Interface PasswordGrantHandler
-
- All Superinterfaces:
GrantHandler
,Lifecycle
@ThreadSafe public interface PasswordGrantHandler extends GrantHandler
Service Provider Interface (SPI) for handling OAuth 2.0 resource owner password credentials grants. Returns the matchingauthorisation
on success. Must throw anGeneralException
with aninvalid_grant
error code if the user credentials are invalid.Implementations must be thread-safe.
Related specifications:
- OAuth 2.0 (RFC 6749), sections 1.3.3 and 4.3.
-
-
Field Summary
Fields Modifier and Type Field Description static com.nimbusds.oauth2.sdk.GrantType
GRANT_TYPE
The handled grant type.
-
Method Summary
All Methods Instance Methods Default Methods Deprecated Methods Modifier and Type Method Description default com.nimbusds.oauth2.sdk.GrantType
getGrantType()
Returns the handled grant type.default PasswordGrantAuthorization
processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, @Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
Deprecated.default PasswordGrantAuthorization
processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, InvocationContext invocationCtx)
Handles a resource owner password credentials grant.
-
-
-
Field Detail
-
GRANT_TYPE
static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
The handled grant type.
-
-
Method Detail
-
getGrantType
default com.nimbusds.oauth2.sdk.GrantType getGrantType()
Description copied from interface:GrantHandler
Returns the handled grant type.- Specified by:
getGrantType
in interfaceGrantHandler
- Returns:
- The grant type;
-
processGrant
@Deprecated default PasswordGrantAuthorization processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, @Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata) throws com.nimbusds.oauth2.sdk.GeneralException
Deprecated.Handles a resource owner password credentials grant.- Parameters:
grant
- The resource owner password credentials grant. Notnull
.scope
- The requested scope,null
if not specified.clientID
- The client identifier. Notnull
.confidentialClient
-true
if the client is confidential and has been authenticated, elsefalse
.clientMetadata
- The OpenID Connect client metadata. Notnull
.If the user credentials are invalid the handler must throw a
exception
with aninvalid_grant
error code.If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a
GeneralException
with aninvalid_scope
error code.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.GeneralException
- If the grant is invalid, or another exception was encountered.
-
processGrant
default PasswordGrantAuthorization processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, InvocationContext invocationCtx) throws com.nimbusds.oauth2.sdk.GeneralException
Handles a resource owner password credentials grant.- Parameters:
grant
- The resource owner password credentials grant. Notnull
.tokenRequestParams
- The token request parameters, such as the requested scope. Notnull
.clientID
- The client identifier. Notnull
.confidentialClient
-true
if the client is confidential and has been authenticated, elsefalse
.clientMetadata
- The OpenID Connect client metadata. Notnull
.invocationCtx
- The invocation context. Notnull
.If the user credentials are invalid the handler must throw a
exception
with aninvalid_grant
error code.If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a
GeneralException
with aninvalid_scope
error code.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.GeneralException
- If the grant is invalid, or another exception was encountered.
-
-