Package com.nimbusds.oauth2.sdk

Class TokenRequest

java.lang.Object
com.nimbusds.oauth2.sdk.AbstractRequest
com.nimbusds.oauth2.sdk.AbstractOptionallyAuthenticatedRequest
com.nimbusds.oauth2.sdk.AbstractOptionallyIdentifiedRequest
com.nimbusds.oauth2.sdk.TokenRequest
All Implemented Interfaces:
Message, Request
@Immutable public class TokenRequest extends AbstractOptionallyIdentifiedRequest
Token request. Used to obtain an access token and an optional refresh token at the Token endpoint of the authorisation server. Supports custom request parameters.

Example token request with an authorisation code grant: 

 POST /token HTTP/1.1
 Host: server.example.com
 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

 grant_type=authorization_code
 &code=SplxlOBeZQQYbYS6WxSbIA
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 4.1.3, 4.3.2, 4.4.2 and 6.
  • OAuth 2.0 Rich Authorization Requests (RFC 9396), section 6.
  • Resource Indicators for OAuth 2.0 (RFC 8707)
  • OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz-04)

  • Constructor Details

    • TokenRequest

      public TokenRequest(URI uri, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request with the specified client authentication.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      public TokenRequest(URI uri, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope, List<URI> resources, Map<String,List<String>> customParams)
      Creates a new token request with the specified client authentication and extension and custom parameters.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      resources - The resource URI(s), null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      public TokenRequest(URI uri, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, Map<String,List<String>> customParams)
      Creates a new token request with the specified client authentication and extension and custom parameters.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      public TokenRequest(URI uri, ClientAuthentication clientAuth, AuthorizationGrant authzGrant)
      Creates a new token request with the specified client authentication.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.

    • TokenRequest

      public TokenRequest(URI uri, ClientID clientID, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request, with no explicit client authentication (maybe present in the grant depending on its type).
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      public TokenRequest(URI uri, ClientID clientID, AuthorizationGrant authzGrant, Scope scope, List<URI> resources, RefreshToken existingGrant, Map<String,List<String>> customParams)
      Creates a new token request, with no explicit client authentication (maybe present in the grant depending on its type) and extension and custom parameters.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      resources - The resource URI(s), null if not specified.
      existingGrant - Existing refresh token for incremental authorisation of a public client, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      public TokenRequest(URI uri, ClientID clientID, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, RefreshToken existingGrant, Map<String,List<String>> customParams)
      Creates a new token request, with no explicit client authentication (maybe present in the grant depending on its type) and extension and custom parameters.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      existingGrant - Existing refresh token for incremental authorisation of a public client, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      public TokenRequest(URI uri, ClientID clientID, AuthorizationGrant authzGrant)
      Creates a new token request, with no explicit client authentication (maybe present in the grant depending on its type).
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.

    • TokenRequest

      public TokenRequest(URI uri, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request, without client authentication and a specified client identifier.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      public TokenRequest(URI uri, AuthorizationGrant authzGrant)
      Creates a new token request, without client authentication and a specified client identifier.
      Parameters:
      uri - The URI of the token endpoint. May be null if the toHTTPRequest() method will not be used.
      authzGrant - The authorisation grant. Must not be null.

  • Method Details

    • getAuthorizationGrant

      public AuthorizationGrant getAuthorizationGrant()
      Returns the authorisation grant.
      Returns:
      The authorisation grant.

    • getScope

      public Scope getScope()
      Returns the requested scope.
      Returns:
      The requested scope, null if not specified.

    • getAuthorizationDetails

      public List<AuthorizationDetail> getAuthorizationDetails()
      Returns the Rich Authorisation Request (RAR) details.
      Returns:
      The authorisation details, null if not specified.

    • getResources

      public List<URI> getResources()
      Returns the resource server URI.
      Returns:
      The resource URI(s), null if not specified.

    • getExistingGrant

      public RefreshToken getExistingGrant()
      Returns the existing refresh token for incremental authorisation of a public client, null if not specified.
      Returns:
      The existing grant, null if not specified.

    • getCustomParameters

      public Map<String,List<String>> getCustomParameters()
      Returns the additional custom parameters included in the request body.

      Example: 

       resource=http://xxxxxx/PartyOData
      Returns:
      The additional custom parameters as an unmodifiable map, empty map if none.

    • getCustomParameter

      public List<String> getCustomParameter(String name)
      Returns the specified custom parameter included in the request body.
      Parameters:
      name - The parameter name. Must not be null.
      Returns:
      The parameter value(s), null if not specified.

    • toHTTPRequest

      public HTTPRequest toHTTPRequest()
      Description copied from interface: Request
      Returns the matching HTTP request.
      Returns:
      The HTTP request.

    • parse

      public static TokenRequest parse(HTTPRequest httpRequest) throws ParseException
      Parses a token request from the specified HTTP request.
      Parameters:
      httpRequest - The HTTP request. Must not be null.
      Returns:
      The token request.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to a token request.