Package com.nimbusds.oauth2.sdk.token

Class DPoPAccessToken

java.lang.Object
com.nimbusds.oauth2.sdk.id.Identifier
com.nimbusds.oauth2.sdk.token.Token
com.nimbusds.oauth2.sdk.token.AccessToken
com.nimbusds.oauth2.sdk.token.DPoPAccessToken
All Implemented Interfaces:
Serializable, Comparable<Identifier>, net.minidev.json.JSONAware
@Immutable public class DPoPAccessToken extends AccessToken
DPoP access token.

Example DPoP access token serialised to JSON: 

 {
   "access_token" : "aeniniu3oogh2quoot7Aipie9IeGh3te",
   "token_type"   : "DPoP",
   "expires_in"   : 3600,
   "scope"        : "read write"
 }

The above example token serialised to an HTTP Authorization header: 

 Authorization: DPoP aeniniu3oogh2quoot7Aipie9IeGh3te

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 1.4 and 5.1.
  • OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) (RFC 9449)
  • OAuth 2.0 Rich Authorization Requests (RFC 9396), section 7.
  • OAuth 2.0 Token Exchange (RFC 8693), section 3.
See Also:

  • Constructor Details

    • DPoPAccessToken

      public DPoPAccessToken(String value)
      Creates a new minimal DPoP access token with the specified value. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      value - The access token value. Must not be null or empty string.

    • DPoPAccessToken

      public DPoPAccessToken(String value, long lifetime, Scope scope)
      Creates a new DPoP access token with the specified value. The optional token type URI is left unspecified.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • DPoPAccessToken

      public DPoPAccessToken(String value, long lifetime, Scope scope, TokenTypeURI issuedTokenType)
      Creates a new DPoP access token with the specified value.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

    • DPoPAccessToken

      public DPoPAccessToken(String value, long lifetime, Scope scope, List<AuthorizationDetail> authorizationDetails, TokenTypeURI issuedTokenType)
      Creates a new DPoP access token with the specified value.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      authorizationDetails - The authorisation details, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

  • Method Details

    • toAuthorizationHeader

      public String toAuthorizationHeader()
      Returns the HTTP Authorization header value for this DPoP access token.

      Example: 

       Authorization: DPoP aeniniu3oogh2quoot7Aipie9IeGh3te
      Specified by:
      toAuthorizationHeader in class AccessToken
      Returns:
      The HTTP Authorization header.

    • equals

      public boolean equals(Object object)
      Overrides:
      equals in class Identifier

    • parse

      public static DPoPAccessToken parse(net.minidev.json.JSONObject jsonObject) throws ParseException
      Parses a DPoP access token from a JSON object access token response.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The DPoP access token.
      Throws:
      ParseException - If the JSON object couldn't be parsed to a DPoP access token.

    • parse

      public static DPoPAccessToken parse(String header) throws ParseException
      Parses an HTTP Authorization header for a DPoP access token.
      Parameters:
      header - The HTTP Authorization header value to parse. May be null if the header is missing, in which case an exception will be thrown.
      Returns:
      The DPoP access token.
      Throws:
      ParseException - If the HTTP Authorization header value couldn't be parsed to a DPoP access token.

    • parse

      public static DPoPAccessToken parse(Map<String,List<String>> parameters) throws ParseException
      Parses a query or form parameters map for a DPoP access token.
      Parameters:
      parameters - The query parameters. Must not be null.
      Returns:
      The DPoP access token.
      Throws:
      ParseException - If a DPoP access token wasn't found in the parameters.

    • parse

      public static DPoPAccessToken parse(HTTPRequest request) throws ParseException
      Parses an HTTP request for a DPoP access token.
      Parameters:
      request - The HTTP request to parse. Must not be null.
      Returns:
      The DPoP access token.
      Throws:
      ParseException - If a DPoP access token wasn't found in the HTTP request.