Package com.linecorp.armeria.common.auth.oauth2

Class OAuth2TokenDescriptor

java.lang.Object
com.linecorp.armeria.common.auth.oauth2.OAuth2TokenDescriptor
All Implemented Interfaces:
Serializable
@UnstableApi
public class OAuth2TokenDescriptor
extends Object
implements Serializable
Defines a structure of the Token Introspection Response, as per [RFC7662], Section 2.2.
See Also:
Serialized Form

  • Method Details

    • parse

      public static OAuth2TokenDescriptor parse​(String rawResponse)
      Creates a new OAuth2TokenDescriptor based on the JSON-formatted raw response body.
      Parameters:
      rawResponse - JSON-formatted raw response body.
      Returns:
      A new instance of OAuth2TokenDescriptor.

    • builder

      public static OAuth2TokenDescriptorBuilder builder​(boolean active)
      Creates a new OAuth2TokenDescriptorBuilder to build a new OAuth2TokenDescriptor and supplied it with a value of active Token Introspection Response field.
      Returns:
      A new instance of OAuth2TokenDescriptorBuilder.

    • isActive

      public boolean isActive()
      "active" Token Introspection Response field, REQUIRED. Boolean indicator of whether or not the presented token is currently active. The specifics of a token's "active" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a "true" value return for the "active" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).

    • isValid

      public boolean isValid​(Instant instant)
      Indicates whether or not the Token expire at the given Instant time based on expiresAt() function.

    • isValid

      public boolean isValid()
      Indicates whether or not the Token already expired based on expiresAt() function.

    • isNotBefore

      public boolean isNotBefore()
      Indicates whether or not the Token used prematurely based on notBefore() function.

    • scope

      @Nullable public String scope()
      "scope" Token Introspection Response field, OPTIONAL. A JSON string containing a space-separated list of scopes associated with this token, in the format described at [RFC6749], Section 3.3.

    • scopeSet

      public Set<String> scopeSet()
      "scope" Token Introspection Response field, OPTIONAL. A Set of case-sensitive scope strings. The strings are defined by the authorization server.

    • clientId

      @Nullable public String clientId()
      "client_id" Token Introspection Response field, OPTIONAL. Client identifier for the OAuth 2.0 client that requested this token.

    • userName

      @Nullable public String userName()
      "username" Token Introspection Response field, OPTIONAL. Human-readable identifier for the resource owner who authorized this token.

    • tokenType

      @Nullable public String tokenType()
      "token_type" Token Introspection Response field, OPTIONAL. Type of the token as defined at [RFC6749], Section 7.1.

    • expiresAt

      @Nullable public Instant expiresAt()
      "exp" Token Introspection Response field, OPTIONAL. Instant timestamp, indicating when this token will expire, as defined at [RFC7519].

    • issuedAt

      @Nullable public Instant issuedAt()
      "iat" Token Introspection Response field, OPTIONAL. Instant timestamp, indicating when this token was originally issued, as defined at [RFC7519].

    • expiresIn

      @Nullable public Duration expiresIn()
      Duration indicating the lifetime of the access token. The value is NOT supplied with the Token Introspection response and calculated based on "iat" and "exp" response fields every time this method invoked.

    • notBefore

      @Nullable public Instant notBefore()
      "nbf" Token Introspection Response field, OPTIONAL. Instant timestamp, indicating when this token is not to be used before, as defined at [RFC7519].

    • subject

      @Nullable public String subject()
      "sub" Token Introspection Response field, OPTIONAL. Subject of the token. Usually a machine-readable identifier of the resource owner who authorized this token. As defined at [RFC7519].

    • audience

      @Nullable public String audience()
      "aud" Token Introspection Response field, OPTIONAL. Service-specific string identifier or list of string identifiers representing the intended audience for this token, as defined at [RFC7519].

    • issuer

      @Nullable public String issuer()
      "iss" Token Introspection Response field, OPTIONAL. String representing the issuer of this token, as defined at [RFC7519].

    • jwtId

      @Nullable public String jwtId()
      "jti" Token Introspection Response field, OPTIONAL. String identifier for the token - JWT ID, as defined at [RFC7519].

    • extras

      public Map<String,​String> extras()
      A Map of extra system-specific token parameters included with Token Introspection Response, OPTIONAL.

    • rawResponse

      public String rawResponse()
      JSON-formatted raw Token Introspection Response body. If the OAuth2TokenDescriptor was not parsed out of the raw response body, this value calculated based on the other OAuth2TokenDescriptor values.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public boolean equals​(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object