Package com.linecorp.armeria.common.auth.oauth2

Class GrantedOAuth2AccessToken

java.lang.Object
com.linecorp.armeria.common.auth.oauth2.GrantedOAuth2AccessToken
All Implemented Interfaces:
Serializable
@UnstableApi public class GrantedOAuth2AccessToken extends Object implements Serializable
Defines a structure of the Access Token Response, as per [RFC6749], Section 5.1.
See Also:

  • Method Details

    • parse

      public static GrantedOAuth2AccessToken parse(String rawResponse, @Nullable @Nullable String requestScope)
      Creates a new GrantedOAuth2AccessToken based on the JSON-formatted raw response body and optional raw formatted scope used to request the token.
      Parameters:
      rawResponse - JSON-formatted raw response body.
      requestScope - OPTIONAL. A list of space-delimited, case-sensitive strings. The strings are defined by the authorization server. The authorization server MAY fully or partially ignore the scope requested by the client, based on the authorization server policy or the resource owner's instructions. If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted. If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope.
      Returns:
      A new instance of GrantedOAuth2AccessToken.

    • builder

      public static GrantedOAuth2AccessTokenBuilder builder(String accessToken)
      Creates a new GrantedOAuth2AccessTokenBuilder to build a new GrantedOAuth2AccessToken and supplied it with a value of access_token Access Token response field.
      Returns:
      A new instance of GrantedOAuth2AccessTokenBuilder.

    • accessToken

      public String accessToken()
      "access_token" Access Token response field, REQUIRED. The access token issued by the authorization server.

    • tokenType

      @Nullable public @Nullable String tokenType()
      "token_type" Access Token response field, REQUIRED. The type of the token issued as described at [RFC6749], Section 7.1. Value is case insensitive.

    • expiresIn

      @Nullable public @Nullable Duration expiresIn()
      "expires_in" Access Token response field, RECOMMENDED. Duration indicating the lifetime of the access token. For example, the value 3600 seconds denotes that the access token will expire in one hour from the time the response was generated. If omitted, the authorization server SHOULD provide the expiration time via other means or document the default value.

    • issuedAt

      public Instant issuedAt()
      An Instant indicating when the Access Token was issued. The value is NOT supplied with the Access Token response and calculated approximately using "expires_in" field.

    • expiresAt

      @Nullable public @Nullable Instant expiresAt()
      An Instant representing a derived value using issuedAt() + expiresIn().

    • isValid

      public boolean isValid(Instant instant)
      Indicates whether or not the Access Token expire at the given Instant time based on expiresAt() function.

    • isValid

      public boolean isValid()
      Indicates whether or not the Access Token already expired based on expiresAt() function.

    • isRefreshable

      public boolean isRefreshable()
      Indicates whether or not the Access Token is refreshable via refresh token.

    • refreshToken

      @Nullable public @Nullable String refreshToken()
      "refresh_token" Access Token response field, OPTIONAL. The refresh token, which can be used to obtain new access tokens using the same authorization grant as described at [RFC6749], Section 6.

    • scope

      @Nullable public @Nullable String scope()
      "scope" Access Token response field, OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described at [RFC6749], Section 3.3. A list of space-delimited, case-sensitive scope strings. The strings are defined by the authorization server. The authorization server MAY fully or partially ignore the scope requested by the client, based on the authorization server policy or the resource owner's instructions. If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted. If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope.

    • scopeSet

      public Set<String> scopeSet()
      "scope" Access Token response field, OPTIONAL, if identical to the scope requested by the client; otherwise, REQUIRED. The scope of the access token as described at [RFC6749], Section 3.3. A Set of case-sensitive scope strings. The strings are defined by the authorization server. The authorization server MAY fully or partially ignore the scope requested by the client, based on the authorization server policy or the resource owner's instructions. If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted. If the client omits the scope parameter when requesting authorization, the authorization server MUST either process the request using a pre-defined default value or fail the request indicating an invalid scope.

    • extras

      public Map<String,String> extras()
      A Map of extra system-specific token parameters included with Access Token response, OPTIONAL.

    • authorization

      public String authorization()
      A value of the HttpHeaderNames.AUTHORIZATION header based on this access token.

    • rawResponse

      public String rawResponse()
      JSON-formatted raw Token Introspection Response body. If the GrantedOAuth2AccessToken was not parsed out of the raw response body, this value calculated based on the other GrantedOAuth2AccessToken values.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object