Source code

001package com.nimbusds.openid.connect.provider.spi.tokens;
002
003
004import com.nimbusds.jwt.JWTClaimsSet;
005import net.jcip.annotations.ThreadSafe;
006
007
008/**
009 * Service Provider Interface (SPI) for encoding and decoding authorisations
010 * for self-contained access tokens into JWT claims sets. Implementations must
011 * be thread-safe.
012 *
013 * <p>Sample JWT claims set for a self-contained access token:
014 *
015 * <pre>
016 * {
017 *  "sub" : "alice",
018 *  "cid" : "65564eb0058d",
019 *  "scp" : [ "openid", "email", "app:write" ],
020 *  "iss" : "https://c2id.com",
021 *  "iat" : 1360050000,
022 *  "exp" : 1360050795,
023 *  "aud" : [ "https://resource-1.example.com", "https://resource-2.example.com" ]
024 * }
025 * </pre>
026 *
027 * <p>Implementations should extend {@link BaseSelfContainedAccessTokenClaimsCodec}
028 * which encodes all token parameters for which there is an appropriate
029 * standard JWT claim, such as for the subject, issuer and expiration time. The
030 * implementation only needs to specify encodings for the remaining parameters,
031 * such as scope and client ID.
032 */
033@ThreadSafe
034public interface SelfContainedAccessTokenClaimsCodec {
035        
036        
037        /**
038         * Encodes the specified access token authorisation into a JWT claims
039         * set.
040         *
041         * @param tokenAuthz The access token authorisation. Not {@code null}.
042         * @param context    The token encoder context. Not {@code null}.
043         *
044         * @return The JWT claims set.
045         */
046        JWTClaimsSet encode(final AccessTokenAuthorization tokenAuthz, final TokenEncoderContext context);
047        
048        
049        /**
050         * Decodes the specified JWT claims set into an access token
051         * authorisation.
052         *
053         * @param claimsSet The JWT claims set. Not {@code null}.
054         * @param context   The token codec context. Not {@code null}.
055         *
056         * @return The access token authorisation.
057         *
058         * @throws TokenDecodeException If decoding failed.
059         */
060        AccessTokenAuthorization decode(final JWTClaimsSet claimsSet, final TokenCodecContext context)
061                throws TokenDecodeException;
062}