001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk; 019 020 021import java.util.List; 022import java.util.Map; 023 024import com.nimbusds.oauth2.sdk.ciba.CIBAGrant; 025import com.nimbusds.oauth2.sdk.device.DeviceCodeGrant; 026import com.nimbusds.oauth2.sdk.tokenexchange.TokenExchangeGrant; 027import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils; 028 029 030/** 031 * Authorisation grant. Extending classes should be immutable. 032 * 033 * <p>Supported authorisation grant types: 034 * 035 * <ul> 036 * <li>{@link GrantType#AUTHORIZATION_CODE Authorisation code} 037 * <li>{@link GrantType#PASSWORD Resource owner password credentials} 038 * <li>{@link GrantType#CLIENT_CREDENTIALS Client credentials} 039 * <li>{@link GrantType#REFRESH_TOKEN Refresh token} 040 * <li>{@link GrantType#JWT_BEARER} 041 * <li>{@link GrantType#SAML2_BEARER} 042 * <li>{@link GrantType#DEVICE_CODE} 043 * <li>{@link GrantType#CIBA} 044 * <li>{@link GrantType#TOKEN_EXCHANGE} 045 * </ul> 046 * 047 * <p>Related specifications: 048 * 049 * <ul> 050 * <li>OAuth 2.0 (RFC 6749), sections 1.3. 051 * </ul> 052 */ 053public abstract class AuthorizationGrant { 054 055 056 /** 057 * The authorisation grant type. 058 */ 059 private final GrantType type; 060 061 062 /** 063 * Creates a new authorisation grant. 064 * 065 * @param type The authorisation grant type. Must not be 066 * {@code null}. 067 */ 068 protected AuthorizationGrant(final GrantType type) { 069 070 if (type == null) 071 throw new IllegalArgumentException("The grant type must not be null"); 072 073 this.type = type; 074 } 075 076 077 /** 078 * Gets the authorisation grant type. 079 * 080 * @return The authorisation grant type. 081 */ 082 public GrantType getType() { 083 084 return type; 085 } 086 087 088 /** 089 * Returns the request body parameters for the authorisation grant. 090 * 091 * @return The parameters. 092 */ 093 public abstract Map<String,List<String>> toParameters(); 094 095 096 /** 097 * Parses an authorisation grant from the specified request body 098 * parameters. 099 * 100 * @param params The request body parameters. Must not be {@code null}. 101 * 102 * @return The authorisation grant. 103 * 104 * @throws ParseException If parsing failed or the grant type is not 105 * supported. 106 */ 107 public static AuthorizationGrant parse(final Map<String,List<String>> params) 108 throws ParseException { 109 110 // Parse grant type 111 String grantTypeString = MultivaluedMapUtils.getFirstValue(params, "grant_type"); 112 113 if (grantTypeString == null) { 114 String msg = "Missing grant_type parameter"; 115 throw new ParseException(msg, OAuth2Error.INVALID_REQUEST.appendDescription(": " + msg)); 116 } 117 118 GrantType grantType; 119 try { 120 grantType = GrantType.parse(grantTypeString); 121 } catch (ParseException e) { 122 String msg = "Invalid grant type: " + e.getMessage(); 123 throw new ParseException(msg, OAuth2Error.UNSUPPORTED_GRANT_TYPE.appendDescription(": " + msg)); 124 } 125 126 if (grantType.equals(GrantType.AUTHORIZATION_CODE)) { 127 128 return AuthorizationCodeGrant.parse(params); 129 130 } else if (grantType.equals(GrantType.REFRESH_TOKEN)) { 131 132 return RefreshTokenGrant.parse(params); 133 134 } else if (grantType.equals(GrantType.PASSWORD)) { 135 136 return ResourceOwnerPasswordCredentialsGrant.parse(params); 137 138 } else if (grantType.equals(GrantType.CLIENT_CREDENTIALS)) { 139 140 return ClientCredentialsGrant.parse(params); 141 142 } else if (grantType.equals(GrantType.JWT_BEARER)) { 143 144 return JWTBearerGrant.parse(params); 145 146 } else if (grantType.equals(GrantType.SAML2_BEARER)) { 147 148 return SAML2BearerGrant.parse(params); 149 150 } else if (grantType.equals(GrantType.DEVICE_CODE)) { 151 152 return DeviceCodeGrant.parse(params); 153 154 } else if (grantType.equals(GrantType.CIBA)) { 155 156 return CIBAGrant.parse(params); 157 158 } else if (grantType.equals(GrantType.TOKEN_EXCHANGE)) { 159 160 return TokenExchangeGrant.parse(params); 161 162 } else { 163 164 throw new ParseException("Invalid or unsupported grant type: " + grantType, OAuth2Error.UNSUPPORTED_GRANT_TYPE); 165 } 166 } 167}