All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.authlete.common.dto.TokenUpdateRequest Maven / Gradle / Ivy

Go to download

Authlete Java library used commonly by service implementations and the Authlete server.

There is a newer version: 4.15
Show newest version
/*
 * Copyright (C) 2016-2023 Authlete, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.authlete.common.dto;


import java.io.Serializable;


/**
 * Request to Authlete's {@code /auth/token/update} API.
 *
 * 

* The API is used to update an existing access token. *

* * *
*
*
accessToken
*
*

* An existing access token. *

*
* *
accessTokenExpiresAt
*
*

* A new date at which the access token will expire in milliseconds * since the Unix epoch (1970-01-01). If the {@code accessTokenExpiresAt} * request parameter is not included in a request or its value is 0 * (or negative), the expiration date of the access token is not changed. *

*
* *
scopes
*
*

* A new set of scopes assigned to the access token. Scopes that are * not supported by the service and those that the client application * associated with the access token is not allowed to request are * ignored on the server side. If the {@code scopes} request parameter * is not included in a request or its value is {@code null}, the scopes * of the access token are not changed. *

*
* *
properties
*
*

* A new set of properties assigned to the access token. If the * {@code properties} request parameter is not included in a request * or its value is {@code null}, the properties of the access token * are not changed. *

*
* *
accessTokenExpiresAtUpdatedOnScopeUpdate
*
*

* A boolean request parameter which indicates whether the API attempts to update * the expiration date of the access token when the scopes linked to the access * token are changed by this request. The default value is {@code false}. For more * details, see the description of * {@link #setAccessTokenExpiresAtUpdatedOnScopeUpdate(boolean)}. *

*
* *
accessTokenHash
*
*

* The hash of the access token value. Used when the hash of the token * is known (perhaps from lookup) but the value of the token itself is not. *

*

* The value of the {@code accessToken} parameter takes precedence. *

*
* *
accessTokenValueUpdated
*
*

* A boolean request parameter which indicates whether to update the value of * the access token in the data store. If this parameter is set to {@code true} * then a new access token value is generated by the server and returned in the * response. The default value is {@code false} and the access token's previous * value is retained. *

*
* *
certificateThumbprint (OPTIONAL)
*
*

* The thumbprint of the MTLS certificate bound to this token. If this field * is set, a certificate with the corresponding value MUST be presented with the * access token when it is used by a client. *

*
* *
dpopKeyThumbprint (OPTIONAL)
*
*

* The thumbprint of the public key used for DPoP presentation of this token. * If this field is set, a DPoP proof signed with the corresponding private key * MUST be presented with the access token when it is used by a client. Additionally, * the token's {@code token_type} will be set to 'DPoP'. *

*
* *
authorizationDetails (OPTIONAL)
*
*

* The value of the {@code authorization_details} to associate with the token. * If this value is {@code null}, the authorization details will not be changed. * If this value is set, it will completely replace the authorization details * previously set on the token. *

*
* *
forExternalAttachment (OPTIONAL)
*
*

* A boolean flag which indicates whether the access token is for an external * attachment. See External Attachments of OpenID Connect for Identity Assurance 1.0 for details about external * attachments. *

*
* *
*
* * @see TokenUpdateResponse * * @since 1.34 */ public class TokenUpdateRequest implements Serializable { private static final long serialVersionUID = 8L; private String accessToken; private long accessTokenExpiresAt; private long refreshTokenExpiresAt; private String[] scopes; private Property[] properties; private boolean accessTokenExpiresAtUpdatedOnScopeUpdate; private boolean refreshTokenExpiresAtUpdatedOnScopeUpdate; private boolean accessTokenPersistent; private String accessTokenHash; private boolean accessTokenValueUpdated; private String certificateThumbprint; private String dpopKeyThumbprint; private AuthzDetails authorizationDetails; private boolean forExternalAttachment; private String tokenId; /** * Get the access token to update. * * @return * The access token to update. */ public String getAccessToken() { return accessToken; } /** * Set an existing access token to update. * * @param accessToken * An existing access token to update. * * @return * {@code this} object. */ public TokenUpdateRequest setAccessToken(String accessToken) { this.accessToken = accessToken; return this; } /** * Get the new date at which the access token will expire. * * @return * The new expiration date in milliseconds since the Unix epoch (1970-01-01). */ public long getAccessTokenExpiresAt() { return accessTokenExpiresAt; } /** * Set the new date at which the access token will expire. * *

* If 0 or a negative value is given, the expiration date of the access token * is not changed. *

* * @param expiresAt * The new expiration date in milliseconds since the Unix epoch (1970-01-01). * * @return * {@code this} object. */ public TokenUpdateRequest setAccessTokenExpiresAt(long expiresAt) { this.accessTokenExpiresAt = expiresAt; return this; } /** * Get the new date at which the refresh token will expire. * * @return * The new expiration date in milliseconds since the Unix epoch (1970-01-01). * * @since 3.84 */ public long getRefreshTokenExpiresAt() { return refreshTokenExpiresAt; } /** * Set the new date at which the refresh token will expire. * *

* If 0 or a negative value is given, the expiration date of the refresh token * is not changed. *

* * @param expiresAt * The new expiration date in milliseconds since the Unix epoch (1970-01-01). * * @return * {@code this} object. * * @since 3.84 */ public TokenUpdateRequest setRefreshTokenExpiresAt(long expiresAt) { this.refreshTokenExpiresAt = expiresAt; return this; } /** * Get the new set of scopes assigned to the access token. * * @return * The new set of scopes. */ public String[] getScopes() { return scopes; } /** * Set a new set of scopes assigned to the access token. * *

* If {@code null} is given, the scope set associated with the access token * is not changed. *

* * @param scopes * A new set of scopes. {@code null} means that scopes are not changed. * * @return * {@code this} object. */ public TokenUpdateRequest setScopes(String[] scopes) { this.scopes = scopes; return this; } /** * Get a new set of properties assigned to the access token. * * @return * A new set of properties. */ public Property[] getProperties() { return properties; } /** * Set a new set of properties assigned to the access token. * *

* If {@code null} is given, the property set associated with the access token * is not changed. *

* * @param properties * A new set of properties. {@code null} means that properties are not changed. * * @return * {@code this} object. */ public TokenUpdateRequest setProperties(Property[] properties) { this.properties = properties; return this; } /** * Get the flag which indicates whether {@code /auth/token/update} API attempts * to update the expiration date of the access token when the scopes linked to * the access token are changed by this request. * * @return * The flag which indicates whether {@code /auth/token/update} API * attempts to update the expiration date of the access token when * the scopes linked to the access token are changed by this request. * * @since 2.29 */ public boolean isAccessTokenExpiresAtUpdatedOnScopeUpdate() { return accessTokenExpiresAtUpdatedOnScopeUpdate; } /** * Set the flag which indicates whether {@code /auth/token/update} API attempts * to update the expiration date of the access token when the scopes linked to * the access token are changed by this request. This request parameter is optional * and its default value is {@code false}. If this request parameter is set * to {@code true} and all of the following conditions are satisfied, the API * performs an update on the expiration date of the access token even if the * accessTokenExpiresAt request parameter is not explicitly specified * in the request. * *
    *
  1. The accessTokenExpiresAt request parameter is not included * in the request or its value is 0 (or negative). *
  2. The scopes linked to the access token are changed by the scopes * request parameter in the request. *
  3. Any of the new scopes to be linked to the access token has one or more * attributes specifying access token duration. *
* *

* When multiple access token duration values are found in the attributes of * the specified scopes, the smallest value among them is used. *

* *

* For more details, see the following examples. *

* *

* Example 1. * *

* Let's say we send the following request to {@code /auth/token/update} API *

* *
     * {
     *   "accessToken" : "JDGiiM9PuWT63FIwGjG9eYlGi-aZMq6CQ2IB475JUxs",
     *   "scopes" : ["read_profile"]
     * }
* *

* and "read_profile" has the following attributes. *

* *
     * {
     *   "key" : "access_token.duration",
     *   "value" : "10000"
     * }
* *

* In this case, the API evaluates "10000" as a new value of the * duration of the access token (in seconds) and updates the expiration date * of the access token using the duration. *

* * Example 2. * *

* Let's say we send the following request to {@code /auth/token/update} API *

* *
     * {
     *   "accessToken" : "JDGiiM9PuWT63FIwGjG9eYlGi-aZMq6CQ2IB475JUxs",
     *   "scopes" : ["read_profile", "write_profile"]
     * }
* *

* and "read_profile" has the following attributes *

* *
     * {
     *   "key" : "access_token.duration",
     *   "value" : "10000"
     * }
* *

* and "write_profile" has the following attributes. *

* *
     * {
     *   "key" : "access_token.duration",
     *   "value" : "5000"
     * }
* *

* In this case, the API evaluates "10000" and "5000" * as candidate values for new duration of the access token (in seconds) and * chooses the smallest value of them (i.e. "5000" is adopted) and updates the * expiration date of the access token using the duration. *

* * @param updated * The flag which indicates whether {@code /auth/token/update} API * attempts to update the expiration date of the access token when * the scopes linked to the access token are changed by this request. * * @return * {@code this} object. * * @since 2.29 */ public TokenUpdateRequest setAccessTokenExpiresAtUpdatedOnScopeUpdate(boolean updated) { this.accessTokenExpiresAtUpdatedOnScopeUpdate = updated; return this; } /** * Get the flag which indicates whether {@code /auth/token/update} API attempts * to update the expiration date of the refresh token when the scopes linked to * the refresh token are changed by this request. * * @return * The flag which indicates whether {@code /auth/token/update} API * attempts to update the expiration date of the refresh token when * the scopes linked to the refresh token are changed by this request. * * @since 3.85 */ public boolean isRefreshTokenExpiresAtUpdatedOnScopeUpdate() { return refreshTokenExpiresAtUpdatedOnScopeUpdate; } /** * Set the flag which indicates whether {@code /auth/token/update} API attempts * to update the expiration date of the refresh token when the scopes linked to * the refresh token are changed by this request. This request parameter is optional * and its default value is {@code false}. If this request parameter is set * to {@code true} and all of the following conditions are satisfied, the API * performs an update on the expiration date of the refresh token even if the * refreshTokenExpiresAt request parameter is not explicitly specified * in the request. * *
    *
  1. The refreshTokenExpiresAt request parameter is not included * in the request or its value is 0 (or negative). *
  2. The scopes linked to the refresh token are changed by the scopes * request parameter in the request. *
  3. Any of the new scopes to be linked to the refresh token has one or more * attributes specifying refresh token duration. *
* *

* When multiple refresh token duration values are found in the attributes of * the specified scopes, the smallest value among them is used. *

* *

* For more details, see the following examples. *

* *

* Example 1. * *

* Let's say we send the following request to {@code /auth/token/update} API *

* *
     * {
     *   "refreshToken" : "JDGiiM9PuWT63FIwGjG9eYlGi-aZMq6CQ2IB475JUxs",
     *   "scopes" : ["read_profile"]
     * }
* *

* and "read_profile" has the following attributes. *

* *
     * {
     *   "key" : "refresh_token.duration",
     *   "value" : "10000"
     * }
* *

* In this case, the API evaluates "10000" as a new value of the * duration of the refresh token (in seconds) and updates the expiration date * of the refresh token using the duration. *

* * Example 2. * *

* Let's say we send the following request to {@code /auth/token/update} API *

* *
     * {
     *   "refreshToken" : "JDGiiM9PuWT63FIwGjG9eYlGi-aZMq6CQ2IB475JUxs",
     *   "scopes" : ["read_profile", "write_profile"]
     * }
* *

* and "read_profile" has the following attributes *

* *
     * {
     *   "key" : "refresh_token.duration",
     *   "value" : "10000"
     * }
* *

* and "write_profile" has the following attributes. *

* *
     * {
     *   "key" : "refresh_token.duration",
     *   "value" : "5000"
     * }
* *

* In this case, the API evaluates "10000" and "5000" * as candidate values for new duration of the refresh token (in seconds) and * chooses the smallest value of them (i.e. "5000" is adopted) and updates the * expiration date of the refresh token using the duration. *

* * @param updated * The flag which indicates whether {@code /auth/token/update} API * attempts to update the expiration date of the refresh token when * the scopes linked to the refresh token are changed by this request. * * @return * {@code this} object. * * @since 3.85 */ public TokenUpdateRequest setRefreshTokenExpiresAtUpdatedOnScopeUpdate(boolean updated) { this.refreshTokenExpiresAtUpdatedOnScopeUpdate = updated; return this; } /** * Get whether the access token expires or not. By default, all access tokens * expire after a period of time determined by their service. If this request * parameter is {@code true} then the access token will not automatically * expire and must be revoked or deleted manually at the service. * *

* If this request parameter is {@code true}, the {@code accessTokenExpiresAt} * request parameter is ignored. If this request parameter is {@code false}, * the {@code accessTokenExpiresAt} request parameter is processed normally. *

* * @return * {@code false} if the access token expires (default). * {@code true} if the access token does not expire. * * @since 2.30 */ public boolean isAccessTokenPersistent() { return accessTokenPersistent; } /** * Set whether the access token expires or not. By default, all access tokens * expire after a period of time determined by their service. If this request * parameter is {@code true} then the access token will not automatically * expire and must be revoked or deleted manually at the service. * *

* If this request parameter is {@code true}, the {@code accessTokenExpiresAt} * request parameter is ignored. If this request parameter is {@code false}, * the {@code accessTokenExpiresAt} request parameter is processed normally. *

* * @param persistent * {@code false} to make the access token expire (default). * {@code true} to make the access token be persistent. * * @return * {@code this} object. * * @since 2.30 */ public TokenUpdateRequest setAccessTokenPersistent(boolean persistent) { this.accessTokenPersistent = persistent; return this; } /** * Get the hash of the access token value. Used when the hash of the token * is known (perhaps from lookup) but the value of the token itself is not. * *

* The value of the {@code accessToken} parameter takes precedence. *

* * @return * The hash of the access token value. * * @since 2.31 */ public String getAccessTokenHash() { return accessTokenHash; } /** * Set the hash of the access token value. Used when the hash of the token * is known (perhaps from lookup) but the value of the token itself is not. * *

* The value of the {@code accessToken} parameter takes precedence. *

* * @param accessTokenHash * The hash of the access token value. * * @return * {@code this} object. * * @since 2.31 */ public TokenUpdateRequest setAccessTokenHash(String accessTokenHash) { this.accessTokenHash = accessTokenHash; return this; } /** * Get whether to update the value of the access token in the data store. If * this parameter is set to {@code true} then a new access token value is * generated by the server and returned in the response. * * @return * {@code false} to keep the access token's current value (default). * {@code true} to have the server update the access token's value. * * @since 2.31 */ public boolean isAccessTokenValueUpdated() { return accessTokenValueUpdated; } /** * Set whether to update the value of the access token in the data store. If * this parameter is set to {@code true} then a new access token value is * generated by the server and returned in the response. * * @param updated * {@code false} to keep the access token's current value (default). * {@code true} to have the server update the access token's value. * * @return * {@code this} object. * * @since 2.31 */ public TokenUpdateRequest setAccessTokenValueUpdated(boolean updated) { this.accessTokenValueUpdated = updated; return this; } /** * Get the thumbprint of the MTLS certificate bound to this token. If this field * is set, a certificate with the corresponding value MUST be presented with the * access token when it is used by a client. * * @return * The SHA256 certificate thumbprint, base64url encoded. * * @since 2.72 */ public String getCertificateThumbprint() { return certificateThumbprint; } /** * Set the thumbprint of the MTLS certificate bound to this token. If this field * is set, a certificate with the corresponding value MUST be presented with the * access token when it is used by a client. * * @param certificateThumbprint * The SHA256 certificate thumbprint, base64url encoded. * * @return * {@code this} object. * * @since 2.72 */ public TokenUpdateRequest setCertificateThumbprint(String certificateThumbprint) { this.certificateThumbprint = certificateThumbprint; return this; } /** * Get the thumbprint of the public key used for DPoP presentation of this token. * If this field is set, a DPoP proof signed with the corresponding private key * MUST be presented with the access token when it is used by a client. Additionally, * the token's {@code token_type} will be set to 'DPoP'. * * @return * The JWK public key thumbprint. * * @since 2.72 */ public String getDpopKeyThumbprint() { return dpopKeyThumbprint; } /** * Set the thumbprint of the public key used for DPoP presentation of this token. * If this field is set, a DPoP proof signed with the corresponding private key * MUST be presented with the access token when it is used by a client. Additionally, * the token's {@code token_type} will be set to 'DPoP'. * * @param dpopKeyThumbprint * The JWK public key thumbprint. * * @return * {@code this} object. * * @since 2.72 */ public TokenUpdateRequest setDpopKeyThumbprint(String dpopKeyThumbprint) { this.dpopKeyThumbprint = dpopKeyThumbprint; return this; } /** * Get the authorization details. This represents the value of the * {@code "authorization_details"} request parameter which is defined in * "OAuth 2.0 Rich Authorization Requests". * * @return * Authorization details. * * @since 2.99 */ public AuthzDetails getAuthorizationDetails() { return authorizationDetails; } /** * Set the authorization details. This represents the value of the * {@code "authorization_details"} request parameter which is defined in * "OAuth 2.0 Rich Authorization Requests". * * @param authorizationDetails * Authorization details. * * @return * {@code this} object. * * @since 2.99 */ public TokenUpdateRequest setAuthorizationDetails(AuthzDetails authorizationDetails) { this.authorizationDetails = authorizationDetails; return this; } /** * Get the flag which indicates whether the access token is for an external * attachment. * * @return * {@code true} if the access token is for an external attachment. * * @since 3.16 * * @see OpenID Connect for Identity Assurance 1.0, External Attachments */ public boolean isForExternalAttachment() { return forExternalAttachment; } /** * Set the flag which indicates whether the access token is for an external * attachment. * * @param forExternalAttachment * {@code true} to indicate that the access token is for an * external attachment. * * @return * {@code this} object. * * @since 3.16 * * @see OpenID Connect for Identity Assurance 1.0, External Attachments */ public TokenUpdateRequest setForExternalAttachment(boolean forExternalAttachment) { this.forExternalAttachment = forExternalAttachment; return this; } /** * Get the token identifier. * * @return * The token identifier string. * * @since 3.23 * @since Authlete API 3.0 */ public String getTokenId() { return tokenId; } /** * Set the token identifier. * * @param tokenId * The token identifier string. * * @return * {@code this} object. * * @since 3.23 * @since Authlete API 3.0 */ public TokenUpdateRequest setTokenId(String tokenId) { this.tokenId = tokenId; return this; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy