Package com.nimbusds.openid.connect.provider.spi.grants

Interface PasswordGrantHandler

  • All Superinterfaces:
    GrantHandler, Lifecycle
    @ThreadSafe
public interface PasswordGrantHandler
extends GrantHandler
    Service Provider Interface (SPI) for handling OAuth 2.0 resource owner password credentials grants. Returns the matching authorisation on success. Must throw an GeneralException with an invalid_grant error code if the user credentials are invalid.

    Implementations must be thread-safe.

    Related specifications:

    • OAuth 2.0 (RFC 6749), sections 1.3.3 and 4.3.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
      The handled grant type.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
      Handles a resource owner password credentials grant.

    • Field Detail

      • GRANT_TYPE

        static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
        The handled grant type.

    • Method Detail

      • processGrant

        PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant,
                                        com.nimbusds.oauth2.sdk.Scope scope,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        boolean confidentialClient,
                                        com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
                                 throws com.nimbusds.oauth2.sdk.GeneralException
        Handles a resource owner password credentials grant.
        Parameters:
        grant - The resource owner password credentials grant. Not null.
        scope - The requested scope, null if not specified.
        clientID - The client identifier. Not null.
        confidentialClient - true if the client is confidential and has been authenticated, else false.
        clientMetadata - The OpenID Connect client metadata. Not null.

        If the user credentials are invalid the handler must throw a exception with an invalid_grant error code.

        If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

        Returns:
        The authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.