@ThreadSafe public abstract class BaseTokenIntrospectionResponseComposer extends Object implements TokenIntrospectionResponseComposer
Outputs only those introspection details which are defined in section 2.2 of the standard OAuth 2.0 Token Introspection (RFC 7662) specification as well as in section 3.2 of OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens(draft-ietf-oauth-mtls-07):
The following non-standard access token parameters are not output by this base implementation:
consented OpenID claim names
preferred claims locales
preset OpenID claims
actor, in impersonation and delegation scenarios
additional data
The extending class may implement output of the above non-standard parameters. It may also choose not to output parameters if they are not required by the client (resource server), e.g. for privacy and data minimisation purposes.
Constructor and Description |
---|
BaseTokenIntrospectionResponseComposer() |
Modifier and Type | Method and Description |
---|---|
com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse |
compose(AccessTokenAuthorization tokenAuthz,
TokenIntrospectionContext context)
Composes a token introspection response.
|
public BaseTokenIntrospectionResponseComposer()
public com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse compose(AccessTokenAuthorization tokenAuthz, TokenIntrospectionContext context)
TokenIntrospectionResponseComposer
If the access token was found to be invalid or expired the method should simply return
if (tokenAuthz == null) { return new TokenIntrospectionSuccessResponse.Builder(false) .build(); }
compose
in interface TokenIntrospectionResponseComposer
tokenAuthz
- The access token authorisation, null
if
the token was found to be invalid or expired
(implies "active":false
).context
- The token introspection context. Not null
."active":true
as well as "active":false
access tokens.Copyright © 2021 Connect2id Ltd.. All rights reserved.