Interface PasswordGrantHandler
- All Superinterfaces:
GrantHandler,Lifecycle
Service Provider Interface (SPI) for handling OAuth 2.0 resource owner
password credentials grants. Returns the matching
authorisation on success. Must throw an
GeneralException with an
invalid_grant
error code if the user credentials are invalid.
Implementations must be thread-safe.
Related specifications:
- OAuth 2.0 (RFC 6749), sections 1.3.3 and 4.3.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final com.nimbusds.oauth2.sdk.GrantTypeThe handled grant type. -
Method Summary
Modifier and TypeMethodDescriptiondefault com.nimbusds.oauth2.sdk.GrantTypeReturns the handled grant type.default PasswordGrantAuthorizationprocessGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, @Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata) Deprecated.default PasswordGrantAuthorizationprocessGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, InvocationContext invocationCtx) Handles a resource owner password credentials grant.
-
Field Details
-
GRANT_TYPE
The handled grant type.
-
-
Method Details
-
getGrantType
Description copied from interface:GrantHandlerReturns the handled grant type.- Specified by:
getGrantTypein interfaceGrantHandler- Returns:
- The grant type;
-
processGrant
@Deprecated default PasswordGrantAuthorization processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, @Nullable com.nimbusds.oauth2.sdk.Scope scope, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata) throws com.nimbusds.oauth2.sdk.GeneralException Deprecated.Handles a resource owner password credentials grant.- Parameters:
grant- The resource owner password credentials grant. Notnull.scope- The requested scope,nullif not specified.clientID- The client identifier. Notnull.confidentialClient-trueif the client is confidential and has been authenticated, elsefalse.clientMetadata- The OpenID Connect client metadata. Notnull.If the user credentials are invalid the handler must throw a
exceptionwith aninvalid_granterror code.If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a
GeneralExceptionwith aninvalid_scopeerror code.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.GeneralException- If the grant is invalid, or another exception was encountered.
-
processGrant
default PasswordGrantAuthorization processGrant(com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, InvocationContext invocationCtx) throws com.nimbusds.oauth2.sdk.GeneralException Handles a resource owner password credentials grant.- Parameters:
grant- The resource owner password credentials grant. Notnull.tokenRequestParams- The token request parameters, such as the requested scope. Notnull.clientID- The client identifier. Notnull.confidentialClient-trueif the client is confidential and has been authenticated, elsefalse.clientMetadata- The OpenID Connect client metadata. Notnull.invocationCtx- The invocation context. Notnull.If the user credentials are invalid the handler must throw a
exceptionwith aninvalid_granterror code.If the requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner the handler must throw a
GeneralExceptionwith aninvalid_scopeerror code.- Returns:
- The authorisation.
- Throws:
com.nimbusds.oauth2.sdk.GeneralException- If the grant is invalid, or another exception was encountered.
-