Class BaseTokenIntrospectionResponseComposer
java.lang.Object
com.nimbusds.openid.connect.provider.spi.tokens.introspection.BaseTokenIntrospectionResponseComposer
- All Implemented Interfaces:
Lifecycle
,TokenIntrospectionResponseComposer
- Direct Known Subclasses:
DefaultTokenIntrospectionResponseComposer
@ThreadSafe
public abstract class BaseTokenIntrospectionResponseComposer
extends Object
implements TokenIntrospectionResponseComposer
Base implementation of the SPI for composing token introspection (RFC 7662)
responses.
Outputs the introspection details specified in:
- OAuth 2.0 Token Introspection (RFC 7662), section 2.2;
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (RFC 8705), section 3.2;
- OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (draft-ietf-oauth-dpop-16), section 6.
Parameters:
- "active"
- "scope"
- "client_id"
- "token_type"
- "exp"
- "iat"
- "sub"
- "aud"
- "iss"
- "jti"
- "cnf.x5t#S256"
- "cnf.jkt"
The following non-standard access token parameters are not output by this base implementation:
consented OpenID claim names
preferred claims locales
claims fullfilment data
preset OpenID claims
subject session key
actor, in impersonation and delegation scenarios
additional data
custom top-level parameters
The extending class may implement output of the above non-standard parameters. It may also choose not to output parameters if they are not required by the client (resource server), e.g. for privacy and data minimisation purposes.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncom.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse
compose
(AccessTokenAuthorization tokenAuthz, TokenIntrospectionContext context) Composes a token introspection response.
-
Constructor Details
-
BaseTokenIntrospectionResponseComposer
-
-
Method Details
-
compose
public com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse compose(AccessTokenAuthorization tokenAuthz, TokenIntrospectionContext context) Description copied from interface:TokenIntrospectionResponseComposer
Composes a token introspection response.If the access token was found to be invalid or expired the method should simply return
if (tokenAuthz == null) { return new TokenIntrospectionSuccessResponse.Builder(false) .build(); }
- Specified by:
compose
in interfaceTokenIntrospectionResponseComposer
- Parameters:
tokenAuthz
- The access token authorisation,null
if the token was found to be invalid or expired (implies"active":false
).context
- The token introspection context. Notnull
.- Returns:
- The token introspection success response (for
"active":true
as well as"active":false
access tokens.
-