68 lines
3.0 KiB
Java
68 lines
3.0 KiB
Java
package com.cleverthis.authservice.service;
|
|
|
|
import com.cleverthis.authservice.dto.RegistrationRequest;
|
|
import com.cleverthis.authservice.dto.TokenResponse;
|
|
import com.cleverthis.authservice.dto.VerificationResponse;
|
|
import reactor.core.publisher.Mono; // Using Mono for asynchronous operations with WebClient
|
|
|
|
/**
|
|
* Interface defining operations for interacting with an identity provider. This abstraction allows
|
|
* swapping the underlying implementation (e.g., Keycloak, Okta) without changing the controller
|
|
* logic.
|
|
*/
|
|
public interface IdentityManagerService {
|
|
|
|
/**
|
|
* Authenticates a user using username and password (Resource Owner Password Credentials Grant).
|
|
*
|
|
* @param username The user's username.
|
|
* @param password The user's password.
|
|
* @return A Mono emitting the TokenResponse upon successful authentication. Emits an error
|
|
* (e.g., AuthenticationException) if authentication fails.
|
|
*/
|
|
Mono<TokenResponse> login(String username, String password);
|
|
|
|
/**
|
|
* Verifies the validity of an access token and retrieves associated user information.
|
|
*
|
|
* @param accessToken The access token (without "Bearer " prefix).
|
|
* @return A Mono emitting the VerificationResponse containing token details and user info.
|
|
* Emits an error if the token is invalid, expired, or introspection fails.
|
|
*/
|
|
Mono<VerificationResponse> verifyToken(String accessToken);
|
|
|
|
/**
|
|
* Logs out a user session by revoking the refresh token.
|
|
*
|
|
* @param refreshToken The refresh token associated with the user session.
|
|
* @return A Mono completing successfully upon successful logout/revocation. Emits an error if
|
|
* revocation fails.
|
|
*/
|
|
Mono<Void> logout(String refreshToken);
|
|
|
|
/**
|
|
* Checks if a user has a specific client role for a target service (Keycloak client).
|
|
*
|
|
* @param userSub The subject (ID) of the user.
|
|
* @param targetServiceClientId The public client ID of the target service/application
|
|
* in Keycloak.
|
|
* @param requiredRoleName The name of the client role to check for.
|
|
* @return A Mono emitting true if the user has the role, false otherwise. Emits an error if the
|
|
* check cannot be performed (e.g., Keycloak unavailable).
|
|
*/
|
|
Mono<Boolean> checkUserClientRolePermission(String userSub, String targetServiceClientId,
|
|
String requiredRoleName);
|
|
|
|
/**
|
|
* Registers a new user in the identity provider.
|
|
* The user is typically created with emailVerified set to false.
|
|
* The implementation is responsible for initiating the email verification process
|
|
* (e.g., generating a token, triggering an email).
|
|
*
|
|
* @param registrationRequest DTO containing user registration details.
|
|
* @return A Mono completing successfully if registration initiation is successful.
|
|
* Emits an error (e.g., UserAlreadyExistsException) if registration fails.
|
|
*/
|
|
Mono<Void> registerUser(RegistrationRequest registrationRequest);
|
|
}
|