Package com.nimbusds.openid.connect.provider.spi.grants

Interface ClientCredentialsGrantHandler

All Superinterfaces:
GrantHandler, Lifecycle
@ThreadSafe public interface ClientCredentialsGrantHandler extends GrantHandler
Service Provider Interface (SPI) for handling OAuth 2.0 client credentials grants. Returns the matching authorisation on success.

Implementations must be thread-safe.

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 1.3.4 and 4.4.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final com.nimbusds.oauth2.sdk.GrantType
    GRANT_TYPE
    The handled grant type.

  • Method Summary

    Modifier and Type
    Method
    Description
    default com.nimbusds.oauth2.sdk.GrantType
    getGrantType()
    Returns the handled grant type.
    default GrantAuthorization
    processGrant(@Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata)
    Deprecated.
    default GrantAuthorization
    processGrant(TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata, InvocationContext invocationCtx)
    Handles a client credentials grant.

    Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

    init, isEnabled, shutdown

  • Field Details

    • GRANT_TYPE

      static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
      The handled grant type.

  • Method Details

    • getGrantType

      default com.nimbusds.oauth2.sdk.GrantType getGrantType()
      Description copied from interface: GrantHandler
      Returns the handled grant type.
      Specified by:
      getGrantType in interface GrantHandler
      Returns:
      The grant type;

    • processGrant

      @Deprecated default GrantAuthorization processGrant(@Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata) throws com.nimbusds.oauth2.sdk.GeneralException
      Deprecated.
      Handles a client credentials grant. The client is confidential and always authenticated.
      Parameters:
      scope - The requested scope, null if not specified.
      clientID - The client identifier. Not null.
      clientMetadata - The OAuth 2.0 client metadata. Not null.

      If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.

    • processGrant

      default GrantAuthorization processGrant(TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, com.nimbusds.oauth2.sdk.client.ClientMetadata clientMetadata, InvocationContext invocationCtx) throws com.nimbusds.oauth2.sdk.GeneralException
      Handles a client credentials grant. The client is confidential and always authenticated.
      Parameters:
      tokenRequestParams - The token request parameters, such as the requested scope. Not null.
      clientID - The client identifier. Not null.
      clientMetadata - The OAuth 2.0 client metadata. Not null.
      invocationCtx - The invocation context. Not null.

      If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a GeneralException with an invalid_scope error code.

      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.