com.authlete.common.dto

Class RevocationRequest

java.lang.Object

com.authlete.common.dto.RevocationRequest

All Implemented Interfaces:

Serializable

public class RevocationRequest
extends Object
implements Serializable

Request to Authlete's /auth/revocation API.

parameters (REQUIRED)

OAuth 2.0 token revocation request parameters which are the request parameters that the OAuth 2.0 token revocation endpoint (RFC 7009) of the service implementation received from the client application.

The value of "parameters" is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request from the client application.

clientId (OPTIONAL)

The client ID extracted from Authorization header of the revocation request from the client application.

If the token revocation endpoint of the service implementation supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client ID in Authorization header, the value should be extracted and set to this parameter.

clientSecret (OPTIONAL)

The client secret extracted from Authorization header of the revocation request from the client application.

If the token revocation endpoint of the service implementation supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client secret in Authorization header, the value should be extracted and set to this parameter.

The entity body of a token revocation request may contain the client ID (client_id) and the client secret (client_secret) along with other request parameters as described in RFC 6749, 2.3.1. Client Password. If the client credentials are contained in both Authorization header and the entity body, they must be identical. Otherwise, Authlete's /auth/revocation API generates an error (it's not a service error but a client error).

When the presented token is an access token, the implementation revokes the access token and its associated refresh token, too. Likewise, if the presented token is a refresh token, the implementation revokes the refresh token and its associated access token. Note that, however, other access tokens and refresh tokens are not revoked even though their associated client application, subject and grant type are equal to those of the token to be revoked.

Since:

1.16

Author:

Takahiko Kawasaki

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
RevocationRequest()

Method Summary

Modifier and Type	Method and Description
String	getClientId() Get the client ID extracted from Authorization header of the token revocation request from the client application.
String	getClientSecret() Get the client secret extracted from Authorization header of the token revocation request from the client application.
String	getParameters() Get the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.
RevocationRequest	setClientId(String clientId) Set the client ID extracted from Authorization header of the token revocation request from the client application.
RevocationRequest	setClientSecret(String clientSecret) Set the client secret extracted from Authorization header of the token revocation request from the client application.
RevocationRequest	setParameters(Map<String,String[]> parameters) Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.
RevocationRequest	setParameters(String parameters) Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RevocationRequest

public RevocationRequest()

Method Detail

getParameters

public String getParameters()

Get the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

setParameters

public RevocationRequest setParameters(String parameters)

Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

setParameters

public RevocationRequest setParameters(Map<String,String[]> parameters)

Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

This method converts the given map into a string in x-www-form-urlencoded and passes it to setParameters(String) method.

Parameters:

parameters - Request parameters.

Returns:

this object.

Since:

1.24

getClientId

public String getClientId()

Get the client ID extracted from Authorization header of the token revocation request from the client application.

setClientId

public RevocationRequest setClientId(String clientId)

Set the client ID extracted from Authorization header of the token revocation request from the client application.

getClientSecret

public String getClientSecret()

Get the client secret extracted from Authorization header of the token revocation request from the client application.

setClientSecret

public RevocationRequest setClientSecret(String clientSecret)

Set the client secret extracted from Authorization header of the token revocation request from the client application.