com.nimbusds.oauth2.sdk.token.BearerAccessToken Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of oauth2-oidc-sdk Show documentation
Show all versions of oauth2-oidc-sdk Show documentation
OAuth 2.0 SDK with OpenID Connection extensions for developing client
and server applications.
/*
* oauth2-oidc-sdk
*
* Copyright 2012-2016, Connect2id Ltd and contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.nimbusds.oauth2.sdk.token;
import java.util.List;
import java.util.Map;
import net.jcip.annotations.Immutable;
import net.minidev.json.JSONObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
/**
* Bearer access token.
*
* Example bearer access token serialised to JSON:
*
*
* {
* "access_token" : "2YotnFZFEjr1zCsicMWpAA",
* "token_type" : "bearer",
* "expires_in" : 3600,
* "scope" : "read write"
* }
*
*
* The above example token serialised to a HTTP Authorization header:
*
*
* Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA
*
*
* Related specifications:
*
*
* - OAuth 2.0 (RFC 6749), sections 1.4 and 5.1.
*
- OAuth 2.0 Bearer Token Usage (RFC 6750).
*
- OAuth 2.0 Token Exchange (RFC 8693), section 3.
*
*/
@Immutable
public class BearerAccessToken extends AccessToken {
private static final long serialVersionUID = 2387121016151061194L;
/**
* Creates a new minimal bearer access token with a randomly generated
* 256-bit (32-byte) value, Base64URL-encoded. The optional lifetime,
* scope and token type URI are left unspecified.
*/
public BearerAccessToken() {
this(32);
}
/**
* Creates a new minimal bearer access token with a randomly generated
* value of the specified byte length, Base64URL-encoded. The optional
* lifetime, scope and token type URI are left unspecified.
*
* @param byteLength The byte length of the value to generate. Must be
* greater than one.
*/
public BearerAccessToken(final int byteLength) {
this(byteLength, 0L, null);
}
/**
* Creates a new bearer access token with a randomly generated 256-bit
* (32-byte) value, Base64URL-encoded. The optional token type URI is
* left unspecified.
*
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
*/
public BearerAccessToken(final long lifetime, final Scope scope) {
this(32, lifetime, scope);
}
/**
* Creates a new bearer access token with a randomly generated value of
* the specified byte length, Base64URL-encoded. The optional token
* type URI is left unspecified.
*
* @param byteLength The byte length of the value to generate. Must be
* greater than one.
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
*/
public BearerAccessToken(final int byteLength, final long lifetime, final Scope scope) {
super(AccessTokenType.BEARER, byteLength, lifetime, scope);
}
/**
* Creates a new minimal bearer access token with the specified value.
* The optional lifetime, scope and token type URI are left
* unspecified.
*
* @param value The access token value. Must not be {@code null} or
* empty string.
*/
public BearerAccessToken(final String value) {
this(value, 0L, null, null);
}
/**
* Creates a new bearer access token with the specified value. The
* token type URI is left unspecified.
*
* @param value The access token value. Must not be {@code null} or
* empty string.
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
*/
public BearerAccessToken(final String value, final long lifetime, final Scope scope) {
this(value, lifetime, scope, null);
}
/**
* Creates a new bearer access token with the specified value.
*
* @param value The access token value. Must not be
* {@code null} or empty string.
* @param lifetime The lifetime in seconds, 0 if not specified.
* @param scope The scope, {@code null} if not specified.
* @param issuedTokenType The token type URI, {@code null} if not
* specified.
*/
public BearerAccessToken(final String value, final long lifetime, final Scope scope, final TokenTypeURI issuedTokenType) {
super(AccessTokenType.BEARER, value, lifetime, scope, issuedTokenType);
}
/**
* Returns the HTTP Authorization header value for this bearer access
* token.
*
* Example:
*
*
* Authorization: Bearer eyJhbGciOiJIUzI1NiJ9
*
*
* @return The HTTP Authorization header.
*/
@Override
public String toAuthorizationHeader(){
return "Bearer " + getValue();
}
@Override
public boolean equals(final Object object) {
return object instanceof BearerAccessToken &&
this.toString().equals(object.toString());
}
/**
* Parses a bearer access token from a JSON object access token
* response.
*
* @param jsonObject The JSON object to parse. Must not be
* {@code null}.
*
* @return The bearer access token.
*
* @throws ParseException If the JSON object couldn't be parsed to a
* bearer access token.
*/
public static BearerAccessToken parse(final JSONObject jsonObject)
throws ParseException {
AccessTokenUtils.parseAndEnsureType(jsonObject, AccessTokenType.BEARER);
String accessTokenValue = AccessTokenUtils.parseValue(jsonObject);
long lifetime = AccessTokenUtils.parseLifetime(jsonObject);
Scope scope = AccessTokenUtils.parseScope(jsonObject);
TokenTypeURI issuedTokenType = AccessTokenUtils.parseIssuedTokenType(jsonObject);
return new BearerAccessToken(accessTokenValue, lifetime, scope, issuedTokenType);
}
/**
* Parses an HTTP Authorization header for a bearer access token.
*
* @param header The HTTP Authorization header value to parse. May be
* {@code null} if the header is missing, in which case
* an exception will be thrown.
*
* @return The bearer access token.
*
* @throws ParseException If the HTTP Authorization header value
* couldn't be parsed to a bearer access token.
*/
public static BearerAccessToken parse(final String header)
throws ParseException {
return new BearerAccessToken(AccessTokenUtils.parseValueFromHeader(header, AccessTokenType.BEARER));
}
/**
* Parses a query or form parameters map for a bearer access token.
*
* @param parameters The query parameters. Must not be {@code null}.
*
* @return The bearer access token.
*
* @throws ParseException If a bearer access token wasn't found in the
* parameters.
*/
public static BearerAccessToken parse(final Map> parameters)
throws ParseException {
return new BearerAccessToken(AccessTokenUtils.parseValueFromQueryParameters(parameters, AccessTokenType.BEARER));
}
/**
* Parses an HTTP request for a bearer access token.
*
* @param request The HTTP request to parse. Must not be {@code null}.
*
* @return The bearer access token.
*
* @throws ParseException If a bearer access token wasn't found in the
* HTTP request.
*/
public static BearerAccessToken parse(final HTTPRequest request)
throws ParseException {
// See http://tools.ietf.org/html/rfc6750#section-2
String authzHeader = request.getAuthorization();
if (authzHeader != null) {
return parse(authzHeader);
}
// Try alternative token locations, form and query string are
// parameters are not differentiated here
Map> params = request.getQueryParameters();
return parse(params);
}
}