Package com.nimbusds.oauth2.sdk

Class TokenRequest

java.lang.Object
com.nimbusds.oauth2.sdk.AbstractRequest
com.nimbusds.oauth2.sdk.AbstractOptionallyAuthenticatedRequest
com.nimbusds.oauth2.sdk.AbstractOptionallyIdentifiedRequest
com.nimbusds.oauth2.sdk.TokenRequest
All Implemented Interfaces:
Message, Request
@Immutable public class TokenRequest extends AbstractOptionallyIdentifiedRequest
Token request. Used to obtain an access token and an optional refresh token at the tokens endpoint of an authorisation server. Supports custom request parameters.

Example token request with an authorisation code grant: 

 POST /token HTTP/1.1
 Host: server.example.com
 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

 grant_type=authorization_code
 &code=SplxlOBeZQQYbYS6WxSbIA
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb

Related specifications:

  • OAuth 2.0 (RFC 6749)
  • OAuth 2.0 Rich Authorization Requests (RFC 9396)
  • Resource Indicators for OAuth 2.0 (RFC 8707)
  • OAuth 2.0 Incremental Authorization (draft-ietf-oauth-incremental-authz)
  • OpenID Connect Native SSO for Mobile Apps 1.0

  • Constructor Details

    • TokenRequest

      public TokenRequest(URI endpoint, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request with client authentication.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope, List<URI> resources, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new token request with client authentication and extension and custom parameters.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      resources - The resource URI(s), null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new token request with client authentication and extension and custom parameters.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientAuthentication clientAuth, AuthorizationGrant authzGrant)
      Deprecated.
      Creates a new token request with client authentication.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.

    • TokenRequest

      public TokenRequest(URI endpoint, ClientID clientID, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request with no (explicit) client authentication. The grant itself may be used to authenticate the client.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientID clientID, AuthorizationGrant authzGrant, Scope scope, List<URI> resources, RefreshToken existingGrant, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new token request, with no (explicit) client authentication and extension and custom parameters. The grant itself may be used to authenticate the client.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      resources - The resource URI(s), null if not specified.
      existingGrant - Existing refresh token for incremental authorisation of a public client, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientID clientID, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, RefreshToken existingGrant, Map<String,List<String>> customParams)
      Deprecated.
      Creates a new token request, with no (explicit) client authentication and extension and custom parameters. The grant itself may be used to authenticate the client.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      existingGrant - Existing refresh token for incremental authorisation of a public client, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, ClientID clientID, AuthorizationGrant authzGrant)
      Deprecated.
      Creates a new token request, with no (explicit) client authentication. The grant itself may be used to authenticate the client.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.

    • TokenRequest

      public TokenRequest(URI endpoint, AuthorizationGrant authzGrant, Scope scope)
      Creates a new token request with no (explicit) client authentication, the client identifier is inferred from the authorisation grant.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.

    • TokenRequest

      @Deprecated public TokenRequest(URI endpoint, AuthorizationGrant authzGrant)
      Deprecated.
      Creates a new token request with no (explicit) client authentication, the client identifier is inferred from the authorisation grant.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      authzGrant - The authorisation grant. Must not be null.

    • TokenRequest

      public TokenRequest(URI endpoint, ClientAuthentication clientAuth, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, DeviceSecret deviceSecret, Map<String,List<String>> customParams)
      Creates a new token request with client authentication and extension and custom parameters.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going be used.
      clientAuth - The client authentication. Must not be null.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      deviceSecret - The device secret, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

    • TokenRequest

      public TokenRequest(URI endpoint, ClientID clientID, AuthorizationGrant authzGrant, Scope scope, List<AuthorizationDetail> authorizationDetails, List<URI> resources, RefreshToken existingGrant, DeviceSecret deviceSecret, Map<String,List<String>> customParams)
      Creates a new token request, with no (explicit) client authentication and extension and custom parameters. The grant itself may be used to authenticate the client.
      Parameters:
      endpoint - The URI of the token endpoint. May be null if the toHTTPRequest() method is not going to be used.
      clientID - The client identifier, null if not specified.
      authzGrant - The authorisation grant. Must not be null.
      scope - The requested scope, null if not specified.
      authorizationDetails - The Rich Authorisation Request (RAR) details, null if not specified.
      resources - The resource URI(s), null if not specified.
      existingGrant - Existing refresh token for incremental authorisation of a public client, null if not specified.
      deviceSecret - The device secret, null if not specified.
      customParams - Custom parameters to be included in the request body, empty map or null if none.

  • Method Details

    • getAuthorizationGrant

      public AuthorizationGrant getAuthorizationGrant()
      Returns the authorisation grant.
      Returns:
      The authorisation grant.

    • getScope

      public Scope getScope()
      Returns the requested scope. Corresponds to the scope parameter.
      Returns:
      The requested scope, null if not specified.

    • getAuthorizationDetails

      public List<AuthorizationDetail> getAuthorizationDetails()
      Returns the Rich Authorisation Request (RAR) details. Corresponds to the authorization_details parameter.
      Returns:
      The authorisation details, null if not specified.

    • getResources

      public List<URI> getResources()
      Returns the resource server URI. Corresponds to the resource parameter.
      Returns:
      The resource URI(s), null if not specified.

    • getExistingGrant

      public RefreshToken getExistingGrant()
      Returns the existing refresh token for incremental authorisation of a public client. Corresponds to the existing_grant parameter.
      Returns:
      The existing grant, null if not specified.

    • getDeviceSecret

      public DeviceSecret getDeviceSecret()
      Returns the device secret for native SSO. Corresponds to the device_secret parameter.
      Returns:
      The device secret, null if not specified.

    • getCustomParameters

      public Map<String,List<String>> getCustomParameters()
      Returns the additional custom parameters included in the request body.
      Returns:
      The additional custom parameters as an unmodifiable map, empty map if none.

    • getCustomParameter

      public List<String> getCustomParameter(String name)
      Returns the specified custom parameter included in the request body.
      Parameters:
      name - The parameter name. Must not be null.
      Returns:
      The parameter value(s), null if not specified.

    • toHTTPRequest

      public HTTPRequest toHTTPRequest()
      Description copied from interface: Request
      Returns the matching HTTP request.
      Returns:
      The HTTP request.

    • parse

      public static TokenRequest parse(HTTPRequest httpRequest) throws ParseException
      Parses a token request from the specified HTTP request.
      Parameters:
      httpRequest - The HTTP request. Must not be null.
      Returns:
      The token request.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to a token request.