Package com.nimbusds.oauth2.sdk.token

Class AccessToken

java.lang.Object
com.nimbusds.oauth2.sdk.id.Identifier
com.nimbusds.oauth2.sdk.token.Token
com.nimbusds.oauth2.sdk.token.AccessToken
All Implemented Interfaces:
Serializable, Comparable<Identifier>, net.minidev.json.JSONAware
Direct Known Subclasses:
BearerAccessToken, DPoPAccessToken, NAAccessToken, TypelessAccessToken
public abstract class AccessToken extends Token
The base abstract class for access tokens. Concrete extending classes should be immutable.

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 1.4 and 5.1.
  • OAuth 2.0 Rich Authorization Requests (RFC 9396), section 7.
  • OAuth 2.0 Token Exchange (RFC 8693), section 3.
See Also:

  • Constructor Details

    • AccessToken

      public AccessToken(AccessTokenType type)
      Creates a new minimal access token with a randomly generated 256-bit (32-byte) value, Base64URL-encoded. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      type - The access token type. Must not be null.

    • AccessToken

      public AccessToken(AccessTokenType type, int byteLength)
      Creates a new minimal access token with a randomly generated value of the specified byte length, Base64URL-encoded. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      type - The access token type. Must not be null.
      byteLength - The byte length of the value to generate. Must be greater than one.

    • AccessToken

      public AccessToken(AccessTokenType type, long lifetime, Scope scope)
      Creates a new access token with a randomly generated 256-bit (32-byte) value, Base64URL-encoded. The optional token type URI is left unspecified.
      Parameters:
      type - The access token type. Must not be null.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, int byteLength, long lifetime, Scope scope)
      Creates a new access token with a randomly generated value of the specified byte length, Base64URL-encoded. The optional token type URI is left unspecified.
      Parameters:
      type - The access token type. Must not be null.
      byteLength - The byte length of the value to generate. Must be greater than one.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, int byteLength, long lifetime, Scope scope, TokenTypeURI issuedTokenType)
      Creates a new access token with a randomly generated value of the specified byte length, Base64URL-encoded.
      Parameters:
      type - The access token type. Must not be null.
      byteLength - The byte length of the value to generate. Must be greater than one.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, int byteLength, long lifetime, Scope scope, List<AuthorizationDetail> authorizationDetails, TokenTypeURI issuedTokenType)
      Creates a new access token with a randomly generated value of the specified byte length, Base64URL-encoded.
      Parameters:
      type - The access token type. Must not be null.
      byteLength - The byte length of the value to generate. Must be greater than one.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      authorizationDetails - The authorisation details, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, String value)
      Creates a new minimal access token with the specified value. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      type - The access token type. Must not be null.
      value - The access token value. Must not be null or empty string.

    • AccessToken

      public AccessToken(AccessTokenType type, String value, long lifetime, Scope scope)
      Creates a new access token with the specified value. The optional token type URI is left unspecified.
      Parameters:
      type - The access token type. Must not be null.
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, String value, long lifetime, Scope scope, TokenTypeURI issuedTokenType)
      Creates a new access token with the specified value.
      Parameters:
      type - The access token type. Must not be null.
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

    • AccessToken

      public AccessToken(AccessTokenType type, String value, long lifetime, Scope scope, List<AuthorizationDetail> authorizationDetails, TokenTypeURI issuedTokenType)
      Creates a new access token with the specified value.
      Parameters:
      type - The access token type. Must not be null.
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      authorizationDetails - The authorisation details, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

  • Method Details

    • getType

      public AccessTokenType getType()
      Returns the access token type.
      Returns:
      The access token type.

    • getLifetime

      public long getLifetime()
      Returns the lifetime of this access token.
      Returns:
      The lifetime in seconds, 0 if not specified.

    • getScope

      public Scope getScope()
      Returns the scope of this access token.
      Returns:
      The scope, null if not specified.

    • getAuthorizationDetails

      public List<AuthorizationDetail> getAuthorizationDetails()
      Returns the authorisation details for this access token.
      Returns:
      The authorisation details, null if not specified.

    • getIssuedTokenType

      public TokenTypeURI getIssuedTokenType()
      Returns the identifier URI for the type of this access token. Used in OAuth 2.0 Token Exchange (RFC 8693).
      Returns:
      The token type URI, null if not specified.

    • getParameterNames

      public Set<String> getParameterNames()
      Description copied from class: Token
      Returns the token parameter names included in the JSON object, as required for the composition of an access token response. See OAuth 2.0 (RFC 6749), section 5.1.
      Specified by:
      getParameterNames in class Token
      Returns:
      The token parameter names.

    • toJSONObject

      public net.minidev.json.JSONObject toJSONObject()
      Description copied from class: Token
      Returns the token parameters as a JSON object, as required for the composition of an access token response. See OAuth 2.0 (RFC 6749), section 5.1.

      Note that JSONObject implements Map&lt;String,Object&gt;.

      Example: 

       {
   "access_token"      : "2YotnFZFEjr1zCsicMWpAA",
   "token_type"        : "example",
   "expires_in"        : 3600,
   "example_parameter" : "example_value"
 }
      Specified by:
      toJSONObject in class Token
      Returns:
      The token parameters as a JSON object.

    • toJSONString

      public String toJSONString()
      Description copied from class: Identifier
      Returns the JSON string representation of this identifier.
      Specified by:
      toJSONString in interface net.minidev.json.JSONAware
      Overrides:
      toJSONString in class Identifier
      Returns:
      The JSON string.

    • toAuthorizationHeader

      public abstract String toAuthorizationHeader()
      Returns the Authorization HTTP request header value for this access token.
      Returns:
      The Authorization header value.

    • parse

      public static AccessToken parse(net.minidev.json.JSONObject jsonObject) throws ParseException
      Parses an access token from a JSON object access token response. Only bearer and DPoP access tokens are supported.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The access token.
      Throws:
      ParseException - If the JSON object couldn't be parsed to an access token.

    • parse

      @Deprecated public static AccessToken parse(String header) throws ParseException
      Deprecated.
      Parses an Authorization HTTP request header value for an access token. Only bearer access token are supported.
      Parameters:
      header - The Authorization header value to parse. Must not be null.
      Returns:
      The access token.
      Throws:
      ParseException - If the Authorization header value couldn't be parsed to an access token.
      See Also:

    • parse

      public static AccessToken parse(String header, AccessTokenType preferredType) throws ParseException
      Parses an Authorization HTTP request header value for an access token. Only bearer and DPoP access token are supported.
      Parameters:
      header - The Authorization header value to parse. Must not be null.
      preferredType - The preferred (primary) access token type. Must be either AccessTokenType.BEARER or AccessTokenType.DPOP and not null.
      Returns:
      The access token.
      Throws:
      ParseException - If the Authorization header value couldn't be parsed to an access token.

    • parse

      public static AccessToken parse(HTTPRequest request) throws ParseException
      Parses an HTTP request header value for an access token.
      Parameters:
      request - The HTTP request to parse. Must not be null.
      Returns:
      The access token.
      Throws:
      ParseException - If an access token wasn't found in the HTTP request.