001package com.nimbusds.openid.connect.provider.spi.tokens; 002 003 004import java.util.Objects; 005 006import com.nimbusds.oauth2.sdk.id.Identifier; 007import net.jcip.annotations.Immutable; 008 009 010/** 011 * Identifier-based access token. The identifier must be sufficiently long and 012 * random to make brute force guessing impractical. The value of the access 013 * token value may be a direct string representation of the identifier, have 014 * some other encoding, or include additional security protection (e.g. HMAC to 015 * detect illegal / fake tokens). 016 * 017 * <p>Sample access token that is a 128 bit random identifier: 018 * 019 * <pre>NNEYDTdMd2qRiwq-GS6UiQ</pre> 020 * 021 * <p>Sample access token with the same 128 bit random identifier, protected 022 * with HMAC SHA-256 truncated to 128 bits: 023 * 024 * <pre>NNEYDTdMd2qRiwq-GS6UiQ.ZTOq370aTUQbpljYhJPbHw</pre> 025 */ 026@Immutable 027public final class IdentifierAccessToken { 028 029 030 /** 031 * The token identifier. 032 */ 033 private final Identifier id; 034 035 036 /** 037 * The token value. 038 */ 039 private final String tokenValue; 040 041 042 /** 043 * Creates a new identifier-based access token. The token value will be 044 * set to the string representation of the specified identifier. 045 * 046 * @param id The identifier to use as unique key for the token 047 * authorisation in the Connect2id server. Must be 048 * sufficiently long and random to make brute force guessing 049 * impractical. Must not be {@code null}. 050 */ 051 public IdentifierAccessToken(final Identifier id) { 052 053 this(id, id.getValue()); 054 } 055 056 057 /** 058 * Creates a new identifier-based access token. 059 * 060 * @param id The identifier to use as unique key for the token 061 * authorisation in the Connect2id server. Must be 062 * sufficiently long and random to make brute force 063 * guessing impractical. Must not be {@code null}. 064 * @param tokenValue The value of the bearer access token. May 065 * represent the string representation of the 066 * specified identifier, some other encoding, or 067 * include additional security protection (e.g. HMAC 068 * to detect illegal / fake tokens). Must not be 069 * {@code null}. 070 */ 071 public IdentifierAccessToken(final Identifier id, final String tokenValue) { 072 073 if (id == null) { 074 throw new IllegalArgumentException("The identifier must not be null"); 075 } 076 077 this.id = id; 078 079 if (tokenValue == null) { 080 throw new IllegalArgumentException("The token value must not be null"); 081 } 082 083 this.tokenValue = tokenValue; 084 } 085 086 087 /** 088 * Returns the access token identifier. 089 * 090 * @return The access token identifier. 091 */ 092 public Identifier getIdentifier() { 093 return id; 094 } 095 096 097 /** 098 * Returns the value of the bearer access token. 099 * 100 * @return The token value. 101 */ 102 public String getTokenValue() { 103 return tokenValue; 104 } 105 106 107 @Override 108 public String toString() { 109 return getIdentifier().getValue(); 110 } 111 112 113 @Override 114 public boolean equals(Object o) { 115 if (this == o) return true; 116 if (!(o instanceof IdentifierAccessToken)) return false; 117 IdentifierAccessToken that = (IdentifierAccessToken) o; 118 return Objects.equals(id, that.id); 119 } 120 121 122 @Override 123 public int hashCode() { 124 125 return Objects.hash(id); 126 } 127}