Package com.ocient.jdbc
Enum Class XGConnection.HandshakeType
- All Implemented Interfaces:
Serializable,Comparable<XGConnection.HandshakeType>,Constable
- Enclosing class:
- XGConnection
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>> -
Enum Constant Summary
Enum ConstantsEnum ConstantDescriptionThe Native SSO Token is stored on the local filesystem.This handshake was reluctantly added to provide a scriptable solution for testing Okta SSO.SeeOpenIDAuthenticators.OAuthFlowfor sequence diagrams for each flow in this handshake. -
Method Summary
Modifier and TypeMethodDescriptionbooleanbooleansso()static XGConnection.HandshakeTypeReturns the enum constant of this class with the specified name.static XGConnection.HandshakeType[]values()Returns an array containing the constants of this enum class, in the order they are declared.
-
Enum Constant Details
-
CBC
-
GCM
-
SSO
SeeOpenIDAuthenticators.OAuthFlowfor sequence diagrams for each flow in this handshake.Note: The tokens are sent to the server using a GCM-encrypted cipher. Seems redundant considering TLS is REQUIRED for SSO. I *think* this was done to facilitate code reuse but can be cleaned up in Connectors V2.
Note: the handshake requires a sharedSecurityToken because the OAuth tokens generated for the initial request are used to spawn parallel connections. Without session multiplexing, care must be taken to ensure refresh tokens are spent exactly once when refresh token rotation is enabled.
-
OKTA_NATIVE_SSO
The Native SSO Token is stored on the local filesystem. The path MUST be in the user's home directory. If no token exists at the token file path, we generate one, then encrypt and persist it, allowing the token to be loaded into memory across restarts The Native SSO Token is used to generate id, access and refresh OAuth 2.0 tokens the Ocient database is configured to accept a authorization tokens.Note: the handshake does not require a sharedSecurityToken because the native token is used to generate NEW OAuth 2.0 tokens for any parallel connections spawned by the JDBC client.
See https://developer.okta.com/docs/guides/configure-native-sso/main/
. +---------+ +---------+ +-----------------------+ | Client | | Server | | Authorization_Server | +---------+ +---------+ +-----------------------+ ------------------------------------------------\ | | | | Read Okta configuration from local filesystem |‑| | | |-----------------------------------------------| | | | ------------------------------------\ | | | | Opens web browser on host machine |‑| | | |-----------------------------------| | | | | | | | Direct User to Authorization Server login | |-------------------------------------------------------------------------->| | | | ---------------------------------------------------\ | | |‑| User logs in and completes authorization request | | | | |--------------------------------------------------| | | | | | (device_secret) | |<--------------------------------------------------------------------------| -----------------------------------------\ | | | | Persist device_secret using JWE format |‑| | | |----------------------------------------| | | | | | | | Exchange device_secret for tokens (repeatable) | |-------------------------------------------------------------------------->| | | | | | (id, access, refresh tokens) | |<--------------------------------------------------------------------------| | | | | GCM (id, access, refresh tokens) | | |---------------------------------->| | | | --------------------------\ | | |‑| Server validates tokens | | | | |-------------------------| | | | | -
OKTA_SESSION_TOKEN
This handshake was reluctantly added to provide a scriptable solution for testing Okta SSO. Session Tokens are one-time-use tokens issued by Okta's Authentication API that can be exchanged for OAuth 2.0 tokens using the Authorization Code Flow. Importantly, the Session Token is a bearer token.Every authentication transaction starts with primary authentication which validates a user's primary password credential. Password Policy, MFA Policy, and Sign-On Policy are evaluated during primary authentication to determine if the user's password is expired, a Factor should be enrolled, or additional verification is required. The transaction state of the response depends on the user's status, group memberships and assigned policies.
See https://developer.okta.com/docs/reference/api/authn/#primary-authentication See https://developer.okta.com/docs/reference/api/oidc/#authorize
. +---------+ +---------+ +-----------------------+ | Client | | Server | | Authorization_Server | +---------+ +---------+ +-----------------------+ | | | | Fetch Authenticators for db | | |---------------------------------->| | | | | | (Authenticators) | | |<----------------------------------| | ----------------------------------------\ | | | | Ask User for Okta Username & Password |‑| | | |---------------------------------------| | | | | | | | Request sessionToken using Okta's /v1/authn endpoint | |--------------------------------------------------------------------------->| | | | | | (sessionToken) | |<---------------------------------------------------------------------------| | | | | Initiate Authorization Code w/ PKCE flow(include sessionToken) | |--------------------------------------------------------------------------->| | | | ---------------------------------------------------\ | | |‑| sessionToken is exchanged for authorization_code | | | | |--------------------------------------------------| | | | | | (authorization_code) | |<---------------------------------------------------------------------------| | | | | Exchange authorization_code for tokens | |--------------------------------------------------------------------------->| | | | | | (id, access, refresh tokens) | |<---------------------------------------------------------------------------| | | | | (id, access, refresh tokens) | | |---------------------------------->| | | | --------------------------\ | | |‑| Server validates tokens | | | | |-------------------------| | | | |
-
-
Method Details
-
values
Returns an array containing the constants of this enum class, in the order they are declared.- Returns:
- an array containing the constants of this enum class, in the order they are declared
-
valueOf
Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)- Parameters:
name- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException- if this enum class has no constant with the specified nameNullPointerException- if the argument is null
-
sso
public boolean sso()
-