Interface SelfContainedAccessTokenClaimsCodec

All Superinterfaces:
Lifecycle
All Known Implementing Classes:
BaseSelfContainedAccessTokenClaimsCodec

@ThreadSafe public interface SelfContainedAccessTokenClaimsCodec extends Lifecycle
Service Provider Interface (SPI) for encoding and decoding authorisations for self-contained access tokens into JWT claims sets. Implementations must be thread-safe.

Sample JWT claims set for a self-contained access token:

 {
  "sub" : "alice",
  "cid" : "65564eb0058d",
  "scp" : [ "openid", "email", "app:write" ],
  "iss" : "https://c2id.com",
  "iat" : 1360050000,
  "exp" : 1360050795,
  "aud" : [ "https://resource-1.example.com", "https://resource-2.example.com" ]
 }
 

Implementations should extend BaseSelfContainedAccessTokenClaimsCodec which encodes all token parameters for which there is an appropriate standard JWT claim, such as for the subject, issuer and expiration time. The implementation only needs to specify encodings for the remaining parameters, such as scope and client ID.