Package co.elastic.clients.elasticsearch.security

Class OidcAuthenticateRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.OidcAuthenticateRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class OidcAuthenticateRequest extends RequestBase implements JsonpSerializable
Authenticate OpenID Connect.

Exchange an OpenID Connect authentication response message for an Elasticsearch internal access token and refresh token that can be subsequently used for authentication.

Elasticsearch exposes all the necessary OpenID Connect related functionality with the OpenID Connect APIs. These APIs are used internally by Kibana in order to provide OpenID Connect based authentication, but can also be used by other, custom web applications or other clients.

See Also:

  • Field Details

  • Method Details

    • of

      public static OidcAuthenticateRequest of(Function<OidcAuthenticateRequest.Builder,ObjectBuilder<OidcAuthenticateRequest>> fn)

    • nonce

      public final String nonce()
      Required - Associate a client session with an ID token and mitigate replay attacks. This value needs to be the same as the one that was provided to the /_security/oidc/prepare API or the one that was generated by Elasticsearch and included in the response to that call.

      API name: nonce

    • realm

      @Nullable public final String realm()
      The name of the OpenID Connect realm. This property is useful in cases where multiple realms are defined.

      API name: realm

    • redirectUri

      public final String redirectUri()
      Required - The URL to which the OpenID Connect Provider redirected the User Agent in response to an authentication request after a successful authentication. This URL must be provided as-is (URL encoded), taken from the body of the response or as the value of a location header in the response from the OpenID Connect Provider.

      API name: redirect_uri

    • state

      public final String state()
      Required - Maintain state between the authentication request and the response. This value needs to be the same as the one that was provided to the /_security/oidc/prepare API or the one that was generated by Elasticsearch and included in the response to that call.

      API name: state

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupOidcAuthenticateRequestDeserializer

      protected static void setupOidcAuthenticateRequestDeserializer(ObjectDeserializer<OidcAuthenticateRequest.Builder> op)