10Duke Scale C++ Client
All Classes Namespaces Files Functions Variables Typedefs Enumerations Pages
tenduke::oidc::SerializedOIDCSession Class Reference

#include <SerializedOIDCSession.h>

Detailed Description

A tenduke::oidc::OIDCSession, which guards that only one thread at a time can access the instance.

Each method takes a mutex and then delegates the call to another service. The mutexes timeout and methods may throw tenduke::TimedOut.

Inheritance diagram for tenduke::oidc::SerializedOIDCSession:
tenduke::oidc::OIDCSession

Public Member Functions

 SerializedOIDCSession (const std::shared_ptr< tenduke::oidc::OIDCSession > &session, const std::chrono::milliseconds &concurrencyTimeout)
 Constructs new instance.
 
void ensureValidSession () override
 Checks that the OIDC session is valid, but if it is NOT, either refreshes the access token or authenticates the user.
 
std::string getAccessToken () override
 Returns access token of the session.
 
std::shared_ptr< const tenduke::oidc::OIDCStategetOIDCState () override
 Returns the current OIDC-state for inspection.
 
bool heartbeat () override
 Executes a heartbeat with the backend, checking that the current access token really works.
 
void invalidate () override
 Invalidates the session.
 
bool isValid () override
 Checks that local session is valid.
 
void reEstablish () override
 Re-establishes the session: Tries first to refresh the state, if it fails, re-authenticates the user.
 
void refresh () override
 Forces refresh of the session.
 

Constructor & Destructor Documentation

◆ SerializedOIDCSession()

tenduke::oidc::SerializedOIDCSession::SerializedOIDCSession ( const std::shared_ptr< tenduke::oidc::OIDCSession > & session,
const std::chrono::milliseconds & concurrencyTimeout )

Constructs new instance.

Parameters
session-
concurrencyTimeout-

Member Function Documentation

◆ ensureValidSession()

void tenduke::oidc::SerializedOIDCSession::ensureValidSession ( )
overridevirtual

Checks that the OIDC session is valid, but if it is NOT, either refreshes the access token or authenticates the user.

Call this method before doing request which uses the access token (method getAccessToken()). You do not need call this method unless you want to use access token: E.g. it is unnecessary to schedule a task for this.

Valid OIDC session requires a non-expired access token. If the access token has expired, this method tries to refresh the access token. If the refresh fails because the the refresh token has expired or if there is no valid session in the first place (i.e. there is no access token), the service starts login flow.

Note that this method cannot guarantee that the next request with the access token does not fail. For possible reasons, see method isValid().

Because of this, requests using the access token should prepare to handle HTTP 401 errors by calling this method again.

Exceptions
tenduke::InterruptedExceptionwhen e.g. login was aborted
tenduke::TimedOutwhen login times out or concurrent thread times out waiting to execute this method

Implements tenduke::oidc::OIDCSession.

◆ getAccessToken()

std::string tenduke::oidc::SerializedOIDCSession::getAccessToken ( )
overridevirtual

Returns access token of the session.

Returns
the access token. Returned value is std::string::empty() if the user has not authenticated. Note that the returned value might not be working access token if the token has expired.
Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.

◆ getOIDCState()

std::shared_ptr< const xdoidc::OIDCState > tenduke::oidc::SerializedOIDCSession::getOIDCState ( )
overridevirtual

Returns the current OIDC-state for inspection.

The state MUST NOT be modified.

Returns
the current OIDC-state or nullptr if there is no current state
Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.

◆ heartbeat()

bool tenduke::oidc::SerializedOIDCSession::heartbeat ( )
overridevirtual

Executes a heartbeat with the backend, checking that the current access token really works.

The heartbeat does not modify the state, even if the credentials are defunct. Typical reaction after false is to call reEstablish().

IMPORTANT: Do not call this repeatedly (e.g. schedule a task to execute heart beats). Also, you don't need to call this just before executing an API call. We trust that normally the local state is in sync with the backend and using OIDCSession::ensureValidSession() is usually enough. This method should only be used when there is doubt that the local session state is not in sync with the backend.

Returns
true if the check was OK and local state is still valid. Returns false otherwise.
Exceptions
tenduke::TimedOutwhen concurrent access times out
tenduke::http::HTTPRequestExceptionif the HTTP-status code indicates error
tenduke::http::HTTPExceptionin other HTTP-related issues
tenduke::net::NetworkingExceptione.g. host not found, network connection issues

Implements tenduke::oidc::OIDCSession.

◆ invalidate()

void tenduke::oidc::SerializedOIDCSession::invalidate ( )
overridevirtual

Invalidates the session.

Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.

◆ isValid()

bool tenduke::oidc::SerializedOIDCSession::isValid ( )
overridevirtual

Checks that local session is valid.

This method checks that there is a session and it has not expired.

Note that this method only checks the local session information, it does not verify the state from the backend. This means that requests using the access token might fail even if this method returns true, because .e.g.

  • The state might have expired in the backend, but the client believes that the session is valid, because there is a clock skew or some other inaccuracy
  • The state might have been invalidated in the backend (e.g. by admin user)
Returns
-
Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.

◆ reEstablish()

void tenduke::oidc::SerializedOIDCSession::reEstablish ( )
overridevirtual

Re-establishes the session: Tries first to refresh the state, if it fails, re-authenticates the user.

IMPORTANT: Do not call this method "just in case". Read the class documentation and heartbeat().

Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.

◆ refresh()

void tenduke::oidc::SerializedOIDCSession::refresh ( )
overridevirtual

Forces refresh of the session.

Does nothing if a) there is no session or b) the session is not refreshable.

IMPORTANT: Do not call this unless you really know what you are doing. Use ensureValidSession() instead. This method only does refresh, it never logs in.

Exceptions
tenduke::TimedOutwhen concurrent access times out

Implements tenduke::oidc::OIDCSession.


The documentation for this class was generated from the following files: