com.nimbusds.openid.connect.provider.spi.impl.common.AccessTokenConfig Maven / Gradle / Ivy
package com.nimbusds.openid.connect.provider.spi.impl.common;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.token.TokenEncoding;
import com.thetransactioncompany.util.PropertyParseException;
import com.thetransactioncompany.util.PropertyRetriever;
import net.jcip.annotations.Immutable;
import java.util.*;
/**
* Access token configuration.
*/
@Immutable
public final class AccessTokenConfig {
/**
* The access token lifetime, in seconds. If zero the default
* configured Connect2id server setting applies.
*/
public final long lifetime;
/**
* The access token encoding. The default value is
* {@link TokenEncoding#SELF_CONTAINED}.
*/
public final TokenEncoding encoding;
/**
* Enables / disables encryption of self-contained (JWT-encoded) access
* tokens. If empty the default configured Connect2id server setting
* applies.
*/
public final Optional encrypt;
/**
* The audience for the access tokens, {@code null} if not specified.
*/
public final List audienceList;
/**
* Names of client metadata fields to include in the optional access
* token {@code data} field, empty set if none. To specify a member
* within a field that is a JSON object member use dot (.) notation.
*/
public final Set includeClientMetadataFields;
/**
* Creates a new access token configuration from the specified
* properties.
*
* @param prefix The properties prefix. Must not be {@code null}.
* @param props The properties. Must not be {@code null}.
*
* @throws PropertyParseException On a missing or invalid property.
*/
public AccessTokenConfig(final String prefix, final Properties props)
throws PropertyParseException {
var pr = new PropertyRetriever(props, true);
lifetime = pr.getOptLong(prefix + "accessToken.lifetime", 0L);
encoding = pr.getOptEnum(prefix + "accessToken.encoding", TokenEncoding.class, TokenEncoding.SELF_CONTAINED);
if (encoding.equals(TokenEncoding.SELF_CONTAINED)) {
encrypt = pr.getOptBoolean(prefix + "accessToken.encrypt", Optional.empty());
} else {
encrypt = Optional.empty(); // Not applicable
}
audienceList = Audience.create(pr.getOptStringList(prefix + "accessToken.audienceList", null));
includeClientMetadataFields = new HashSet<>(pr.getOptStringList(prefix + "accessToken.includeClientMetadataFields", Collections.emptyList()));
}
/**
* Logs the configuration.
*
* @param logPrefix The log prefix to use.
*/
public void log(final String logPrefix) {
Loggers.MAIN.info("[" + logPrefix + "0101] Access token lifetime: {}", lifetime > 0L ? lifetime : "default");
Loggers.MAIN.info("[" + logPrefix + "0102] Access token encoding: {}", encoding);
if (encoding.equals(TokenEncoding.SELF_CONTAINED)) {
Loggers.MAIN.info("[" + logPrefix + "0103] Access JWT encrypt: {}", encrypt.isPresent() ? encrypt.get() : "default");
}
Loggers.MAIN.info("[" + logPrefix + "0104] Access token audience: {}", audienceList);
Loggers.MAIN.info("[" + logPrefix + "0105] Client metadata fields to include in access tokens: {}", includeClientMetadataFields);
}
}