Interface PasswordGrantHandler

  • All Superinterfaces:
    GrantHandler, Lifecycle

    @ThreadSafe
    public interface PasswordGrantHandler
    extends GrantHandler
    Service Provider Interface (SPI) for handling OAuth 2.0 resource owner password credentials grants. Returns the matching authorisation on success. Must throw an GeneralException with an invalid_grant error code if the user credentials are invalid.

    Implementations must be thread-safe.

    Related specifications:

    • OAuth 2.0 (RFC 6749), sections 1.3.3 and 4.3.
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
      The handled grant type.
    • Method Summary

      All Methods Instance Methods Default Methods Deprecated Methods 
      Modifier and Type Method Description
      default com.nimbusds.oauth2.sdk.GrantType getGrantType()
      Returns the handled grant type.
      default PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, @Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
      Deprecated.
      default PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, InvocationContext invocationCtx)
      Handles a resource owner password credentials grant.
    • Field Detail

      • GRANT_TYPE

        static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
        The handled grant type.
    • Method Detail

      • processGrant

        @Deprecated
        default PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant,
                                                        @Nullable com.nimbusds.oauth2.sdk.Scope scope,
                                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                                        boolean confidentialClient,
                                                        com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata)
                                                 throws com.nimbusds.oauth2.sdk.GeneralException
        Deprecated.
        Handles a resource owner password credentials grant.
        Parameters:
        grant - The resource owner password credentials grant. Not null.
        scope - The requested scope, null if not specified.
        clientID - The client identifier. Not null.
        confidentialClient - true if the client is confidential and has been authenticated, else false.
        clientMetadata - The OpenID Connect client metadata. Not null.

        If the user credentials are invalid the handler must throw a exception with an invalid_grant error code.

        If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

        Returns:
        The authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.
      • processGrant

        default PasswordGrantAuthorization processGrant​(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant,
                                                        TokenRequestParameters tokenRequestParams,
                                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                                        boolean confidentialClient,
                                                        com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata,
                                                        InvocationContext invocationCtx)
                                                 throws com.nimbusds.oauth2.sdk.GeneralException
        Handles a resource owner password credentials grant.
        Parameters:
        grant - The resource owner password credentials grant. Not null.
        tokenRequestParams - The token request parameters, such as the requested scope. Not null.
        clientID - The client identifier. Not null.
        confidentialClient - true if the client is confidential and has been authenticated, else false.
        clientMetadata - The OpenID Connect client metadata. Not null.
        invocationCtx - The invocation context. Not null.

        If the user credentials are invalid the handler must throw a exception with an invalid_grant error code.

        If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

        Returns:
        The authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.