Package com.nimbusds.openid.connect.provider.spi.grants

Interface ClientCredentialsGrantHandler

All Superinterfaces:

GrantHandler, Lifecycle

@ThreadSafe
public interface ClientCredentialsGrantHandler
extends GrantHandler

Service Provider Interface (SPI) for handling OAuth 2.0 client credentials grants. Returns the matching authorisation on success.

Implementations must be thread-safe.

Related specifications:

• OAuth 2.0 (RFC 6749), sections 1.3.4 and 4.4.

Field Summary

Fields

Modifier and Type	Field	Description
static com.nimbusds.oauth2.sdk.GrantType	GRANT_TYPE	The handled grant type.

Method Summary

Modifier and Type	Method	Description
default com.nimbusds.oauth2.sdk.GrantType	getGrantType()	Returns the handled grant type.
default GrantAuthorization	processGrant(@Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata)	Deprecated.
default GrantAuthorization	processGrant(TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata, InvocationContext invocationCtx)	Handles a client credentials grant.

Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

init, isEnabled, shutdown

Field Detail

GRANT_TYPE

static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE

The handled grant type.

Method Detail

getGrantType

default com.nimbusds.oauth2.sdk.GrantType getGrantType()

Description copied from interface: GrantHandler

Returns the handled grant type.

Specified by:

getGrantType in interface GrantHandler

Returns:

The grant type;

processGrant

@Deprecated
default GrantAuthorization processGrant(@Nullable com.nimbusds.oauth2.sdk.Scope scope,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata)
                                 throws com.nimbusds.oauth2.sdk.GeneralException

Deprecated.

Handles a client credentials grant. The client is confidential and always authenticated.

Parameters:

scope - The requested scope, null if not specified.

clientID - The client identifier. Not null.

clientMetadata - The OAuth 2.0 client metadata. Not null.

If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

Returns:

The authorisation.

Throws:

com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.

processGrant

default GrantAuthorization processGrant(TokenRequestParameters tokenRequestParams,
                                        com.nimbusds.oauth2.sdk.id.ClientID clientID,
                                        com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata,
                                        InvocationContext invocationCtx)
                                 throws com.nimbusds.oauth2.sdk.GeneralException

Handles a client credentials grant. The client is confidential and always authenticated.

Parameters:

tokenRequestParams - The token request parameters, such as the requested scope. Not null.

clientID - The client identifier. Not null.

clientMetadata - The OAuth 2.0 client metadata. Not null.

invocationCtx - The invocation context. Not null.

If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

Returns:

The authorisation.

Throws:

com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.