Package com.nimbusds.openid.connect.provider.spi.grants

Interface TokenExchangeGrantHandler

All Superinterfaces:

GrantHandler, Lifecycle

@ThreadSafe
public interface TokenExchangeGrantHandler
extends GrantHandler

Service Provider Interface (SPI) for handling token exchange grants. Returns a token exchange authorisation on success. Must throw a GeneralException with an invalid_grant error code if the subject_token or the optional actor_token are invalid.

Implementations must be thread-safe.

Related specifications:

• OAuth 2.0 Token Exchange (RFC 8693).

Field Summary

Fields

Modifier and Type	Field	Description
static com.nimbusds.oauth2.sdk.GrantType	GRANT_TYPE	The handled grant type.

Method Summary

Modifier and Type	Method	Description
default com.nimbusds.oauth2.sdk.GrantType	getGrantType()	Returns the handled grant type.
TokenExchangeAuthorization	processGrant(com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, TokenIntrospection tokenIntrospection, TokenIssueHelpers tokenIssueHelpers, InvocationContext invocationCtx)	Handles a token exchange request from a client registered with the Connect2id server.

Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

init, isEnabled, shutdown

Field Detail

GRANT_TYPE

static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE

The handled grant type.

Method Detail

getGrantType

default com.nimbusds.oauth2.sdk.GrantType getGrantType()

Description copied from interface: GrantHandler

Returns the handled grant type.

Specified by:

getGrantType in interface GrantHandler

Returns:

The grant type;

processGrant

TokenExchangeAuthorization processGrant(com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant grant,
                                        TokenRequestParameters tokenRequestParams,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        boolean confidentialClient,
                                        com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata,
                                        TokenIntrospection tokenIntrospection,
                                        TokenIssueHelpers tokenIssueHelpers,
                                        InvocationContext invocationCtx)
                                 throws com.nimbusds.oauth2.sdk.GeneralException

Handles a token exchange request from a client registered with the Connect2id server.

Parameters:

grant - The token exchange grant. Not null.

tokenRequestParams - The token request parameters, such as the requested scope. Not null.

clientID - The client identifier. Not null.

confidentialClient - true if the client is confidential, false if the client is public.

clientMetadata - The OpenID Connect client metadata. Not null.

tokenIntrospection - Token introspection interface for locally issued subject tokens. Not null.

tokenIssueHelpers - Token issue helpers. Not null.

invocationCtx - The invocation context. Not null.

Returns:

The authorisation.

Throws:

com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.