com.nimbusds.oauth2.sdk.token.DPoPAccessToken Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of com.liferay.mail.outlook.auth.connector.provider
Show all versions of com.liferay.mail.outlook.auth.connector.provider
Liferay Mail Outlook Auth Connector Provider
/*
* oauth2-oidc-sdk
*
* Copyright 2012-2016, Connect2id Ltd and contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.nimbusds.oauth2.sdk.token;
import java.util.List;
import java.util.Map;
import net.jcip.annotations.Immutable;
import net.minidev.json.JSONObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
/**
* DPoP access token.
*
* Example DPoP access token serialised to JSON:
*
*
* {
* "access_token" : "aeniniu3oogh2quoot7Aipie9IeGh3te",
* "token_type" : "DPoP",
* "expires_in" : 3600,
* "scope" : "read write"
* }
*
*
* The above example token serialised to a HTTP Authorization header:
*
*
* Authorization: DPoP aeniniu3oogh2quoot7Aipie9IeGh3te
*
*
* Related specifications:
*
*
* - OAuth 2.0 (RFC 6749), sections 1.4 and 5.1.
*
- OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer
* (DPoP) (draft-ietf-oauth-dpop-11)
*
- OAuth 2.0 Token Exchange (RFC 8693), section 3.
*
*/
@Immutable
public class DPoPAccessToken extends AccessToken {
private static final long serialVersionUID = 7745184045632691024L;
/**
* Creates a new minimal DPoP access token with the specified value.
* The optional lifetime, scope and token type URI are left
* unspecified.
*
* @param value The access token value. Must not be {@code null} or
* empty string.
*/
public DPoPAccessToken(final String value) {
this(value, 0L, null);
}
/**
* Creates a new DPoP access token with the specified value. The
* optional token type URI is left unspecified.
*
* @param value The access token value. Must not be {@code null} or
* empty string.
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
*/
public DPoPAccessToken(final String value, final long lifetime, final Scope scope) {
this(value, lifetime, scope, null);
}
/**
* Creates a new DPoP access token with the specified value.
*
* @param value The access token value. Must not be
* {@code null} or empty string.
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
* @param issuedTokenType The token type URI, {@code null} if not
* specified.
*/
public DPoPAccessToken(final String value, final long lifetime, final Scope scope, final TokenTypeURI issuedTokenType) {
super(AccessTokenType.DPOP, value, lifetime, scope, issuedTokenType);
}
/**
* Returns the HTTP Authorization header value for this DPoP access
* token.
*
* Example:
*
*
* Authorization: DPoP aeniniu3oogh2quoot7Aipie9IeGh3te
*
*
* @return The HTTP Authorization header.
*/
@Override
public String toAuthorizationHeader(){
return "DPoP " + getValue();
}
@Override
public boolean equals(final Object object) {
return object instanceof DPoPAccessToken &&
this.toString().equals(object.toString());
}
/**
* Parses a DPoP access token from a JSON object access token
* response.
*
* @param jsonObject The JSON object to parse. Must not be
* {@code null}.
*
* @return The DPoP access token.
*
* @throws ParseException If the JSON object couldn't be parsed to a
* DPoP access token.
*/
public static DPoPAccessToken parse(final JSONObject jsonObject)
throws ParseException {
AccessTokenUtils.parseAndEnsureType(jsonObject, AccessTokenType.DPOP);
String accessTokenValue = AccessTokenUtils.parseValue(jsonObject);
long lifetime = AccessTokenUtils.parseLifetime(jsonObject);
Scope scope = AccessTokenUtils.parseScope(jsonObject);
TokenTypeURI issuedTokenType = AccessTokenUtils.parseIssuedTokenType(jsonObject);
return new DPoPAccessToken(accessTokenValue, lifetime, scope, issuedTokenType);
}
/**
* Parses an HTTP Authorization header for a DPoP access token.
*
* @param header The HTTP Authorization header value to parse. May be
* {@code null} if the header is missing, in which case
* an exception will be thrown.
*
* @return The DPoP access token.
*
* @throws ParseException If the HTTP Authorization header value
* couldn't be parsed to a DPoP access token.
*/
public static DPoPAccessToken parse(final String header)
throws ParseException {
return new DPoPAccessToken(AccessTokenUtils.parseValueFromHeader(header, AccessTokenType.DPOP));
}
/**
* Parses a query or form parameters map for a bearer access token.
*
* @param parameters The query parameters. Must not be {@code null}.
*
* @return The bearer access token.
*
* @throws ParseException If a bearer access token wasn't found in the
* parameters.
*/
public static DPoPAccessToken parse(final Map> parameters)
throws ParseException {
return new DPoPAccessToken(AccessTokenUtils.parseValueFromQueryParameters(parameters, AccessTokenType.DPOP));
}
/**
* Parses an HTTP request for a bearer access token.
*
* @param request The HTTP request to parse. Must not be {@code null}.
*
* @return The bearer access token.
*
* @throws ParseException If a bearer access token wasn't found in the
* HTTP request.
*/
public static DPoPAccessToken parse(final HTTPRequest request)
throws ParseException {
// See http://tools.ietf.org/html/rfc6750#section-2
String authzHeader = request.getAuthorization();
if (authzHeader != null) {
return parse(authzHeader);
}
// Try alternative token locations, form and query string are
// parameters are not differentiated here
Map> params = request.getQueryParameters();
return parse(params);
}
}