Package com.nimbusds.oauth2.sdk.token

Class BearerAccessToken

java.lang.Object
com.nimbusds.oauth2.sdk.id.Identifier
com.nimbusds.oauth2.sdk.token.Token
com.nimbusds.oauth2.sdk.token.AccessToken
com.nimbusds.oauth2.sdk.token.BearerAccessToken
All Implemented Interfaces:
Serializable, Comparable<Identifier>, net.minidev.json.JSONAware
@Immutable public class BearerAccessToken extends AccessToken
Bearer access token.

Example bearer access token serialised to JSON: 

 {
   "access_token" : "2YotnFZFEjr1zCsicMWpAA",
   "token_type"   : "bearer",
   "expires_in"   : 3600,
   "scope"        : "read write"
 }

The above example token serialised to an HTTP Authorization header: 

 Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 1.4 and 5.1.
  • OAuth 2.0 Bearer Token Usage (RFC 6750).
  • OAuth 2.0 Rich Authorization Requests (RFC 9396), section 7.
  • OAuth 2.0 Token Exchange (RFC 8693), section 3.
See Also:

  • Constructor Details

    • BearerAccessToken

      public BearerAccessToken()
      Creates a new minimal bearer access token with a randomly generated 256-bit (32-byte) value, Base64URL-encoded. The optional lifetime, scope and token type URI are left unspecified.

    • BearerAccessToken

      public BearerAccessToken(int byteLength)
      Creates a new minimal bearer access token with a randomly generated value of the specified byte length, Base64URL-encoded. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      byteLength - The byte length of the value to generate. Must be greater than one.

    • BearerAccessToken

      public BearerAccessToken(long lifetime, Scope scope)
      Creates a new bearer access token with a randomly generated 256-bit (32-byte) value, Base64URL-encoded. The optional token type URI is left unspecified.
      Parameters:
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • BearerAccessToken

      public BearerAccessToken(int byteLength, long lifetime, Scope scope)
      Creates a new bearer access token with a randomly generated value of the specified byte length, Base64URL-encoded. The optional token type URI is left unspecified.
      Parameters:
      byteLength - The byte length of the value to generate. Must be greater than one.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • BearerAccessToken

      public BearerAccessToken(String value)
      Creates a new minimal bearer access token with the specified value. The optional lifetime, scope and token type URI are left unspecified.
      Parameters:
      value - The access token value. Must not be null or empty string.

    • BearerAccessToken

      public BearerAccessToken(String value, long lifetime, Scope scope)
      Creates a new bearer access token with the specified value. The token type URI is left unspecified.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.

    • BearerAccessToken

      public BearerAccessToken(String value, long lifetime, Scope scope, TokenTypeURI issuedTokenType)
      Creates a new bearer access token with the specified value.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

    • BearerAccessToken

      public BearerAccessToken(String value, long lifetime, Scope scope, List<AuthorizationDetail> authorizationDetails, TokenTypeURI issuedTokenType)
      Creates a new bearer access token with the specified value.
      Parameters:
      value - The access token value. Must not be null or empty string.
      lifetime - The lifetime in seconds, 0 if not specified.
      scope - The scope, null if not specified.
      authorizationDetails - The authorisation details, null if not specified.
      issuedTokenType - The token type URI, null if not specified.

  • Method Details

    • toAuthorizationHeader

      public String toAuthorizationHeader()
      Returns the HTTP Authorization header value for this bearer access token.

      Example: 

       Authorization: Bearer eyJhbGciOiJIUzI1NiJ9
      Specified by:
      toAuthorizationHeader in class AccessToken
      Returns:
      The HTTP Authorization header.

    • equals

      public boolean equals(Object object)
      Overrides:
      equals in class Identifier

    • parse

      public static BearerAccessToken parse(net.minidev.json.JSONObject jsonObject) throws ParseException
      Parses a bearer access token from a JSON object access token response.
      Parameters:
      jsonObject - The JSON object to parse. Must not be null.
      Returns:
      The bearer access token.
      Throws:
      ParseException - If the JSON object couldn't be parsed to a bearer access token.

    • parse

      public static BearerAccessToken parse(String header) throws ParseException
      Parses an HTTP Authorization header for a bearer access token.
      Parameters:
      header - The HTTP Authorization header value to parse. May be null if the header is missing, in which case an exception will be thrown.
      Returns:
      The bearer access token.
      Throws:
      ParseException - If the HTTP Authorization header value couldn't be parsed to a bearer access token.

    • parse

      public static BearerAccessToken parse(Map<String,List<String>> parameters) throws ParseException
      Parses a query or form parameters map for a bearer access token.
      Parameters:
      parameters - The query parameters. Must not be null.
      Returns:
      The bearer access token.
      Throws:
      ParseException - If a bearer access token wasn't found in the parameters.

    • parse

      public static BearerAccessToken parse(HTTPRequest request) throws ParseException
      Parses an HTTP request for a bearer access token.
      Parameters:
      request - The HTTP request to parse. Must not be null.
      Returns:
      The bearer access token.
      Throws:
      ParseException - If a bearer access token wasn't found in the HTTP request.