Package com.sap.cloud.security.token

Interface AccessToken

All Superinterfaces:

Serializable, Token

public interface AccessToken
extends Token

Represents an access token in the format of a JSON Web Token (not a short opaque token). In difference to a ID token the access token has no/less information about the user but has information about the authorities (scopes).

Field Summary

Fields inherited from interface com.sap.cloud.security.token.Token

DEFAULT_TOKEN_FACTORY, services

Method Summary

Modifier and Type	Method	Description
default String	getAttributeFromClaimAsString(String claimName, String attributeName)	Returns the String value of a claim attribute.
Set<String>	getScopes()	Returns the set of the claim "scope".
default String	getSubaccountId()	Returns subaccount identifier.
boolean	hasLocalScope(String scope)	Check if a local scope is available in the authentication token.
boolean	hasScope(String scope)	Checks if a scope is available in the access token.

Methods inherited from interface com.sap.cloud.security.token.Token

getAppTid, getAttributeFromClaimAsStringList, getAudiences, getClaimAsJsonObject, getClaimAsString, getClaimAsStringList, getClaims, getClientId, getExpiration, getGrantType, getHeaderParameterAsString, getHeaders, getIssuer, getNotBefore, getPrincipal, getService, getTokenValue, getZoneId, hasClaim, hasHeaderParameter, isExpired

Method Details

getScopes

Set<String> getScopes()

Returns the set of the claim "scope".

Returns:

the set of the claim scope or empty list.

hasScope

boolean hasScope(String scope)

Checks if a scope is available in the access token.

Parameters:

scope - name of the scope

Returns:

true if scope is available

hasLocalScope

boolean hasLocalScope(@Nonnull
 String scope)

Check if a local scope is available in the authentication token. The exact definition of a local scope depends on the specific token implementation.

Parameters:

scope - name of local scope

Returns:

true if local scope is available

getSubaccountId

@Nullable
default String getSubaccountId()

Returns subaccount identifier. This reflects claim ext_attr.subaccountid in xsuaa access tokens. For example, commercialized multi-tenant applications with a need for metering and billing use getSubaccountId() method as identifier for the account to be billed.
Multi-tenant applications need to adapt using the zone ID instead of the subaccount ID as key for data isolation between tenants. For that purpose, use the Token.getZoneId() method instead.

Returns:

subaccount identifier or null

getAttributeFromClaimAsString

@Nullable
default String getAttributeFromClaimAsString(String claimName,
 String attributeName)

Returns the String value of a claim attribute.
"claimName": { "attributeName": "attributeValueAsString" },

Example:
import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);

Specified by:

getAttributeFromClaimAsString in interface Token

Returns:

the String value of a claim attribute or null if claim or its attribute does not exist.