Package com.nimbusds.openid.connect.provider.spi.grants

Class PasswordGrantAuthorization

  • @Immutable
public class PasswordGrantAuthorization
extends SubjectAuthorization
    Authorisation produced by a PasswordGrantHandler. Specifies a subject (end-user) and permits ID and refresh token issue.

    Required authorisation details:

    • The authenticated subject (end-user).
    • The authorised scope.

    All other parameters are optional or have suitable defaults.

    • Constructor Detail

      • PasswordGrantAuthorization

        public PasswordGrantAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope)
        Creates a new OAuth 2.0 - only authorisation for a password grant.
        Parameters:
        subject - The subject (end-user) identifier. Must not be null.
        scope - The authorised scope values. Must not be null.

      • PasswordGrantAuthorization

        @Deprecated
public PasswordGrantAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  @Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  @Nullable net.minidev.json.JSONObject data)
        Deprecated.
        Creates a new OAuth 2.0 - only authorisation for a password grant.
        Parameters:
        subject - The subject (end-user) identifier. Must not be null.
        scope - The authorised scope values. Must not be null.
        audList - Explicit list of audiences for the access token, null if not specified.
        longLived - Controls the authorisation lifetime, true for a long-lived (implies persistence), false for a short-lived (transient).
        accessTokenSpec - The access token specification. Must not be null.
        refreshTokenSpec - The refresh token specification. Must not be null.
        data - Additional data as a JSON object, null if not specified.

      • PasswordGrantAuthorization

        public PasswordGrantAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  @Nullable net.minidev.json.JSONObject data)
        Creates a new OAuth 2.0 - only authorisation for a password grant.
        Parameters:
        subject - The subject (end-user) identifier. Must not be null.
        scope - The authorised scope values. Must not be null.
        longLived - Controls the authorisation lifetime, true for a long-lived (implies persistence), false for a short-lived (transient).
        accessTokenSpec - The access token specification. Must not be null.
        refreshTokenSpec - The refresh token specification. Must not be null.
        data - Additional data as a JSON object, null if not specified.

      • PasswordGrantAuthorization

        @Deprecated
public PasswordGrantAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  @Nullable Date authTime,
                                  @Nullable com.nimbusds.openid.connect.sdk.claims.ACR acr,
                                  @Nullable List<com.nimbusds.openid.connect.sdk.claims.AMR> amrList,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  @Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  IDTokenSpec idTokenSpec,
                                  ClaimsSpec claimsSpec,
                                  @Nullable net.minidev.json.JSONObject data)
        Deprecated.
        Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.
        Parameters:
        subject - The subject (end-user) identifier. Must not be null.
        authTime - The time of the subject authentication. If null it will be set to now. Applies only if an ID token is issued.
        acr - The Authentication Context Class Reference (ACR), null if not specified. Applies only if an ID token is issued.
        amrList - The Authentication Methods Reference (AMR) list, null if not specified. Applies only if an ID token is issued.
        scope - The authorised scope values. Must not be null.
        audList - Explicit list of audiences for the access token, null if not specified.
        longLived - Controls the authorisation lifetime. true for a long-lived (implies persistence), false for a short-lived (transient).
        accessTokenSpec - The access token specification. Must not be null.
        refreshTokenSpec - The refresh token specification. Must not be null.
        idTokenSpec - The ID token specification. Must not be null.
        claimsSpec - The OpenID claims specification.
        data - Additional data as a JSON object, null if not specified.

      • PasswordGrantAuthorization

        public PasswordGrantAuthorization​(com.nimbusds.oauth2.sdk.id.Subject subject,
                                  com.nimbusds.oauth2.sdk.Scope scope,
                                  boolean longLived,
                                  AccessTokenSpec accessTokenSpec,
                                  RefreshTokenSpec refreshTokenSpec,
                                  IDTokenSpec idTokenSpec,
                                  ClaimsSpec claimsSpec,
                                  @Nullable net.minidev.json.JSONObject data)
        Creates a new OpenID Connect / OAuth 2.0 authorisation for a password grant.
        Parameters:
        subject - The subject (end-user) identifier. Must not be null.
        scope - The authorised scope values. Must not be null.
        longLived - Controls the authorisation lifetime. true for a long-lived (implies persistence), false for a short-lived (transient).
        accessTokenSpec - The access token specification. Must not be null.
        refreshTokenSpec - The refresh token specification. Must not be null.
        idTokenSpec - The ID token specification. Must not be null.
        claimsSpec - The OpenID claims specification.
        data - Additional data as a JSON object, null if not specified.

    • Method Detail

      • isLongLived

        public boolean isLongLived()
        Returns the authorisation lifetime.
        Returns:
        true for a long-lived authorisation (implies persistence), false for a short-lived (transient).

      • parse

        public static PasswordGrantAuthorization parse​(net.minidev.json.JSONObject jsonObject)
                                        throws com.nimbusds.oauth2.sdk.ParseException
        Parses a password grant authorisation from the specified JSON object.
        Parameters:
        jsonObject - The JSON object to parse. Must not be null.
        Returns:
        The password grant authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.ParseException - If parsing failed.

      • parse

        public static PasswordGrantAuthorization parse​(String json)
                                        throws com.nimbusds.oauth2.sdk.ParseException
        Parses a password grant authorisation from the specified JSON object string.
        Parameters:
        json - The JSON object string to parse. Must not be null.
        Returns:
        The password grant authorisation.
        Throws:
        com.nimbusds.oauth2.sdk.ParseException - If parsing failed.