001package com.nimbusds.openid.connect.provider.spi.tokens.introspection; 002 003 004import com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse; 005import com.nimbusds.openid.connect.provider.spi.tokens.AccessTokenAuthorization; 006 007 008/** 009 * Service Provider Interface (SPI) for composing token introspection (RFC 010 * 7662) responses. Implementations must be thread-safe. 011 * 012 * <p>The SPI may be used to respond differently to different resource servers 013 * making the same request. For instance, an authorisation server may limit 014 * which scopes from a given token are returned for each resource server to 015 * prevent a resource server from learning more about the larger network than 016 * is necessary for its operation. 017 * 018 * <p>See OAuth 2.0 Token Introspection (RFC 7662), section 2.2. 019 */ 020public interface TokenIntrospectionResponseComposer { 021 022 023 /** 024 * Composes a token introspection response. 025 * 026 * <p>If the access token was found to be invalid or expired the 027 * method should simply return 028 * 029 * <pre> 030 * if (tokenAuthz == null) { 031 * return new TokenIntrospectionSuccessResponse.Builder(false) 032 * .build(); 033 * } 034 * </pre> 035 * 036 * @param tokenAuthz The access token authorisation, {@code null} if 037 * the token was found to be invalid or expired 038 * (implies {@code "active":false}). 039 * @param context The token introspection context. Not {@code null}. 040 * 041 * @return The token introspection success response (for 042 * {@code "active":true} as well as {@code "active":false} 043 * access tokens. 044 */ 045 TokenIntrospectionSuccessResponse compose(final AccessTokenAuthorization tokenAuthz, 046 final TokenIntrospectionContext context); 047}