package org.apereo.cas.oidc.config;

import com.github.benmanes.caffeine.cache.CacheLoader;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import java.time.Duration;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.MultifactorAuthenticationContextValidator;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.oidc.OidcProperties;
import org.apereo.cas.configuration.model.support.oidc.OidcWebFingerProperties;
import org.apereo.cas.jpa.JpaPersistenceProviderConfigurer;
import org.apereo.cas.logout.LogoutExecutionPlanConfigurer;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilderConfigurer;
import org.apereo.cas.logout.slo.SingleLogoutServiceMessageHandler;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.authn.OidcAccessTokenAuthenticator;
import org.apereo.cas.oidc.authn.OidcClientConfigurationAccessTokenAuthenticator;
import org.apereo.cas.oidc.authn.OidcClientSecretJwtAuthenticator;
import org.apereo.cas.oidc.authn.OidcPrivateKeyJwtAuthenticator;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.mapping.OidcAttributeToScopeClaimMapper;
import org.apereo.cas.oidc.claims.mapping.OidcDefaultAttributeToScopeClaimMapper;
import org.apereo.cas.oidc.discovery.OidcServerDiscoverySettings;
import org.apereo.cas.oidc.discovery.OidcServerDiscoverySettingsFactory;
import org.apereo.cas.oidc.discovery.webfinger.OidcWebFingerDiscoveryService;
import org.apereo.cas.oidc.discovery.webfinger.OidcWebFingerUserInfoRepository;
import org.apereo.cas.oidc.discovery.webfinger.userinfo.OidcEchoingWebFingerUserInfoRepository;
import org.apereo.cas.oidc.discovery.webfinger.userinfo.OidcGroovyWebFingerUserInfoRepository;
import org.apereo.cas.oidc.discovery.webfinger.userinfo.OidcRestfulWebFingerUserInfoRepository;
import org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest;
import org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequestSerializer;
import org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.OidcServiceJsonWebKeystoreCacheExpirationPolicy;
import org.apereo.cas.oidc.jwks.OidcServiceJsonWebKeystoreCacheLoader;
import org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.jwks.generator.OidcRestfulJsonWebKeystoreGeneratorService;
import org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter;
import org.apereo.cas.oidc.profile.OidcUserProfileDataCreator;
import org.apereo.cas.oidc.profile.OidcUserProfileSigningAndEncryptionService;
import org.apereo.cas.oidc.profile.OidcUserProfileViewRenderer;
import org.apereo.cas.oidc.services.OidcServiceRegistryListener;
import org.apereo.cas.oidc.services.OidcServicesManagerRegisteredServiceLocator;
import org.apereo.cas.oidc.slo.OidcSingleLogoutMessageCreator;
import org.apereo.cas.oidc.slo.OidcSingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.oidc.slo.OidcSingleLogoutServiceMessageHandler;
import org.apereo.cas.oidc.token.OidcIdTokenGeneratorService;
import org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService;
import org.apereo.cas.oidc.token.OidcRegisteredServiceJwtAccessTokenCipherExecutor;
import org.apereo.cas.oidc.util.OidcAuthorizationRequestSupport;
import org.apereo.cas.oidc.web.OidcAccessTokenResponseGenerator;
import org.apereo.cas.oidc.web.OidcCallbackAuthorizeViewResolver;
import org.apereo.cas.oidc.web.OidcCasClientRedirectActionBuilder;
import org.apereo.cas.oidc.web.OidcConsentApprovalViewResolver;
import org.apereo.cas.oidc.web.OidcHandlerInterceptorAdapter;
import org.apereo.cas.oidc.web.OidcImplicitIdTokenAndTokenAuthorizationResponseBuilder;
import org.apereo.cas.oidc.web.OidcImplicitIdTokenAuthorizationResponseBuilder;
import org.apereo.cas.oidc.web.controllers.authorize.OidcAuthorizeEndpointController;
import org.apereo.cas.oidc.web.controllers.discovery.OidcWellKnownEndpointController;
import org.apereo.cas.oidc.web.controllers.dynareg.OidcClientConfigurationEndpointController;
import org.apereo.cas.oidc.web.controllers.dynareg.OidcDynamicClientRegistrationEndpointController;
import org.apereo.cas.oidc.web.controllers.introspection.OidcIntrospectionEndpointController;
import org.apereo.cas.oidc.web.controllers.jwks.OidcJwksEndpointController;
import org.apereo.cas.oidc.web.controllers.logout.OidcLogoutEndpointController;
import org.apereo.cas.oidc.web.controllers.profile.OidcUserProfileEndpointController;
import org.apereo.cas.oidc.web.controllers.token.OidcAccessTokenEndpointController;
import org.apereo.cas.oidc.web.controllers.token.OidcRevocationEndpointController;
import org.apereo.cas.oidc.web.flow.OidcMultifactorAuthenticationTrigger;
import org.apereo.cas.oidc.web.flow.OidcRegisteredServiceUIAction;
import org.apereo.cas.oidc.web.flow.OidcWebflowConfigurer;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.ServiceRegistryListener;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder;
import org.apereo.cas.support.oauth.authenticator.OAuthAuthenticationClientProvider;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.profile.OAuth20UserProfileDataCreator;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationRequestValidator;
import org.apereo.cas.support.oauth.validator.token.OAuth20TokenRequestValidator;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.support.oauth.web.response.OAuth20CasClientRedirectActionBuilder;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20DefaultTokenGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenGrantRequestExtractor;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationCodeAuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ClientCredentialsResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ResourceOwnerCredentialsResponseBuilder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20TokenAuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.views.ConsentApprovalViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20CallbackAuthorizeViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20UserProfileViewRenderer;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.IdTokenGeneratorService;
import org.apereo.cas.ticket.OAuth20TokenSigningAndEncryptionService;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory;
import org.apereo.cas.ticket.accesstoken.OAuth20DefaultAccessTokenFactory;
import org.apereo.cas.ticket.accesstoken.OAuth20JwtBuilder;
import org.apereo.cas.ticket.code.OAuth20CodeFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCodeFactory;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.gen.DefaultRandomStringGenerator;
import org.apereo.cas.util.http.HttpClient;
import org.apereo.cas.util.serialization.StringSerializer;
import org.apereo.cas.validation.CasProtocolViewFactory;
import org.apereo.cas.web.ProtocolEndpointConfigurer;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowExecutionPlanConfigurer;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.impl.CasWebflowEventResolutionConfigurationContext;
import org.apereo.cas.web.flow.resolver.impl.mfa.DefaultMultifactorAuthenticationProviderWebflowEventResolver;
import org.jose4j.jwk.PublicJsonWebKey;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.credentials.extractor.BearerAuthExtractor;
import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.http.client.direct.DirectFormClient;
import org.pac4j.http.client.direct.HeaderClient;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration("oidcConfiguration")
/* loaded from: input_file:org/apereo/cas/oidc/config/OidcConfiguration.class */
public class OidcConfiguration implements WebMvcConfigurer {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcConfiguration.class);

    @Autowired
    @Qualifier("oauthRegisteredServiceCipherExecutor")
    private ObjectProvider<CipherExecutor> oauthRegisteredServiceCipherExecutor;

    @Autowired
    @Qualifier("oauthDistributedSessionStore")
    private ObjectProvider<SessionStore> oauthDistributedSessionStore;

    @Autowired
    @Qualifier("accessTokenGrantAuditableRequestExtractor")
    private ObjectProvider<AuditableExecution> accessTokenGrantAuditableRequestExtractor;

    @Autowired
    @Qualifier("defaultAuthenticationSystemSupport")
    private ObjectProvider<AuthenticationSystemSupport> authenticationSystemSupport;

    @Autowired
    @Qualifier("authenticationContextValidator")
    private ObjectProvider<MultifactorAuthenticationContextValidator> authenticationContextValidator;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    private ObjectProvider<AuditableExecution> registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("oauthAuthorizationRequestValidators")
    private ObjectProvider<Set<OAuth20AuthorizationRequestValidator>> oauthRequestValidators;

    @Autowired
    @Qualifier("grantingTicketExpirationPolicy")
    private ObjectProvider<ExpirationPolicyBuilder> grantingTicketExpirationPolicy;

    @Autowired
    @Qualifier("singleSignOnParticipationStrategy")
    private ObjectProvider<SingleSignOnParticipationStrategy> webflowSingleSignOnParticipationStrategy;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    private ObjectProvider<ServiceFactory<WebApplicationService>> webApplicationServiceFactory;

    @Autowired
    @Qualifier("deviceTokenExpirationPolicy")
    private ObjectProvider<ExpirationPolicyBuilder> deviceTokenExpirationPolicy;

    @Autowired
    @Qualifier("requiresAuthenticationAccessTokenInterceptor")
    private ObjectProvider<SecurityInterceptor> requiresAuthenticationAccessTokenInterceptor;

    @Autowired
    @Qualifier("requiresAuthenticationAuthorizeInterceptor")
    private ObjectProvider<SecurityInterceptor> requiresAuthenticationAuthorizeInterceptor;

    @Autowired
    @Qualifier("oauthCasAuthenticationBuilder")
    private ObjectProvider<OAuth20CasAuthenticationBuilder> authenticationBuilder;

    @Autowired
    @Qualifier("authenticationEventExecutionPlan")
    private ObjectProvider<AuthenticationEventExecutionPlan> authenticationEventExecutionPlan;

    @Autowired
    @Qualifier("warnCookieGenerator")
    private ObjectProvider<CasCookieBuilder> warnCookieGenerator;

    @Autowired
    @Qualifier("loginFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> loginFlowDefinitionRegistry;

    @Autowired
    @Qualifier("logoutFlowRegistry")
    private ObjectProvider<FlowDefinitionRegistry> logoutFlowDefinitionRegistry;

    @Autowired
    private ObjectProvider<FlowBuilderServices> flowBuilderServices;

    @Autowired
    @Qualifier("initialAuthenticationAttemptWebflowEventResolver")
    private ObjectProvider<CasDelegatingWebflowEventResolver> initialAuthenticationAttemptWebflowEventResolver;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private ObjectProvider<CentralAuthenticationService> centralAuthenticationService;

    @Autowired
    @Qualifier("oauth20AuthenticationRequestServiceSelectionStrategy")
    private ObjectProvider<AuthenticationServiceSelectionStrategy> oauth20AuthenticationServiceSelectionStrategy;

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("casProtocolViewFactory")
    private ObjectProvider<CasProtocolViewFactory> casProtocolViewFactory;

    @Autowired
    @Qualifier("singleLogoutServiceLogoutUrlBuilder")
    private ObjectProvider<SingleLogoutServiceLogoutUrlBuilder> singleLogoutServiceLogoutUrlBuilder;

    @Autowired
    @Qualifier("oauthSecConfig")
    private ObjectProvider<Config> oauthSecConfig;

    @Autowired
    @Qualifier("accessTokenExpirationPolicy")
    private ObjectProvider<ExpirationPolicyBuilder> accessTokenExpirationPolicy;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private ObjectProvider<CasCookieBuilder> ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("defaultTicketRegistrySupport")
    private ObjectProvider<TicketRegistrySupport> ticketRegistrySupport;

    @Autowired
    @Qualifier("defaultDeviceTokenFactory")
    private ObjectProvider<OAuth20DeviceTokenFactory> defaultDeviceTokenFactory;

    @Autowired
    @Qualifier("defaultDeviceUserCodeFactory")
    private ObjectProvider<OAuth20DeviceUserCodeFactory> defaultDeviceUserCodeFactory;

    @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManager;

    @Autowired
    @Qualifier("ticketRegistry")
    private ObjectProvider<TicketRegistry> ticketRegistry;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    private ObjectProvider<OAuth20CodeFactory> defaultOAuthCodeFactory;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationRequestServiceSelectionStrategies;

    @Autowired
    @Qualifier("accessTokenGrantRequestExtractors")
    private ObjectProvider<Collection<AccessTokenGrantRequestExtractor>> accessTokenGrantRequestExtractors;

    @Autowired
    @Qualifier("oauthTokenRequestValidators")
    private ObjectProvider<Collection<OAuth20TokenRequestValidator>> oauthTokenRequestValidators;

    @Autowired
    @Qualifier("multifactorAuthenticationProviderResolver")
    private ObjectProvider<MultifactorAuthenticationProviderResolver> multifactorAuthenticationProviderResolver;

    @Autowired
    @Qualifier("noRedirectHttpClient")
    private ObjectProvider<HttpClient> httpClient;

    @Autowired
    @Qualifier("authenticationServiceSelectionPlan")
    private ObjectProvider<AuthenticationServiceSelectionPlan> authenticationServiceSelectionPlan;

    @Autowired
    @Qualifier("oauthAccessTokenJwtCipherExecutor")
    private ObjectProvider<CipherExecutor> oauthAccessTokenJwtCipherExecutor;

    @Autowired
    @Qualifier("accessTokenIdGenerator")
    private ObjectProvider<UniqueTicketIdGenerator> accessTokenIdGenerator;

    @Autowired
    @Qualifier("defaultRefreshTokenFactory")
    private ObjectProvider<OAuth20RefreshTokenFactory> defaultRefreshTokenFactory;

    @Autowired
    @Qualifier("oauthDistributedSessionCookieGenerator")
    private ObjectProvider<CasCookieBuilder> oauthDistributedSessionCookieGenerator;

    @ConditionalOnClass({JpaPersistenceProviderConfigurer.class})
    @Configuration("oidcJpaServiceRegistryConfiguration")
    /* loaded from: input_file:org/apereo/cas/oidc/config/OidcConfiguration$OidcJpaServiceRegistryConfiguration.class */
    public static class OidcJpaServiceRegistryConfiguration {
        @ConditionalOnMissingBean(name = {"oidcJpaServicePersistenceProviderConfigurer"})
        @Bean
        public JpaPersistenceProviderConfigurer oidcJpaServicePersistenceProviderConfigurer() {
            return jpaPersistenceProviderContext -> {
                jpaPersistenceProviderContext.getIncludeEntityClasses().addAll(List.of(OidcRegisteredService.class.getName(), OAuthRegisteredService.class.getName()));
            };
        }
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(oauthInterceptor()).addPathPatterns(new String[]{"/" + "oidc".concat("/").concat("*")});
    }

    @Bean
    public ProtocolEndpointConfigurer oidcProtocolEndpointConfigurer() {
        return () -> {
            return List.of(StringUtils.prependIfMissing("oidc", "/", new CharSequence[0]));
        };
    }

    @Bean
    public ConsentApprovalViewResolver consentApprovalViewResolver() {
        return new OidcConsentApprovalViewResolver(this.casProperties);
    }

    @Bean
    public OAuth20CallbackAuthorizeViewResolver callbackAuthorizeViewResolver() {
        return new OidcCallbackAuthorizeViewResolver();
    }

    @Bean
    public OAuth20CasClientRedirectActionBuilder oauthCasClientRedirectActionBuilder() {
        return new OidcCasClientRedirectActionBuilder(oidcAuthorizationRequestSupport());
    }

    @Bean
    public HandlerInterceptorAdapter requiresAuthenticationDynamicRegistrationInterceptor() {
        SecurityInterceptor securityInterceptor = new SecurityInterceptor((Config) this.oauthSecConfig.getObject(), String.join(",", "clientBasicAuth", "clientAccessTokenAuth", "clientForm", "userForm"), JEEHttpActionAdapter.INSTANCE);
        securityInterceptor.setAuthorizers("isFullyAuthenticated");
        return securityInterceptor;
    }

    @Bean
    public HandlerInterceptorAdapter requiresAuthenticationClientConfigurationInterceptor() {
        SecurityInterceptor securityInterceptor = new SecurityInterceptor((Config) this.oauthSecConfig.getObject(), String.join(",", "ClientRegistrationClient"), JEEHttpActionAdapter.INSTANCE);
        securityInterceptor.setAuthorizers("isFullyAuthenticated");
        return securityInterceptor;
    }

    @ConditionalOnMissingBean(name = {"oidcCasClientRedirectActionBuilder"})
    @RefreshScope
    @Bean
    public OAuth20CasClientRedirectActionBuilder oidcCasClientRedirectActionBuilder() {
        return new OidcCasClientRedirectActionBuilder(oidcAuthorizationRequestSupport());
    }

    @ConditionalOnMissingBean(name = {"oidcIdTokenGenerator"})
    @RefreshScope
    @Bean
    public IdTokenGeneratorService oidcIdTokenGenerator() {
        OAuth20ConfigurationContext buildConfigurationContext = buildConfigurationContext();
        buildConfigurationContext.setIdTokenSigningAndEncryptionService(oidcTokenSigningAndEncryptionService());
        return new OidcIdTokenGeneratorService(buildConfigurationContext);
    }

    @ConditionalOnMissingBean(name = {"oidcAccessTokenResponseGenerator"})
    @RefreshScope
    @Bean
    public OAuth20AccessTokenResponseGenerator oidcAccessTokenResponseGenerator() {
        return new OidcAccessTokenResponseGenerator(oidcIdTokenGenerator(), oidcAccessTokenJwtBuilder(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcAuthorizationRequestSupport"})
    @Bean
    public OidcAuthorizationRequestSupport oidcAuthorizationRequestSupport() {
        return new OidcAuthorizationRequestSupport((CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject(), (TicketRegistrySupport) this.ticketRegistrySupport.getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcPrincipalFactory"})
    @RefreshScope
    @Bean
    public PrincipalFactory oidcPrincipalFactory() {
        return PrincipalFactoryUtils.newPrincipalFactory();
    }

    @ConditionalOnMissingBean(name = {"oidcAttributeToScopeClaimMapper"})
    @RefreshScope
    @Bean
    public OidcAttributeToScopeClaimMapper oidcAttributeToScopeClaimMapper() {
        return new OidcDefaultAttributeToScopeClaimMapper(this.casProperties.getAuthn().getOidc().getClaimsMap());
    }

    @RefreshScope
    @Bean
    public OAuth20ProfileScopeToAttributesFilter profileScopeToAttributesFilter() {
        return new OidcProfileScopeToAttributesFilter(oidcPrincipalFactory(), this.casProperties, userDefinedScopeBasedAttributeReleasePolicies());
    }

    @ConditionalOnMissingBean(name = {"oidcServiceRegistryListener"})
    @Bean
    public ServiceRegistryListener oidcServiceRegistryListener() {
        return new OidcServiceRegistryListener(userDefinedScopeBasedAttributeReleasePolicies());
    }

    @ConditionalOnMissingBean(name = {"oidcServicesManagerRegisteredServiceLocator"})
    @Bean
    public ServicesManagerRegisteredServiceLocator oidcServicesManagerRegisteredServiceLocator() {
        return new OidcServicesManagerRegisteredServiceLocator();
    }

    @RefreshScope
    @Bean
    public OidcIntrospectionEndpointController oidcIntrospectionEndpointController() {
        return new OidcIntrospectionEndpointController(buildConfigurationContext());
    }

    @RefreshScope
    @Bean
    public OidcLogoutEndpointController oidcLogoutEndpointController() {
        return new OidcLogoutEndpointController(buildConfigurationContext());
    }

    @RefreshScope
    @Bean
    public OidcRevocationEndpointController oidcRevocationEndpointController() {
        return new OidcRevocationEndpointController(buildConfigurationContext());
    }

    @RefreshScope
    @Bean
    public OidcAccessTokenEndpointController oidcAccessTokenController() {
        return new OidcAccessTokenEndpointController(buildConfigurationContext(), (AuditableExecution) this.accessTokenGrantAuditableRequestExtractor.getObject());
    }

    @ConditionalOnMissingBean(name = {"clientRegistrationRequestSerializer"})
    @RefreshScope
    @Bean
    public StringSerializer<OidcClientRegistrationRequest> clientRegistrationRequestSerializer() {
        return new OidcClientRegistrationRequestSerializer();
    }

    @RefreshScope
    @Bean
    public OidcDynamicClientRegistrationEndpointController oidcDynamicClientRegistrationEndpointController() {
        return new OidcDynamicClientRegistrationEndpointController(buildConfigurationContext());
    }

    @RefreshScope
    @Bean
    public OidcClientConfigurationEndpointController oidcClientConfigurationEndpointController() {
        return new OidcClientConfigurationEndpointController(buildConfigurationContext());
    }

    @RefreshScope
    @Bean
    public OidcJwksEndpointController oidcJwksController() {
        return new OidcJwksEndpointController(buildConfigurationContext(), oidcJsonWebKeystoreGeneratorService());
    }

    @RefreshScope
    @Autowired
    @Bean
    public OidcWellKnownEndpointController oidcWellKnownController(@Qualifier("oidcWebFingerDiscoveryService") OidcWebFingerDiscoveryService oidcWebFingerDiscoveryService) {
        return new OidcWellKnownEndpointController(buildConfigurationContext(), oidcWebFingerDiscoveryService);
    }

    @RefreshScope
    @Bean
    public OidcWebFingerDiscoveryService oidcWebFingerDiscoveryService() {
        return new OidcWebFingerDiscoveryService(oidcWebFingerUserInfoRepository(), (OidcServerDiscoverySettings) oidcServerDiscoverySettingsFactory().getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcWebFingerUserInfoRepository"})
    @Bean
    public OidcWebFingerUserInfoRepository oidcWebFingerUserInfoRepository() {
        OidcWebFingerProperties.UserInfoRepository userInfo = this.casProperties.getAuthn().getOidc().getWebfinger().getUserInfo();
        if (userInfo.getGroovy().getLocation() != null) {
            return new OidcGroovyWebFingerUserInfoRepository(userInfo.getGroovy().getLocation());
        }
        if (StringUtils.isNotBlank(userInfo.getRest().getUrl())) {
            return new OidcRestfulWebFingerUserInfoRepository(userInfo.getRest());
        }
        LOGGER.warn("Using [{}] to locate webfinger resources, which is NOT appropriate for production purposes, as it will always echo back the given username/email address and is only useful for testing/demo purposes. Consider choosing and configuring a different repository implementation for locating and fetching user information for webfinger resources, etc.", OidcEchoingWebFingerUserInfoRepository.class.getSimpleName());
        return new OidcEchoingWebFingerUserInfoRepository();
    }

    @ConditionalOnMissingBean(name = {"oidcProfileController"})
    @RefreshScope
    @Bean
    public OidcUserProfileEndpointController oidcProfileController() {
        return new OidcUserProfileEndpointController(buildConfigurationContext());
    }

    @ConditionalOnMissingBean(name = {"oidcUserProfileDataCreator"})
    @RefreshScope
    @Bean
    public OAuth20UserProfileDataCreator oidcUserProfileDataCreator() {
        return new OidcUserProfileDataCreator((ServicesManager) this.servicesManager.getObject(), profileScopeToAttributesFilter());
    }

    @RefreshScope
    @Bean
    public OidcAuthorizeEndpointController oidcAuthorizeController() {
        return new OidcAuthorizeEndpointController(buildConfigurationContext());
    }

    @ConditionalOnMissingBean(name = {"oidcMultifactorAuthenticationTrigger"})
    @RefreshScope
    @Bean
    public MultifactorAuthenticationTrigger oidcMultifactorAuthenticationTrigger() {
        return new OidcMultifactorAuthenticationTrigger(this.casProperties, (MultifactorAuthenticationProviderResolver) this.multifactorAuthenticationProviderResolver.getObject(), this.applicationContext);
    }

    @RefreshScope
    @Bean
    public CasWebflowEventResolver oidcAuthenticationContextWebflowEventResolver() {
        DefaultMultifactorAuthenticationProviderWebflowEventResolver defaultMultifactorAuthenticationProviderWebflowEventResolver = new DefaultMultifactorAuthenticationProviderWebflowEventResolver(CasWebflowEventResolutionConfigurationContext.builder().casDelegatingWebflowEventResolver((CasDelegatingWebflowEventResolver) this.initialAuthenticationAttemptWebflowEventResolver.getObject()).authenticationContextValidator((MultifactorAuthenticationContextValidator) this.authenticationContextValidator.getObject()).authenticationSystemSupport((AuthenticationSystemSupport) this.authenticationSystemSupport.getObject()).centralAuthenticationService((CentralAuthenticationService) this.centralAuthenticationService.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).singleSignOnParticipationStrategy((SingleSignOnParticipationStrategy) this.webflowSingleSignOnParticipationStrategy.getObject()).ticketRegistrySupport((TicketRegistrySupport) this.ticketRegistrySupport.getObject()).warnCookieGenerator((CasCookieBuilder) this.warnCookieGenerator.getObject()).authenticationRequestServiceSelectionStrategies((AuthenticationServiceSelectionPlan) this.authenticationRequestServiceSelectionStrategies.getObject()).registeredServiceAccessStrategyEnforcer((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).casProperties(this.casProperties).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).applicationContext(this.applicationContext).authenticationEventExecutionPlan((AuthenticationEventExecutionPlan) this.authenticationEventExecutionPlan.getObject()).build(), oidcMultifactorAuthenticationTrigger());
        ((CasDelegatingWebflowEventResolver) Objects.requireNonNull((CasDelegatingWebflowEventResolver) this.initialAuthenticationAttemptWebflowEventResolver.getObject())).addDelegate(defaultMultifactorAuthenticationProviderWebflowEventResolver);
        return defaultMultifactorAuthenticationProviderWebflowEventResolver;
    }

    @ConditionalOnMissingBean(name = {"oidcWebflowConfigurer"})
    @DependsOn({"defaultWebflowConfigurer"})
    @Bean
    public CasWebflowConfigurer oidcWebflowConfigurer() {
        OidcWebflowConfigurer oidcWebflowConfigurer = new OidcWebflowConfigurer((FlowBuilderServices) this.flowBuilderServices.getObject(), (FlowDefinitionRegistry) this.loginFlowDefinitionRegistry.getObject(), oidcRegisteredServiceUIAction(), this.applicationContext, this.casProperties);
        oidcWebflowConfigurer.setLogoutFlowDefinitionRegistry((FlowDefinitionRegistry) this.logoutFlowDefinitionRegistry.getObject());
        return oidcWebflowConfigurer;
    }

    @ConditionalOnMissingBean(name = {"oidcRegisteredServiceUIAction"})
    @RefreshScope
    @Bean
    public Action oidcRegisteredServiceUIAction() {
        return new OidcRegisteredServiceUIAction((ServicesManager) this.servicesManager.getObject(), (AuthenticationServiceSelectionStrategy) this.oauth20AuthenticationServiceSelectionStrategy.getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcSingleLogoutServiceLogoutUrlBuilderConfigurer"})
    @RefreshScope
    @Bean
    public SingleLogoutServiceLogoutUrlBuilderConfigurer oidcSingleLogoutServiceLogoutUrlBuilderConfigurer() {
        return () -> {
            return new OidcSingleLogoutServiceLogoutUrlBuilder((ServicesManager) this.servicesManager.getObject());
        };
    }

    @ConditionalOnMissingBean(name = {"oidcTokenSigningAndEncryptionService"})
    @RefreshScope
    @Bean
    public OAuth20TokenSigningAndEncryptionService oidcTokenSigningAndEncryptionService() {
        return new OidcIdTokenSigningAndEncryptionService(oidcDefaultJsonWebKeystoreCache(), oidcServiceJsonWebKeystoreCache(), this.casProperties.getAuthn().getOidc().getIssuer(), (OidcServerDiscoverySettings) oidcServerDiscoverySettingsFactory().getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcUserProfileSigningAndEncryptionService"})
    @RefreshScope
    @Bean
    public OAuth20TokenSigningAndEncryptionService oidcUserProfileSigningAndEncryptionService() {
        return new OidcUserProfileSigningAndEncryptionService(oidcDefaultJsonWebKeystoreCache(), oidcServiceJsonWebKeystoreCache(), this.casProperties.getAuthn().getOidc().getIssuer(), (OidcServerDiscoverySettings) oidcServerDiscoverySettingsFactory().getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcServiceJsonWebKeystoreCache"})
    @RefreshScope
    @Bean
    public LoadingCache<OAuthRegisteredService, Optional<PublicJsonWebKey>> oidcServiceJsonWebKeystoreCache() {
        return Caffeine.newBuilder().maximumSize(1L).expireAfter(new OidcServiceJsonWebKeystoreCacheExpirationPolicy(this.casProperties)).build(oidcServiceJsonWebKeystoreCacheLoader());
    }

    @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCache"})
    @RefreshScope
    @Bean
    public LoadingCache<String, Optional<PublicJsonWebKey>> oidcDefaultJsonWebKeystoreCache() {
        return Caffeine.newBuilder().maximumSize(1L).expireAfterWrite(Duration.ofMinutes(this.casProperties.getAuthn().getOidc().getJwks().getJwksCacheInMinutes())).build(oidcDefaultJsonWebKeystoreCacheLoader());
    }

    @ConditionalOnMissingBean(name = {"oidcDefaultJsonWebKeystoreCacheLoader"})
    @RefreshScope
    @Bean
    public CacheLoader<String, Optional<PublicJsonWebKey>> oidcDefaultJsonWebKeystoreCacheLoader() {
        return new OidcDefaultJsonWebKeystoreCacheLoader(oidcJsonWebKeystoreGeneratorService());
    }

    @ConditionalOnMissingBean(name = {"oidcServiceJsonWebKeystoreCacheLoader"})
    @Bean
    public CacheLoader<OAuthRegisteredService, Optional<PublicJsonWebKey>> oidcServiceJsonWebKeystoreCacheLoader() {
        return new OidcServiceJsonWebKeystoreCacheLoader(this.applicationContext);
    }

    @ConditionalOnMissingBean(name = {"oidcServerDiscoverySettingsFactory"})
    @Bean
    public FactoryBean<OidcServerDiscoverySettings> oidcServerDiscoverySettingsFactory() {
        return new OidcServerDiscoverySettingsFactory(this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcJsonWebKeystoreGeneratorService"})
    @RefreshScope
    @Bean(initMethod = "generate")
    public OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService() {
        OidcProperties oidc = this.casProperties.getAuthn().getOidc();
        return StringUtils.isNotBlank(oidc.getJwks().getRest().getUrl()) ? new OidcRestfulJsonWebKeystoreGeneratorService(oidc) : new OidcDefaultJsonWebKeystoreGeneratorService(oidc);
    }

    @Bean
    public HandlerInterceptorAdapter oauthInterceptor() {
        return new OidcHandlerInterceptorAdapter((HandlerInterceptorAdapter) this.requiresAuthenticationAccessTokenInterceptor.getObject(), (HandlerInterceptorAdapter) this.requiresAuthenticationAuthorizeInterceptor.getObject(), requiresAuthenticationDynamicRegistrationInterceptor(), requiresAuthenticationClientConfigurationInterceptor(), OidcConstants.DynamicClientRegistrationMode.valueOf((String) StringUtils.defaultIfBlank(this.casProperties.getAuthn().getOidc().getDynamicClientRegistrationMode(), OidcConstants.DynamicClientRegistrationMode.PROTECTED.name())), (Collection) this.accessTokenGrantRequestExtractors.getObject(), (ServicesManager) this.servicesManager.getObject(), (SessionStore) this.oauthDistributedSessionStore.getObject(), (Set) this.oauthRequestValidators.getObject());
    }

    @RefreshScope
    @Bean
    public Collection<OidcCustomScopeAttributeReleasePolicy> userDefinedScopeBasedAttributeReleasePolicies() {
        return (Collection) this.casProperties.getAuthn().getOidc().getUserDefinedScopes().entrySet().stream().map(entry -> {
            return new OidcCustomScopeAttributeReleasePolicy((String) entry.getKey(), CollectionUtils.wrapList(((String) entry.getValue()).split(",")));
        }).collect(Collectors.toSet());
    }

    @ConditionalOnMissingBean(name = {"oidcImplicitIdTokenCallbackUrlBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcImplicitIdTokenCallbackUrlBuilder() {
        return new OidcImplicitIdTokenAuthorizationResponseBuilder(oidcIdTokenGenerator(), oidcTokenGenerator(), (ExpirationPolicyBuilder) this.grantingTicketExpirationPolicy.getObject(), (ServicesManager) this.servicesManager.getObject(), oidcAccessTokenJwtBuilder(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcImplicitIdTokenAndTokenCallbackUrlBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcImplicitIdTokenAndTokenCallbackUrlBuilder() {
        return new OidcImplicitIdTokenAndTokenAuthorizationResponseBuilder(oidcIdTokenGenerator(), oidcTokenGenerator(), (ExpirationPolicyBuilder) this.grantingTicketExpirationPolicy.getObject(), (ServicesManager) this.servicesManager.getObject(), oidcAccessTokenJwtBuilder(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcResourceOwnerCredentialsResponseBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcResourceOwnerCredentialsResponseBuilder() {
        return new OAuth20ResourceOwnerCredentialsResponseBuilder(oidcAccessTokenResponseGenerator(), oidcTokenGenerator(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcClientCredentialsResponseBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcClientCredentialsResponseBuilder() {
        return new OAuth20ClientCredentialsResponseBuilder(oidcAccessTokenResponseGenerator(), oidcTokenGenerator(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcTokenResponseBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcTokenResponseBuilder() {
        return new OAuth20TokenAuthorizationResponseBuilder(oidcTokenGenerator(), (ServicesManager) this.servicesManager.getObject(), oidcAccessTokenJwtBuilder(), this.casProperties);
    }

    @ConditionalOnMissingBean(name = {"oidcAuthorizationCodeResponseBuilder"})
    @RefreshScope
    @Bean
    public OAuth20AuthorizationResponseBuilder oidcAuthorizationCodeResponseBuilder() {
        return new OAuth20AuthorizationCodeAuthorizationResponseBuilder((TicketRegistry) this.ticketRegistry.getObject(), (OAuth20CodeFactory) this.defaultOAuthCodeFactory.getObject(), (ServicesManager) this.servicesManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcAuthorizationResponseBuilders"})
    @RefreshScope
    @Bean
    public Set<OAuth20AuthorizationResponseBuilder> oidcAuthorizationResponseBuilders() {
        return (Set) this.applicationContext.getBeansOfType(OAuth20AuthorizationResponseBuilder.class, false, true).entrySet().stream().filter(entry -> {
            return !((String) entry.getKey()).startsWith("oauth");
        }).map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toSet());
    }

    @Bean
    public RegisteredServiceCipherExecutor oauthRegisteredServiceJwtAccessTokenCipherExecutor() {
        return new OidcRegisteredServiceJwtAccessTokenCipherExecutor(oidcDefaultJsonWebKeystoreCache(), oidcServiceJsonWebKeystoreCache(), this.casProperties.getAuthn().getOidc().getIssuer());
    }

    @Bean
    public OAuthAuthenticationClientProvider oidcClientConfigurationAuthenticationClientProvider() {
        return () -> {
            HeaderClient headerClient = new HeaderClient();
            headerClient.setCredentialsExtractor(new BearerAuthExtractor());
            headerClient.setAuthenticator(new OidcClientConfigurationAccessTokenAuthenticator((TicketRegistry) this.ticketRegistry.getObject(), oidcAccessTokenJwtBuilder()));
            headerClient.setName("ClientRegistrationClient");
            headerClient.init();
            return headerClient;
        };
    }

    @Bean
    public OAuthAuthenticationClientProvider oidcPrivateKeyJwtClientProvider() {
        return () -> {
            DirectFormClient directFormClient = new DirectFormClient(new OidcPrivateKeyJwtAuthenticator((ServicesManager) this.servicesManager.getObject(), (AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject(), (TicketRegistry) this.ticketRegistry.getObject(), (ServiceFactory) this.webApplicationServiceFactory.getObject(), this.casProperties, this.applicationContext));
            directFormClient.setName("ClientPrivateKeyJwtClient");
            directFormClient.setUsernameParameter("client_assertion_type");
            directFormClient.setPasswordParameter("client_assertion");
            directFormClient.init();
            return directFormClient;
        };
    }

    @Bean
    public OAuthAuthenticationClientProvider oidcClientSecretJwtClientProvider() {
        return () -> {
            DirectFormClient directFormClient = new DirectFormClient(new OidcClientSecretJwtAuthenticator((ServicesManager) this.servicesManager.getObject(), (AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject(), (TicketRegistry) this.ticketRegistry.getObject(), (ServiceFactory) this.webApplicationServiceFactory.getObject(), this.casProperties, this.applicationContext));
            directFormClient.setName("ClientSecretJwtClient");
            directFormClient.setUsernameParameter("client_assertion_type");
            directFormClient.setPasswordParameter("client_assertion");
            directFormClient.init();
            return directFormClient;
        };
    }

    @Bean
    public Authenticator<TokenCredentials> oAuthAccessTokenAuthenticator() {
        return new OidcAccessTokenAuthenticator((TicketRegistry) this.ticketRegistry.getObject(), oidcTokenSigningAndEncryptionService(), (ServicesManager) this.servicesManager.getObject(), oidcAccessTokenJwtBuilder());
    }

    @ConditionalOnMissingBean(name = {"oidcCasWebflowExecutionPlanConfigurer"})
    @Bean
    public CasWebflowExecutionPlanConfigurer oidcCasWebflowExecutionPlanConfigurer() {
        return casWebflowExecutionPlan -> {
            casWebflowExecutionPlan.registerWebflowConfigurer(oidcWebflowConfigurer());
        };
    }

    @ConditionalOnMissingBean(name = {"oidcUserProfileViewRenderer"})
    @RefreshScope
    @Bean
    public OAuth20UserProfileViewRenderer oidcUserProfileViewRenderer() {
        return new OidcUserProfileViewRenderer(this.casProperties.getAuthn().getOauth(), (ServicesManager) this.servicesManager.getObject(), oidcUserProfileSigningAndEncryptionService());
    }

    @Bean
    public View oidcConfirmView() {
        return ((CasProtocolViewFactory) this.casProtocolViewFactory.getObject()).create(this.applicationContext, "protocol/oidc/confirm");
    }

    @ConditionalOnMissingBean(name = {"oidcSingleLogoutMessageCreator"})
    @RefreshScope
    @Bean
    public SingleLogoutMessageCreator oidcSingleLogoutMessageCreator() {
        return new OidcSingleLogoutMessageCreator(buildConfigurationContext());
    }

    @ConditionalOnMissingBean(name = {"oidcSingleLogoutServiceMessageHandler"})
    @RefreshScope
    @Bean
    public SingleLogoutServiceMessageHandler oidcSingleLogoutServiceMessageHandler() {
        return new OidcSingleLogoutServiceMessageHandler((HttpClient) this.httpClient.getObject(), oidcSingleLogoutMessageCreator(), (ServicesManager) this.servicesManager.getObject(), (SingleLogoutServiceLogoutUrlBuilder) this.singleLogoutServiceLogoutUrlBuilder.getObject(), this.casProperties.getSlo().isAsynchronous(), (AuthenticationServiceSelectionPlan) this.authenticationServiceSelectionPlan.getObject(), this.casProperties.getAuthn().getOidc().getIssuer());
    }

    @ConditionalOnMissingBean(name = {"oidcLogoutExecutionPlanConfigurer"})
    @Bean
    public LogoutExecutionPlanConfigurer oidcLogoutExecutionPlanConfigurer() {
        return logoutExecutionPlan -> {
            logoutExecutionPlan.registerSingleLogoutServiceMessageHandler(oidcSingleLogoutServiceMessageHandler());
        };
    }

    @ConditionalOnMissingBean(name = {"oidcAccessTokenJwtBuilder"})
    @RefreshScope
    @Bean
    public JwtBuilder oidcAccessTokenJwtBuilder() {
        return new OAuth20JwtBuilder(this.casProperties.getAuthn().getOidc().getIssuer(), (CipherExecutor) this.oauthAccessTokenJwtCipherExecutor.getObject(), (ServicesManager) this.servicesManager.getObject(), oauthRegisteredServiceJwtAccessTokenCipherExecutor());
    }

    @ConditionalOnMissingBean(name = {"oidcAccessTokenFactory"})
    @RefreshScope
    @Bean
    public OAuth20AccessTokenFactory oidcAccessTokenFactory() {
        return new OAuth20DefaultAccessTokenFactory((UniqueTicketIdGenerator) this.accessTokenIdGenerator.getObject(), (ExpirationPolicyBuilder) this.accessTokenExpirationPolicy.getObject(), oidcAccessTokenJwtBuilder(), (ServicesManager) this.servicesManager.getObject());
    }

    @ConditionalOnMissingBean(name = {"oidcTokenGenerator"})
    @RefreshScope
    @Bean
    public OAuth20TokenGenerator oidcTokenGenerator() {
        return new OAuth20DefaultTokenGenerator(oidcAccessTokenFactory(), (OAuth20DeviceTokenFactory) this.defaultDeviceTokenFactory.getObject(), (OAuth20DeviceUserCodeFactory) this.defaultDeviceUserCodeFactory.getObject(), (OAuth20RefreshTokenFactory) this.defaultRefreshTokenFactory.getObject(), (CentralAuthenticationService) this.centralAuthenticationService.getObject(), this.casProperties);
    }

    private OAuth20ConfigurationContext buildConfigurationContext() {
        return OAuth20ConfigurationContext.builder().applicationContext(this.applicationContext).registeredServiceCipherExecutor((CipherExecutor) this.oauthRegisteredServiceCipherExecutor.getObject()).sessionStore((SessionStore) this.oauthDistributedSessionStore.getObject()).servicesManager((ServicesManager) this.servicesManager.getObject()).ticketRegistry((TicketRegistry) this.ticketRegistry.getObject()).accessTokenFactory(oidcAccessTokenFactory()).deviceTokenFactory((OAuth20DeviceTokenFactory) this.defaultDeviceTokenFactory.getObject()).deviceUserCodeFactory((OAuth20DeviceUserCodeFactory) this.defaultDeviceUserCodeFactory.getObject()).clientRegistrationRequestSerializer(clientRegistrationRequestSerializer()).clientIdGenerator(new DefaultRandomStringGenerator()).clientSecretGenerator(new DefaultRandomStringGenerator()).principalFactory(oidcPrincipalFactory()).webApplicationServiceServiceFactory((ServiceFactory) this.webApplicationServiceFactory.getObject()).casProperties(this.casProperties).ticketGrantingTicketCookieGenerator((CasCookieBuilder) this.ticketGrantingTicketCookieGenerator.getObject()).oauthDistributedSessionCookieGenerator((CasCookieBuilder) this.oauthDistributedSessionCookieGenerator.getObject()).oauthConfig((Config) this.oauthSecConfig.getObject()).registeredServiceAccessStrategyEnforcer((AuditableExecution) this.registeredServiceAccessStrategyEnforcer.getObject()).centralAuthenticationService((CentralAuthenticationService) this.centralAuthenticationService.getObject()).callbackAuthorizeViewResolver(callbackAuthorizeViewResolver()).profileScopeToAttributesFilter(profileScopeToAttributesFilter()).accessTokenGenerator(oidcTokenGenerator()).accessTokenResponseGenerator(oidcAccessTokenResponseGenerator()).deviceTokenExpirationPolicy((ExpirationPolicyBuilder) this.deviceTokenExpirationPolicy.getObject()).accessTokenGrantRequestValidators((Collection) this.oauthTokenRequestValidators.getObject()).userProfileDataCreator(oidcUserProfileDataCreator()).userProfileViewRenderer(oidcUserProfileViewRenderer()).oAuthCodeFactory((OAuth20CodeFactory) this.defaultOAuthCodeFactory.getObject()).consentApprovalViewResolver(consentApprovalViewResolver()).authenticationBuilder((OAuth20CasAuthenticationBuilder) this.authenticationBuilder.getObject()).oauthAuthorizationResponseBuilders(oidcAuthorizationResponseBuilders()).oauthRequestValidators((Set) this.oauthRequestValidators.getObject()).singleLogoutServiceLogoutUrlBuilder((SingleLogoutServiceLogoutUrlBuilder) this.singleLogoutServiceLogoutUrlBuilder.getObject()).idTokenSigningAndEncryptionService(oidcTokenSigningAndEncryptionService()).accessTokenJwtBuilder(oidcAccessTokenJwtBuilder()).build();
    }
}
