Package com.nimbusds.openid.connect.provider.spi.tokens.introspection

Class BaseTokenIntrospectionResponseComposer

java.lang.Object

com.nimbusds.openid.connect.provider.spi.tokens.introspection.BaseTokenIntrospectionResponseComposer

All Implemented Interfaces:

Lifecycle, TokenIntrospectionResponseComposer

Direct Known Subclasses:

DefaultTokenIntrospectionResponseComposer

@ThreadSafe
public abstract class BaseTokenIntrospectionResponseComposer
extends Object
implements TokenIntrospectionResponseComposer

Base implementation of the SPI for composing token introspection (RFC 7662) responses.

Outputs the introspection details specified in:

• OAuth 2.0 Token Introspection (RFC 7662), section 2.2;
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 3.2;
• OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-16), section 6.

Parameters:

• "active"
• "scope"
• "client_id"
• "token_type"
• "exp"
• "iat"
• "sub"
• "aud"
• "iss"
• "jti"
• "cnf.x5t#S256"
• "cnf.jkt"

The following non-standard access token parameters are not output by this base implementation:

• consented OpenID claim names
• preferred claims locales
• claims fullfilment data
• preset OpenID claims
• subject session key
• actor, in impersonation and delegation scenarios
• additional data
• custom top-level parameters

The extending class may implement output of the above non-standard parameters. It may also choose not to output parameters if they are not required by the client (resource server), e.g. for privacy and data minimisation purposes.

Constructor Summary

Constructors

Constructor	Description
BaseTokenIntrospectionResponseComposer()

Method Summary

Modifier and Type	Method	Description
com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse	compose(AccessTokenAuthorization tokenAuthz, TokenIntrospectionContext context)	Composes a token introspection response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

init, isEnabled, shutdown

Constructor Details

BaseTokenIntrospectionResponseComposer

public BaseTokenIntrospectionResponseComposer()

Method Details

compose

public com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse compose(AccessTokenAuthorization tokenAuthz,
 TokenIntrospectionContext context)

Description copied from interface: TokenIntrospectionResponseComposer

Composes a token introspection response.

If the access token was found to be invalid or expired the method should simply return

 if (tokenAuthz == null) {
        return new TokenIntrospectionSuccessResponse.Builder(false)
            .build();
 }
 

Specified by:

compose in interface TokenIntrospectionResponseComposer

Parameters:

tokenAuthz - The access token authorisation, null if the token was found to be invalid or expired (implies "active":false).

context - The token introspection context. Not null.

Returns:

The token introspection success response (for "active":true as well as "active":false access tokens.