Package co.elastic.clients.elasticsearch.security

Class GetTokenRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.GetTokenRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class GetTokenRequest extends RequestBase implements JsonpSerializable
Get a token.

Create a bearer token for access without requiring basic authentication. The tokens are created by the Elasticsearch Token Service, which is automatically enabled when you configure TLS on the HTTP interface. Alternatively, you can explicitly enable the xpack.security.authc.token.enabled setting. When you are running in production mode, a bootstrap check prevents you from enabling the token service unless you also enable TLS on the HTTP interface.

The get token API takes the same parameters as a typical OAuth 2.0 token API except for the use of a JSON request body.

A successful get token API call returns a JSON structure that contains the access token, the amount of time (seconds) that the token expires in, the type, and the scope if available.

The tokens returned by the get token API have a finite period of time for which they are valid and after that time period, they can no longer be used. That time period is defined by the xpack.security.authc.token.timeout setting. If you want to invalidate a token immediately, you can do so by using the invalidate token API.

See Also:

  • Field Details

  • Method Details

    • of

      public static GetTokenRequest of(Function<GetTokenRequest.Builder,ObjectBuilder<GetTokenRequest>> fn)

    • grantType

      @Nullable public final AccessTokenGrantType grantType()
      The type of grant. Supported grant types are: password, _kerberos, client_credentials, and refresh_token.

      API name: grant_type

    • kerberosTicket

      @Nullable public final String kerberosTicket()
      The base64 encoded kerberos ticket. If you specify the _kerberos grant type, this parameter is required. This parameter is not valid with any other supported grant type.

      API name: kerberos_ticket

    • password

      @Nullable public final String password()
      The user's password. If you specify the password grant type, this parameter is required. This parameter is not valid with any other supported grant type.

      API name: password

    • refreshToken

      @Nullable public final String refreshToken()
      The string that was returned when you created the token, which enables you to extend its life. If you specify the refresh_token grant type, this parameter is required. This parameter is not valid with any other supported grant type.

      API name: refresh_token

    • scope

      @Nullable public final String scope()
      The scope of the token. Currently tokens are only issued for a scope of FULL regardless of the value sent with the request.

      API name: scope

    • username

      @Nullable public final String username()
      The username that identifies the user. If you specify the password grant type, this parameter is required. This parameter is not valid with any other supported grant type.

      API name: username

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupGetTokenRequestDeserializer

      protected static void setupGetTokenRequestDeserializer(ObjectDeserializer<GetTokenRequest.Builder> op)