001package com.nimbusds.openid.connect.provider.spi.grants; 002 003 004import com.nimbusds.oauth2.sdk.GeneralException; 005import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant; 006import com.nimbusds.oauth2.sdk.Scope; 007import com.nimbusds.oauth2.sdk.id.ClientID; 008 009import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata; 010 011import com.nimbusds.openid.connect.provider.spi.Lifecycle; 012 013 014/** 015 * Service Provider Interface (SPI) for handling token requests with a Resource 016 * Owner Password Credentials grant. 017 * 018 * <p>Related specifications: 019 * 020 * <ul> 021 * <li>OAuth 2.0 (RFC 6749), sections 1.3.3 and 4.3. 022 * </ul> 023 */ 024public interface PasswordGrantHandler extends Lifecycle { 025 026 027 /** 028 * Handles a Resource Owner Password Credentials grant request. 029 * 030 * @param grant The Resource Owner Password Credentials 031 * grant. Not {@code null}. 032 * @param scope The requested scope, {@code null} if not 033 * specified. 034 * @param clientID The client identifier. Not {@code null}. 035 * @param confidentialClient {@code true} if the client is confidential 036 * and has been authenticated, else 037 * {@code false}. 038 * @param clientMetadata The client metadata. Not {@code null}. 039 * 040 * @return The password grant authorisation response. 041 * 042 * @throws GeneralException If the grant is denied, or another 043 * exception was encountered. 044 */ 045 public PasswordGrantAuthorization processGrant(final ResourceOwnerPasswordCredentialsGrant grant, 046 final Scope scope, 047 final ClientID clientID, 048 final boolean confidentialClient, 049 final OIDCClientMetadata clientMetadata) 050 throws GeneralException; 051} 052