Package com.nimbusds.openid.connect.provider.spi.grants

Interface TokenExchangeGrantHandler

All Superinterfaces:
GrantHandler, Lifecycle
@ThreadSafe public interface TokenExchangeGrantHandler extends GrantHandler
Service Provider Interface (SPI) for handling token exchange grants. Returns a token exchange authorisation on success. Must throw a GeneralException with an invalid_grant error code if the subject_token or the optional actor_token are invalid.

Implementations must be thread-safe.

Related specifications:

  • OAuth 2.0 Token Exchange (RFC 8693).

  • Field Details

    • GRANT_TYPE

      static final com.nimbusds.oauth2.sdk.GrantType GRANT_TYPE
      The handled grant type.

  • Method Details

    • getGrantType

      default com.nimbusds.oauth2.sdk.GrantType getGrantType()
      Description copied from interface: GrantHandler
      Returns the handled grant type.
      Specified by:
      getGrantType in interface GrantHandler
      Returns:
      The grant type;

    • processGrant

      @Deprecated default TokenExchangeAuthorization processGrant(com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, TokenIntrospection tokenIntrospection, TokenIssueHelpers tokenIssueHelpers, InvocationContext invocationCtx) throws com.nimbusds.oauth2.sdk.GeneralException
      Deprecated.
      Handles a token exchange request from a client registered with the Connect2id server.
      Parameters:
      grant - The token exchange grant. Not null.
      tokenRequestParams - The token request parameters, such as the requested scope. Not null.
      clientID - The client identifier. Not null.
      confidentialClient - true if the client is confidential and has been authenticated, else false.
      clientMetadata - The OAuth 2.0 client / OpenID relying party metadata. Not null.
      tokenIntrospection - Token introspection interface for locally issued subject tokens. Not null.
      tokenIssueHelpers - Token issue helpers. Not null.
      invocationCtx - The invocation context. Not null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.

    • processGrant

      default TokenExchangeAuthorization processGrant(com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant grant, TokenRequestParameters tokenRequestParams, com.nimbusds.oauth2.sdk.id.ClientID clientID, boolean confidentialClient, com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata clientMetadata, TokenIntrospection tokenIntrospection, TokenIssueHelpers tokenIssueHelpers, GrantHandlerContext handlerCtx) throws com.nimbusds.oauth2.sdk.GeneralException
      Handles a token exchange request from a client registered with the Connect2id server.
      Parameters:
      grant - The token exchange grant. Not null.
      tokenRequestParams - The token request parameters, such as the requested scope. Not null.
      clientID - The client identifier. Not null.
      confidentialClient - true if the client is confidential and has been authenticated, else false.
      clientMetadata - The OAuth 2.0 client / OpenID relying party metadata. Not null.
      tokenIntrospection - Token introspection interface for locally issued subject tokens. Not null.
      tokenIssueHelpers - Token issue helpers. Not null.
      handlerCtx - The handler context. Not null.
      Returns:
      The authorisation.
      Throws:
      com.nimbusds.oauth2.sdk.GeneralException - If the grant is invalid, or another exception was encountered.