Integer requireLoginTimeoutSeconds

resetPasswordFailDecayMinutes

Long resetPasswordFailDecayMinutes

resetPasswordUnlocksUser

Boolean resetPasswordUnlocksUser

ssoEnabled

boolean ssoEnabled

templatePath

String templatePath

tenantId

String tenantId

Class com.broadleafcommerce.auth.server.provider.jpa.domain.JpaAuthorizedClient

class JpaAuthorizedClient extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

applicationId

String applicationId

attributes

Map<String,Object> attributes

authCodeTimeoutSeconds

Integer authCodeTimeoutSeconds

authoritativeResourceIds

boolean authoritativeResourceIds

See Also:

• AuthorizedClient.isAuthoritativeResourceIds()

clientAuthenticationMethods

Set<String> clientAuthenticationMethods

See Also:

• AuthorizedClient.getClientAuthenticationMethods()

clientId

String clientId

clientIdIssuedAt

Instant clientIdIssuedAt

See Also:

• AuthorizedClient.getClientIdIssuedAt()

clientSecret

String clientSecret

clientSecretExpiresAt

Instant clientSecretExpiresAt

See Also:

• AuthorizedClient.getClientSecretExpiresAt()

defaultRedirectUri

String defaultRedirectUri

friendlyName

String friendlyName

grantTypes

Set<String> grantTypes

id

String id

isAdmin

boolean isAdmin

permissions

Set<String> permissions

postAuthenticationSuccessRedirectUris

Set<String> postAuthenticationSuccessRedirectUris

See Also:

• AuthorizedClient.getPostAuthenticationSuccessRedirectUris()

postLogoutRedirectUris

Set<String> postLogoutRedirectUris

See Also:

• AuthorizedClient.getPostLogoutRedirectUris()

redirectUris

Set<String> redirectUris

refreshTokenTimeoutSeconds

Integer refreshTokenTimeoutSeconds

relaxRedirectUrisValidation

boolean relaxRedirectUrisValidation

See Also:

• AuthorizedClient.isRelaxRedirectUrisValidation()

requireAuthorizationConsent

boolean requireAuthorizationConsent

See Also:

• AuthorizedClient.isRequireAuthorizationConsent()

requireProofKey

Boolean requireProofKey

resetPasswordBaseUri

String resetPasswordBaseUri

resourceIds

Set<String> resourceIds

scopes

Set<String> scopes

serverId

String serverId

tokenTimeoutSeconds

int tokenTimeoutSeconds

useRedirectUriToGenerateConsumeTokenUrl

boolean useRedirectUriToGenerateConsumeTokenUrl

Package com.broadleafcommerce.auth.server.web.endpoint

Class com.broadleafcommerce.auth.server.web.endpoint.ClientDiscoveryEndpoint.ClientDiscoveryResponse

class ClientDiscoveryResponse extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

The discovered authorized client ID

serverId

String serverId

The discovered authorization server ID

Package com.broadleafcommerce.auth.tenant.domain

Class com.broadleafcommerce.auth.tenant.domain.Application

class Application extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

customerContextId

String customerContextId

See Also:

• Application.getCustomerContextId()

deactivated

boolean deactivated

See Also:

• Application.isDeactivated()

id

String id

identifierType

String identifierType

See Also:

• Application.getIdentifierType()

identifierValue

String identifierValue

See Also:

• Application.getIdentifierValue()

isMarketplace

boolean isMarketplace

See Also:

• Application.isMarketplace()

lastUpdated

Instant lastUpdated

Indicates when this record was last updated.

tenantId

String tenantId

See Also:

• Application.getTenantId()

Class com.broadleafcommerce.auth.tenant.domain.UrlResolverResponse

class UrlResolverResponse extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

url

String url

Package com.broadleafcommerce.auth.tenant.provider.jpa.domain

Class com.broadleafcommerce.auth.tenant.provider.jpa.domain.JpaApplication

class JpaApplication extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

customerContextId

String customerContextId

See Also:

• Application.getCustomerContextId()

deactivated

boolean deactivated

See Also:

• Application.isDeactivated()

id

String id

See Also:

• Application.getId()

identifierType

String identifierType

See Also:

• Application.getIdentifierType()

identifierValue

String identifierValue

See Also:

• Application.getIdentifierValue()

isMarketplace

boolean isMarketplace

See Also:

• Application.isMarketplace()

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• Application.lastUpdated

tenantId

String tenantId

Package com.broadleafcommerce.auth.user.api.dto

Class com.broadleafcommerce.auth.user.api.dto.ChangePasswordForm

class ChangePasswordForm extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

currentPassword

String currentPassword

newPassword

String newPassword

newPasswordConfirm

String newPasswordConfirm

Class com.broadleafcommerce.auth.user.api.dto.ResetPasswordForm

class ResetPasswordForm extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

password

String password

token

String token

username

String username

Class com.broadleafcommerce.auth.user.api.dto.UserRegistration

class UserRegistration extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Client implementations may choose to utilize this field to accept and pass additional custom information as part of the user registration process. By default, these attributes are passed to other interested microservices via UserCreationEvent.attributes.

See Also:

• UserCreationEvent.attributes

clientId

String clientId

The application's client_id that this user is registering to

email

String email

Email address

fullName

String fullName

Full name of the user

password

String password

See Also:

• PasswordRequestValidator

passwordConfirmation

String passwordConfirmation

Must match the given UserRegistration.password

See Also:

• PasswordRequestValidator

preview

Boolean preview

True if this registration is in a preview context

returnTo

String returnTo

The location to which the user is forwarded after registration

username

String username

Username

Only used when AuthRegistrationProperties.isEmailAsUsername() is disabled

userType

String userType

The type of user to register this user as.

See Also:

• UserType

Package com.broadleafcommerce.auth.user.autoconfigure.support.keys

Class com.broadleafcommerce.auth.user.autoconfigure.support.keys.DynamicPropertyPrivateKey

class DynamicPropertyPrivateKey extends AbstractDynamicPropertyKey<RSAPrivateKey> implements Serializable

Serialized Fields

authorizationServerProperties

AuthorizationServerProperties authorizationServerProperties

Class com.broadleafcommerce.auth.user.autoconfigure.support.keys.DynamicPropertyPublicKey

class DynamicPropertyPublicKey extends AbstractDynamicPropertyKey<RSAPublicKey> implements Serializable

Serialized Fields

authorizationServerProperties

AuthorizationServerProperties authorizationServerProperties

Package com.broadleafcommerce.auth.user.domain

Class com.broadleafcommerce.auth.user.domain.AuthenticationEvent

class AuthenticationEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Any additional attributes that a service receiving the request may need

contextInfo

com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo

The ContextInfo derived from the original request containing tenant and sandbox info.

messageType

String messageType

The message type for this event.

See Also:

• AuthenticationMessageType

user

User user

The user that made the request

Class com.broadleafcommerce.auth.user.domain.DefaultOAuth2UserDetails

class DefaultOAuth2UserDetails extends org.springframework.security.core.userdetails.User implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

id

String id

impersonationAllowed

boolean impersonationAllowed

restrictedAuthorities

Map<String,Map<String,Set<String>>> restrictedAuthorities

restrictions

Map<String,Set<String>> restrictions

Class com.broadleafcommerce.auth.user.domain.ImpersonationTokenNonce

class ImpersonationTokenNonce extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

expirationTimestamp

Instant expirationTimestamp

The date-time used to indicate when the token expires.

id

String id

The primary key of this nonce.

nonce

String nonce

One-time use token value.

Class com.broadleafcommerce.auth.user.domain.PasswordToken

class PasswordToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

The date this token was created.

dateUsed

Instant dateUsed

The date this token was used, or null.

id

String id

The primary key of this token.

purpose

String purpose

The reason this token was created.

token

String token

The token value

used

boolean used

Whether or not this token has been used.

userId

String userId

The ID of the user associated with this token.

Class com.broadleafcommerce.auth.user.domain.UserChangePasswordAttempt

class UserChangePasswordAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

The time that this password change attempt occurred.

authServerId

String authServerId

The AuthorizationServer id that this password change attempt was made from.

considered

boolean considered

Should this password change attempt be considered when determining if the user is to be locked out?

id

String id

The database id.

result

String result

The change password attempt result. Either SUCCESS or FAILURE.

See Also:

• UserAttemptResult

userId

String userId

The user id of the attempted password change.

This should be non-null since a user can only change a password once they are logged in.

username

String username

The username used in the password change attempt. Required.

Class com.broadleafcommerce.auth.user.domain.UserLoginAttempt

class UserLoginAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

The time that this login attempt occurred.

authServerId

String authServerId

The AuthorizationServer id that this login attempt was made from.

considered

boolean considered

Should this login attempt be considered when determining if the user is to be locked out?

id

String id

The database id.

loginAttemptResult

String loginAttemptResult

The login attempt result. Either SUCCESS or FAILURE. See LoginAttemptResult

userId

String userId

The user id of the attempted login.

This is nullable, as an attempt could be made to login with a specific username, but no user exists for that username.

username

String username

The username used in the login attempt. Required.

Class com.broadleafcommerce.auth.user.domain.UserResetPasswordAttempt

class UserResetPasswordAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

The time that this password reset attempt occurred.

authServerId

String authServerId

The AuthorizationServer id that this password reset attempt was made from.

considered

boolean considered

Should this password reset attempt be considered when determining if the user is to be locked out?

id

String id

The database id.

result

String result

The reset password attempt result. Either SUCCESS or FAILURE.

See Also:

• UserAttemptResult

userId

String userId

The user id of the attempted password reset.

This is nullable, as an attempt could be made to reset the password using a specific username, but no user exists for that username.

username

String username

The username used in the password reset attempt. Required.

Package com.broadleafcommerce.auth.user.endpoint

Class com.broadleafcommerce.auth.user.endpoint.ImpersonationRequest

class ImpersonationRequest extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

Id of the AuthorizedClient initiating this request.

impersonate_self

Boolean impersonate_self

Indicates that CSR is not impersonating as a customer but is operating as themselves. This is typically used for things like quote management.

impersonated_client_id

String impersonated_client_id

The id of the AuthorizedClient that the user-to-be-impersonated belongs to.

impersonated_sub

String impersonated_sub

The username of the user to impersonate if any.

redirect_uri

String redirect_uri

Uri to redirect to upon successful request.

Class com.broadleafcommerce.auth.user.endpoint.ImpersonationRequestToken

class ImpersonationRequestToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

client_id

String client_id

The client ID of the user requesting impersonation

See Also:

• AuthorizedClient.getClientId()

csr_user_id

String csr_user_id

The user ID of the CSR that is impersonating a user.

impersonated_client_id

String impersonated_client_id

The client ID of the user to be impersonated.

See Also:

• AuthorizedClient.getClientId()

impersonated_sub

String impersonated_sub

The subject to be impersonated. Usually the same as User.getUsername().

impersonating_self

Boolean impersonating_self

Indicates that CSR is not impersonating as a customer but is operating as themselves. This is typically used for things like quote management.

redirect_uri

String redirect_uri

Upon consuming the token, the URL to redirect the user to.

Package com.broadleafcommerce.auth.user.exception

Exception com.broadleafcommerce.auth.user.exception.UserNotActiveException

class UserNotActiveException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.listener.domain

Class com.broadleafcommerce.auth.user.listener.domain.AdminPermission

class AdminPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

businessDomainType

String businessDomainType

id

String id

name

String name

tenantId

String tenantId

Class com.broadleafcommerce.auth.user.listener.domain.AdminPermissionRef

class AdminPermissionRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestrictedPermission

class AdminRestrictedPermission extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

permission

String permission

The id of the permission that is being restricted.

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestrictedRole

class AdminRestrictedRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

role

String role

id of the role that is being restricted.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRestriction

class AdminRestriction extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

Represents the id of the User restriction.

restrictionTargets

Set<String> restrictionTargets

Represents the targets of the restriction.

restrictionType

String restrictionType

Represents the type of the restriction.

Class com.broadleafcommerce.auth.user.listener.domain.AdminRole

class AdminRole extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

businessDomainType

String businessDomainType

id

String id

name

String name

parentRoleId

String parentRoleId

permissions

Set<AdminPermissionRef> permissions

tenantId

String tenantId

Class com.broadleafcommerce.auth.user.listener.domain.AdminRoleRef

class AdminRoleRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

id

String id

name

String name

Class com.broadleafcommerce.auth.user.listener.domain.AdminUser

class AdminUser extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

active

boolean active

applicationAccess

boolean applicationAccess

applicationIds

Set<String> applicationIds

businessDomainType

String businessDomainType

changePasswordRequired

boolean changePasswordRequired

defaultApplicationId

String defaultApplicationId

The application that user will have as a pre-selected on sign in. In the case a user has applications assigned AdminUser.applicationIds list, default application should be in that list, otherwise this setting will be ignored.

email

String email

expired

boolean expired

id

String id

locked

boolean locked

name

String name

permissionIds

Set<String> permissionIds

permissions

Set<AdminPermissionRef> permissions

Deprecated.

restrictedPermissions

Set<AdminRestrictedPermission> restrictedPermissions

The permissions that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictedRoles

Set<AdminRestrictedRole> restrictedRoles

The roles that this user is directly assigned that are restricted to only apply when accessing certain segments of data.

restrictions

Set<AdminRestriction> restrictions

The data restrictions that control the data this user is permitted to access.

roleIds

Set<String> roleIds

roles

Set<AdminRoleRef> roles

Deprecated.

tenantAccess

boolean tenantAccess

tenantId

String tenantId

username

String username

Class com.broadleafcommerce.auth.user.listener.domain.Customer

class Customer extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

active

Boolean active

additionalAttributes

Map<String,Object> additionalAttributes

Map holding any additional attributes passed in the request not matching any defined properties.

archived

boolean archived

attributes

Map<String,Object> attributes

contextId

String contextId

customerContextId

String customerContextId

defaultAccountId

String defaultAccountId

email

String email

firstName

String firstName

fullName

String fullName

lastName

String lastName

locked

boolean locked

middleName

String middleName

tenantId

String tenantId

username

String username

Package com.broadleafcommerce.auth.user.messaging

Class com.broadleafcommerce.auth.user.messaging.CartApprovalRequestEvent

class CartApprovalRequestEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountId

String accountId

ID of the account the submitter belongs to.

approvers

List<CartApprovalRequestEvent.ApproverRef> approvers

attributes

Map<String,Object> attributes

Map holding any additional attributes passed in the request not matching any defined properties.

contextInfo

com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo

The ContextInfo containing tenant and sandbox info.

Class com.broadleafcommerce.auth.user.messaging.CartApprovalRequestEvent.ApproverRef

class ApproverRef extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

additionalAttributes

Map<String,Object> additionalAttributes

Any additional attributes to include.

emailAddress

String emailAddress

The user's email.

fullName

String fullName

The user's full name.

id

String id

The user's id.

Class com.broadleafcommerce.auth.user.messaging.ExternalAdminUserModificationEvent

class ExternalAdminUserModificationEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

additionalAttributes

Map<String,Object> additionalAttributes

Any additional attributes relevant for the user. Empty by default, but useful as an extension mechanism.

operationType

String operationType

The modification type (CREATE or UPDATE)

user

User user

The user that was modified/created

Class com.broadleafcommerce.auth.user.messaging.UserCreationEvent

class UserCreationEvent extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attributes

Map<String,Object> attributes

Additional custom information that was provided as part of the user registration process.

Client implementations may choose to populate and utilize this field for custom behavior.

See Also:

• UserRegistration.attributes

preview

boolean preview

Indicates whether the user was created from a preview context.

user

User user

Package com.broadleafcommerce.auth.user.provider.jpa.domain

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaCustomerAccount

class JpaCustomerAccount extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

active

boolean active

id

String id

parentAccountId

String parentAccountId

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaImpersonationTokenNonce

class JpaImpersonationTokenNonce extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

expirationTimestamp

Instant expirationTimestamp

id

String id

nonce

String nonce

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaPasswordToken

class JpaPasswordToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

dateUsed

Instant dateUsed

id

String id

purpose

String purpose

token

String token

used

boolean used

userId

String userId

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUser

class JpaUser extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

accountRoles

List<JpaAccountRoleXref> accountRoles

See Also:

• User.getAccountRoles()

active

boolean active

See Also:

• User.isActive()

applicationAccess

boolean applicationAccess

See Also:

• User.isApplicationAccess()

applicationIds

Set<String> applicationIds

See Also:

• User.getApplicationIds()

archived

boolean archived

See Also:

• User.isArchived()

attributes

Map<String,Object> attributes

See Also:

• User.getAttributes()

changePasswordRequired

boolean changePasswordRequired

See Also:

• User.isChangePasswordRequired()

customerContextId

String customerContextId

See Also:

• User.getCustomerContextId()

defaultAccountId

String defaultAccountId

defaultApplicationId

String defaultApplicationId

email

String email

See Also:

• User.getEmail()

expired

boolean expired

See Also:

• User.isExpired()

externalId

String externalId

See Also:

• User.getExternalId()

externalRoleIds

Set<String> externalRoleIds

firstName

String firstName

See Also:

• User.getFirstName()

fullName

String fullName

See Also:

• User.getFullName()

id

String id

impersonationAllowed

boolean impersonationAllowed

See Also:

• User.isImpersonationAllowed()

lastName

String lastName

See Also:

• User.getLastName()

lastUpdated

Instant lastUpdated

We don't use LastModifiedDate here because we want to enable manually setting this value (ex: for setting the lastUpdated to a value received in a persistence message).

See Also:

• User.getLastUpdated()

locked

boolean locked

See Also:

• User.isLocked()

lockedTime

Instant lockedTime

See Also:

• User.getLockedTime()

middleName

String middleName

See Also:

• User.getMiddleName()

password

String password

See Also:

• User.getPassword()

passwordHistory

List<JpaUserHistoricalPassword> passwordHistory

See Also:

• User.getPasswordHistory()

passwordLastUpdated

Instant passwordLastUpdated

See Also:

• User.getPasswordLastUpdated()

permissions

Set<JpaUserPermission> permissions

See Also:

• User.getPermissions()

restrictedPermissions

Set<JpaUserRestrictedPermission> restrictedPermissions

See Also:

• User.getRestrictedPermissions()

restrictedRoles

Set<JpaUserRestrictedRole> restrictedRoles

See Also:

• User.getRestrictedRoles()

restrictions

Set<JpaUserRestriction> restrictions

See Also:

• User.getRestrictions()

roles

Set<JpaUserRole> roles

See Also:

• User.getRoles()

serverId

String serverId

See Also:

• User.getServerId()

serviceId

String serviceId

See Also:

• User.getServiceId()

tenantAccess

boolean tenantAccess

See Also:

• User.isTenantAccess()

tenantId

String tenantId

See Also:

• User.getTenantId()

type

String type

See Also:

• User.getType()

username

String username

See Also:

• User.getUsername()

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserChangePasswordAttempt

class JpaUserChangePasswordAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

authServerId

String authServerId

considered

boolean considered

id

String id

result

String result

userId

String userId

username

String username

The username used in the change password attempt. Required.

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserHistoricalPassword

class JpaUserHistoricalPassword extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

dateCreated

Instant dateCreated

The date when the password was created.

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserLoginAttempt

class JpaUserLoginAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

authServerId

String authServerId

considered

boolean considered

id

String id

loginAttemptResult

String loginAttemptResult

userId

String userId

username

String username

The username used in the login attempt. Required.

Class com.broadleafcommerce.auth.user.provider.jpa.domain.JpaUserResetPasswordAttempt

class JpaUserResetPasswordAttempt extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

attemptTime

Instant attemptTime

authServerId

String authServerId

considered

boolean considered

id

String id

result

String result

userId

String userId

username

String username

The username used in the reset password attempt. Required.

Package com.broadleafcommerce.auth.user.service.password

Exception com.broadleafcommerce.auth.user.service.password.AccountLockedException

class AccountLockedException extends Exception implements Serializable

Exception com.broadleafcommerce.auth.user.service.password.ResetPasswordException

class ResetPasswordException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.session

Class com.broadleafcommerce.auth.user.session.BasicSavedRequest

class BasicSavedRequest extends Object implements Serializable

Serialized Fields

redirectUrl

String redirectUrl

Class com.broadleafcommerce.auth.user.session.DefaultOAuth2SessionToken

class DefaultOAuth2SessionToken extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

claims

Map<String,Object> claims

value

String value

Class com.broadleafcommerce.auth.user.session.FormLoginAuthenticationToken

class FormLoginAuthenticationToken extends org.springframework.security.authentication.UsernamePasswordAuthenticationToken implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

Class com.broadleafcommerce.auth.user.session.OAuth2SessionAuthenticationToken

class OAuth2SessionAuthenticationToken extends org.springframework.security.authentication.AbstractAuthenticationToken implements Serializable

serialVersionUID:

1L

Serialized Fields

clientId

String clientId

The OAuth2 client ID.

principal

Object principal

The OAuth2 principal.

token

OAuth2SessionToken token

The JWT token from the BLSID-[client_id] session cookie.

Package com.broadleafcommerce.auth.user.web.endpoint

Class com.broadleafcommerce.auth.user.web.endpoint.EmbeddedAuthenticationController.PasswordResetEmailRequest

class PasswordResetEmailRequest extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

username

String username

Username of the user trying to reset their password.

Package com.broadleafcommerce.auth.user.web.endpoint.exception

Exception com.broadleafcommerce.auth.user.web.endpoint.exception.ClientValidationException

class ClientValidationException extends RuntimeException implements Serializable

Package com.broadleafcommerce.auth.user.web.endpoint.model

Class com.broadleafcommerce.auth.user.web.endpoint.model.OAuth2IdentityProvider

class OAuth2IdentityProvider extends Object implements Serializable

serialVersionUID:

1L

Serialized Fields

icon

String icon

The path to a static resource that represents an icon to display on the action component for this IDP.

id

String id

The registration ID of the of the IDP.

name

String name

The name of the IDP. This will be displayed to the user.

url

String url

The action URL to take the user to the authentication page for this IDP.