• Home
• com.sap.cloud.security
• java-api
• 3.5.5
• source code
• AccessToken.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.sap.cloud.security.token.AccessToken Maven / Gradle / Ivy

/**
 * SPDX-FileCopyrightText: 2018-2023 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors
 * 

 * SPDX-License-Identifier: Apache-2.0
 */
package com.sap.cloud.security.token;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import java.util.Optional;
import java.util.Set;

/**
 * Represents an access token in the format of a JSON Web Token (not a short opaque token). In difference to a ID token
 * the access token has no/less information about the user but has information about the authorities (scopes).
 */
public interface AccessToken extends Token {

	/**
	 * Returns the set of the claim "scope".
	 *
	 * @return the set of the claim scope or empty list.
	 */
	Set getScopes();

	/**
	 * Checks if a scope is available in the access token.
	 *
	 * @param scope
	 * 		name of the scope
	 * @return true if scope is available
	 */
	boolean hasScope(String scope);

	/**
	 * Check if a local scope is available in the authentication token. The exact definition of a local scope depends on
	 * the specific token implementation.
	 *
	 * @param scope
	 * 		name of local scope
	 * @return true if local scope is available
	 **/
	boolean hasLocalScope(@Nonnull String scope);

	/**
	 * Returns subaccount identifier. This reflects claim {@code ext_attr.subaccountid} in xsuaa access tokens. For
	 * example, commercialized multi-tenant applications with a need for metering and billing use
	 * {@link #getSubaccountId()} method as identifier for the account to be billed.

	 *
	 * Multi-tenant applications need to adapt using the zone ID instead of the subaccount ID as key for data isolation
	 * between tenants. For that purpose, use the {@link #getZoneId()} method instead.

	 *
	 * @return subaccount identifier or {@code null}
	 */
	@Nullable
	default String getSubaccountId() {
		return null;
	}

	/**
	 * Returns the String value of a claim attribute. 

	 * 
	 * "claimName": { "attributeName": "attributeValueAsString" },
	 * 

	 * 

	 * Example: 

	 * 
	 * import static com.sap.cloud.security.token.TokenClaims.XSUAA.*;
	 *
	 * token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);
	 * 
	 *
	 * @return the String value of a claim attribute or null if claim or its attribute does not exist.
	 **/
	@Nullable
	@Override
	default String getAttributeFromClaimAsString(String claimName, String attributeName) {
		return Optional.ofNullable(getClaimAsJsonObject(claimName))
				.map(claim -> claim.getAsString(attributeName))
				.orElse(null);
	}
}