OidcRefreshV1 (stSoftware API)

java.lang.Object
- com.aspc.cms.rest.plugin.oidc.OidcRefreshV1

All Implemented Interfaces:

RestPluginProcess, RestPluginThrottling
```
public class OidcRefreshV1
extends java.lang.Object
implements RestPluginProcess, RestPluginThrottling
```
REST plugin that refreshes access and ID tokens using the stored refresh token from the HttpOnly cookie.
Endpoint: POST /oidc/refresh

The frontend calls this endpoint when the current access token has expired. The refresh token is read from the HttpOnly cookie (set by the callback endpoint) and exchanged with Cognito for new access and ID tokens without requiring re-authentication.

The refresh token is never exposed in the response body. If Cognito issues a new refresh token, the cookie is updated automatically.

Returns HTTP 401 if no refresh token cookie is present or the refresh token has been revoked or expired.

Author:

Claude

Field Summary

Fields
Modifier and Type	Field and Description
`static int`	`RATE_LIMIT_PERIOD_SECONDS` Throttling period in seconds (1 minute).
`static int`	`RATE_LIMIT_REQUESTS` Maximum requests per throttling period.

Constructor Summary

Constructors
Constructor and Description

OidcRefreshV1()

Constructors
Constructor and Description
`OidcRefreshV1()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static JSONObject`	`buildErrorResponse()` Builds the JSON error response for a failed refresh attempt.
`static JSONObject`	`buildSuccessResponse(java.lang.String accessToken, java.lang.String idToken, int expiresIn)` Builds the JSON success response returned to the frontend.
`java.lang.String`	`getCounterKey(WebClient client, RestDefinition restDefinition)` get the key of the throttling counter, the key has to be shorter than 255 characters
`int`	`getPeriod(WebClient client, RestDefinition rd)` get the throttling period in seconds
`int`	`getRequestLimit(WebClient client, RestDefinition rd)` -1 is no limit 0 is always reject n is allow n requests in each throttling period
`java.lang.Object`	`restCreate(WebClient client, RestDefinition restDefinition, MutableDataSource mds)` HTTP POST calls the the Create ReST service.
`java.lang.Object`	`restDelete(WebClient client, RestDefinition restDefinition, MutableDataSource mds)` HTTP DELETE calls the the Delete ReST service.
`java.lang.Object`	`restRetrieve(WebClient client, RestDefinition restDefinition, ReadOnlyDataSource rds)` HTTP GET calls the the Retrieval ReST service.
`java.lang.Object`	`restUpdate(WebClient client, RestDefinition restDefinition, MutableDataSource mds)` HTTP PUT calls the the Update ReST service.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- RATE_LIMIT_REQUESTS
```
public static final int RATE_LIMIT_REQUESTS
```
  Maximum requests per throttling period.
  
  See Also:
  
  Constant Field Values
- RATE_LIMIT_PERIOD_SECONDS
```
public static final int RATE_LIMIT_PERIOD_SECONDS
```
  Throttling period in seconds (1 minute).
  
  See Also:
  
  Constant Field Values

Constructor Detail
- OidcRefreshV1
```
public OidcRefreshV1()
```

Method Detail

restRetrieve

@CheckReturnValue
 @Nonnull
public java.lang.Object restRetrieve(@Nonnull
                                                                 WebClient client,
                                                                 @Nonnull
                                                                 RestDefinition restDefinition,
                                                                 @Nonnull
                                                                 ReadOnlyDataSource rds)
                                                          throws java.lang.Exception

Description copied from interface: RestPluginProcess

HTTP GET calls the the Retrieval ReST service.

Specified by:: restRetrieve in interface RestPluginProcess
Parameters:: client - the client. Null means check only of ops; restDefinition - the definition; rds - the data source to use
Returns:: the JSON object/array if processed.
Throws:: java.lang.UnsupportedOperationException - if this method is NOT supported.; java.lang.Exception - an error has occurred.

restCreate

@CheckReturnValue
 @Nonnull
public java.lang.Object restCreate(@Nonnull
                                                               WebClient client,
                                                               @Nonnull
                                                               RestDefinition restDefinition,
                                                               @Nonnull
                                                               MutableDataSource mds)
                                                        throws java.lang.Exception

Description copied from interface: RestPluginProcess

HTTP POST calls the the Create ReST service.

Specified by:: restCreate in interface RestPluginProcess
Parameters:: client - the client. Null means check only of ops; restDefinition - the definition; mds - the data source to use
Returns:: the JSON object/array if processed.
Throws:: java.lang.UnsupportedOperationException - if this method is NOT supported.; ExceptionResponse - an error has occurred.; java.lang.Exception

restUpdate

@CheckReturnValue
 @Nonnull
public java.lang.Object restUpdate(@Nonnull
                                                               WebClient client,
                                                               @Nonnull
                                                               RestDefinition restDefinition,
                                                               @Nonnull
                                                               MutableDataSource mds)
                                                        throws java.lang.Exception

Description copied from interface: RestPluginProcess

HTTP PUT calls the the Update ReST service.

Specified by:: restUpdate in interface RestPluginProcess
Parameters:: client - the client. Null means check only of ops; restDefinition - the definition; mds - the data source to use
Returns:: the JSON object/array if processed.
Throws:: java.lang.UnsupportedOperationException - if this method is NOT supported.; ExceptionResponse - an error has occurred.; java.lang.Exception

restDelete

@CheckReturnValue
 @Nonnull
public java.lang.Object restDelete(@Nonnull
                                                               WebClient client,
                                                               @Nonnull
                                                               RestDefinition restDefinition,
                                                               @Nonnull
                                                               MutableDataSource mds)
                                                        throws java.lang.Exception

Description copied from interface: RestPluginProcess

HTTP DELETE calls the the Delete ReST service.

Specified by:: restDelete in interface RestPluginProcess
Parameters:: client - the client. Null means check only of ops; restDefinition - the definition; mds - the data source to use.
Returns:: the JSON object/array if processed.
Throws:: java.lang.UnsupportedOperationException - if this method is NOT supported.; ExceptionResponse - an error has occurred.; java.lang.Exception

getCounterKey

@CheckReturnValue
 @Nullable
public java.lang.String getCounterKey(@Nonnull
                                                                   WebClient client,
                                                                   @Nonnull
                                                                   RestDefinition restDefinition)
                                                            throws java.lang.Exception

Description copied from interface: RestPluginThrottling

get the key of the throttling counter, the key has to be shorter than 255 characters

Specified by:: getCounterKey in interface RestPluginThrottling
Parameters:: client - the client. Null means check only of ops; restDefinition - the definition
Returns:: The throttling counter key. Does NOT throttling if this method return null or empty string
Throws:: java.lang.UnsupportedOperationException - if this method is NOT supported.; java.lang.Exception - an error has occurred.

getRequestLimit
```
public int getRequestLimit(@Nonnull
                           WebClient client,
                           @Nonnull
                           RestDefinition rd)
                    throws java.lang.Exception
```
Description copied from interface: RestPluginThrottling

-1 is no limit 0 is always reject n is allow n requests in each throttling period

Specified by:

getRequestLimit in interface RestPluginThrottling

Parameters:

client - the client. Null means check only of ops

rd - the definition

Returns:

Throws:

java.lang.UnsupportedOperationException - use default throttling settings configured in RestDefinition record

java.lang.Exception

getPeriod
```
public int getPeriod(@Nonnull
                     WebClient client,
                     @Nonnull
                     RestDefinition rd)
              throws java.lang.Exception
```
Description copied from interface: RestPluginThrottling

get the throttling period in seconds

Specified by:

getPeriod in interface RestPluginThrottling

Parameters:

client - the client. Null means check only of ops

rd - the definition

Returns:

Throws:

java.lang.UnsupportedOperationException - use default throttling settings configured in RestDefinition record

java.lang.Exception

buildSuccessResponse

@CheckReturnValue
 @Nonnull
public static JSONObject buildSuccessResponse(@Nonnull
                                                                          java.lang.String accessToken,
                                                                          @Nonnull
                                                                          java.lang.String idToken,
                                                                          int expiresIn)

Builds the JSON success response returned to the frontend.

The refresh token is deliberately excluded from the response body for security — it is only ever stored in the HttpOnly cookie.

Parameters:: accessToken - the OAuth2 access token; idToken - the OpenID Connect ID token; expiresIn - the token lifetime in seconds
Returns:: the JSON response object

buildErrorResponse
```
@CheckReturnValue
 @Nonnull
public static JSONObject buildErrorResponse()
```
Builds the JSON error response for a failed refresh attempt.

Returns:

the JSON error response

Class OidcRefreshV1

Endpoint: `POST /oidc/refresh`

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

RATE_LIMIT_REQUESTS

RATE_LIMIT_PERIOD_SECONDS

Constructor Detail

OidcRefreshV1

Method Detail

restRetrieve

restCreate

restUpdate

restDelete

getCounterKey

getRequestLimit

getPeriod

buildSuccessResponse

buildErrorResponse

Class OidcRefreshV1

Endpoint: POST /oidc/refresh

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

RATE_LIMIT_REQUESTS

RATE_LIMIT_PERIOD_SECONDS

Constructor Detail

OidcRefreshV1

Method Detail

restRetrieve

restCreate

restUpdate

restDelete

getCounterKey

getRequestLimit

getPeriod

buildSuccessResponse

buildErrorResponse

Endpoint: `POST /oidc/refresh`