com.nimbusds.openid.connect.provider.spi.grants

Class PasswordGrantAuthorization

java.lang.Object

com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization

com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization

com.nimbusds.openid.connect.provider.spi.grants.PasswordGrantAuthorization

@Immutable
public class PasswordGrantAuthorization
extends SubjectAuthorization

Authorisation produced by a PasswordGrantHandler. Specifies a subject (end-user) and permits ID and refresh token issue.

Required authorisation details:

• The authenticated subject (end-user).
• The authorised scope.

All other parameters are optional or have suitable defaults.

Constructor Summary

Constructors

Constructor and Description
PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, Date authTime, com.nimbusds.openid.connect.sdk.claims.ACR acr, List<com.nimbusds.openid.connect.sdk.claims.AMR> amrList, com.nimbusds.oauth2.sdk.Scope scope, List<com.nimbusds.oauth2.sdk.id.Audience> audList, boolean longLived, AccessTokenSpec accessTokenSpec, RefreshTokenSpec refreshTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, net.minidev.json.JSONObject data) Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.
PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope) Creates a new OAuth 2.0 - only authorisation for a password grant.
PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope, boolean longLived, AccessTokenSpec accessTokenSpec, RefreshTokenSpec refreshTokenSpec, IDTokenSpec idTokenSpec, ClaimsSpec claimsSpec, net.minidev.json.JSONObject data) Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.
PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject, com.nimbusds.oauth2.sdk.Scope scope, List<com.nimbusds.oauth2.sdk.id.Audience> audList, boolean longLived, AccessTokenSpec accessTokenSpec, RefreshTokenSpec refreshTokenSpec, net.minidev.json.JSONObject data) Creates a new OAuth 2.0 - only authorisation for a password grant.

Method Summary

Modifier and Type	Method and Description
RefreshTokenSpec	getRefreshTokenSpec() Returns the refresh token specification.
boolean	isLongLived() Returns the authorisation lifetime.
static PasswordGrantAuthorization	parse(net.minidev.json.JSONObject jsonObject) Parses a password grant authorisation from the specified JSON object.
static PasswordGrantAuthorization	parse(String json) Parses a password grant authorisation from the specified JSON object string.
net.minidev.json.JSONObject	toJSONObject() Returns a JSON object representation of this authorisation.

Methods inherited from class com.nimbusds.openid.connect.provider.spi.grants.SubjectAuthorization

getACR, getAMRList, getAuthTime, getClaimsSpec, getIDTokenSpec, getSubject

Methods inherited from class com.nimbusds.openid.connect.provider.spi.grants.GrantAuthorization

getAccessTokenSpec, getAudience, getData, getScope

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordGrantAuthorization

public PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope)

Creates a new OAuth 2.0 - only authorisation for a password grant.

Parameters:

subject - The subject (end-user) identifier. Must not be null.

scope - The authorised scope values. Must not be null.

PasswordGrantAuthorization

public PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  List<com.nimbusds.oauth2.sdk.id.Audience> audList,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  net.minidev.json.JSONObject data)

Creates a new OAuth 2.0 - only authorisation for a password grant.

Parameters:

subject - The subject (end-user) identifier. Must not be null.

scope - The authorised scope values. Must not be null.

audList - Explicit list of audiences for the access token, null if not specified.

longLived - Controls the authorisation lifetime, true for a long-lived (implies persistence), false for a short-lived (transient).

accessTokenSpec - The access token specification. Must not be null.

refreshTokenSpec - The refresh token specification. Must not be null.

data - Additional data as a JSON object, null if not specified.

PasswordGrantAuthorization

public PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  Date authTime,
                                  com.nimbusds.openid.connect.sdk.claims.ACR acr,
                                  List<com.nimbusds.openid.connect.sdk.claims.AMR> amrList,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  List<com.nimbusds.oauth2.sdk.id.Audience> audList,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  IDTokenSpec idTokenSpec,
                                  ClaimsSpec claimsSpec,
                                  net.minidev.json.JSONObject data)

Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.

Parameters:

subject - The subject (end-user) identifier. Must not be null.

authTime - The time of the subject authentication. If null it will be set to now. Applies only if an ID token is issued.

acr - The Authentication Context Class Reference (ACR), null if not specified. Applies only if an ID token is issued.

amrList - The Authentication Methods Reference (AMR) list, null if not specified. Applies only if an ID token is issued.

scope - The authorised scope values. Must not be null.

audList - Explicit list of audiences for the access token, null if not specified.

longLived - Controls the authorisation lifetime. true for a long-lived (implies persistence), false for a short-lived (transient).

accessTokenSpec - The access token specification. Must not be null.

refreshTokenSpec - The refresh token specification. Must not be null.

idTokenSpec - The ID token specification. Must not be null.

claimsSpec - The claims specification.

data - Additional data as a JSON object, null if not specified.

PasswordGrantAuthorization

public PasswordGrantAuthorization(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  IDTokenSpec idTokenSpec,
                                  ClaimsSpec claimsSpec,
                                  net.minidev.json.JSONObject data)

Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.

Parameters:

subject - The subject (end-user) identifier. Must not be null.

scope - The authorised scope values. Must not be null.

longLived - Controls the authorisation lifetime. true for a long-lived (implies persistence), false for a short-lived (transient).

accessTokenSpec - The access token specification. Must not be null.

refreshTokenSpec - The refresh token specification. Must not be null.

idTokenSpec - The ID token specification. Must not be null.

claimsSpec - The claims specification.

data - Additional data as a JSON object, null if not specified.

Method Detail

isLongLived

public boolean isLongLived()

Returns the authorisation lifetime.

Returns:

true for a long-lived authorisation (implies persistence), false for a short-lived (transient).

getRefreshTokenSpec

public RefreshTokenSpec getRefreshTokenSpec()

Returns the refresh token specification.

Returns:

The refresh token specification.

toJSONObject

public net.minidev.json.JSONObject toJSONObject()

Description copied from class: GrantAuthorization

Returns a JSON object representation of this authorisation.

Overrides:

toJSONObject in class SubjectAuthorization

Returns:

The JSON object representation.

parse

public static PasswordGrantAuthorization parse(net.minidev.json.JSONObject jsonObject)
                                        throws com.nimbusds.oauth2.sdk.ParseException

Parses a password grant authorisation from the specified JSON object.

Parameters:

jsonObject - The JSON object to parse. Must not be null.

Returns:

The password grant authorisation.

Throws:

com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

parse

public static PasswordGrantAuthorization parse(String json)
                                        throws com.nimbusds.oauth2.sdk.ParseException

Parses a password grant authorisation from the specified JSON object string.

Parameters:

json - The JSON object string to parse. Must not be null.

Returns:

The password grant authorisation.

Throws:

com.nimbusds.oauth2.sdk.ParseException - If parsing failed.