com.authlete.common.dto

Class TokenCreateRequest

java.lang.Object

com.authlete.common.dto.TokenCreateRequest

All Implemented Interfaces:

Serializable

public class TokenCreateRequest
extends Object
implements Serializable

Request to Authlete's /auth/token/create API.

The API is used to create an arbitrary access token in a special way that is different from standard grant flows.

grantType (REQUIRED)

The grant type for a newly created access token. One of the following. REFRESH_TOKEN is not allowed.

1. AUTHORIZATION_CODE
2. IMPLICIT
3. PASSWORD
4. CLIENT_CREDENTIALS

When grantType is either IMPLICIT or CLIENT_CREDENTIALS, a refresh token is not issued.

clientId (REQUIRED)

The ID of the client application which will be associated with a newly created access token.

subject (CONDITIONALLY REQUIRED)

The subject (= unique identifier) of the user who will be associated with a newly created access token. This parameter is required unless the grant type is CLIENT_CREDENTIALS. The value must consist of only ASCII characters and its length must not exceed 100.

scopes (OPTIONAL)

The scopes which will be associated with a newly created access token. Scopes that are not supported by the service cannot be specified and requesting them will cause an error.

accessTokenDuration (OPTIONAL)

The duration of a newly created access token in seconds. If the value is 0, the duration is determined according to the settings of the service.

refreshTokenDuration (OPTIONAL)

The duration of a newly created refresh token in seconds. If the value is 0, the duration is determined according to the settings of the service.

A refresh token is not created (1) if the service does not support REFRESH_TOKEN, or (2) if the specified grant type is either IMPLICIT or CLIENT_CREDENTIALS.

properties (OPTIONAL)

Extra properties to associate with a newly created access token. Note that properties parameter is accepted only when Content-Type of the request is application/json, so don't use application/x-www-form-urlencoded if you want to specify properties

clientIdAliasUsed (OPTIONAL)

A boolean request parameter which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.

This has an effect only on the value of the aud claim in a response from UserInfo endpoint. When you access the UserInfo endpoint (which is expected to be implemented using Authlete's /api/auth/userinfo API and /api/auth/userinfo/issue API) with an access token which has been created using Authlete's /api/auth/token/create API with this property (clientIdAliasUsed) true, the client ID alias is used as the value of the aud claim in a response from the UserInfo endpoint.

Note that if a client ID alias is not assigned to the client when Authlete's /api/auth/token/create API is called, this property (clientIdAliasUsed) has no effect (it is always regarded as false).

accessToken (OPTIONAL)

The value of the new access token.

The /api/auth/token/create API generates an access token. Therefore, callers of the API do not have to specify values of newly created access tokens. However, in some cases, for example, if you want to migrate existing access tokens from an old system to Authlete, you may want to specify values of access tokens. In such a case, you can specify the value of a newly created access token by passing a non-null value as the value of accessToken request parameter. The implementation of the /api/auth/token/create uses the value of the accessToken request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified access token already exists in Authlete's database, the access token cannot be inserted and the /api/auth/token/create API will report an error.

refreshToken (OPTIONAL)

The value of the new refresh token.

The /api/auth/token/create API may generate a refresh token. Therefore, callers of the API do not have to specify values of newly created refresh tokens. However, in some cases, for example, if you want to migrate existing refresh tokens from an old system to Authlete, you may want to specify values of refresh tokens. In such a case, you can specify the value of a newly created refresh token by passing a non-null value as the value of refreshToken request parameter. The implementation of the /api/auth/token/create uses the value of the refreshToken request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified refresh token already exists in Authlete's database, the refresh token cannot be inserted and the /api/auth/token/create API will report an error.

Since:

1.13

Author:

Takahiko Kawasaki

See Also:

TokenCreateResponse, Serialized Form

Constructor Summary

Constructors

Constructor and Description
TokenCreateRequest()

Method Summary

Modifier and Type	Method and Description
String	getAccessToken() Get the access token.
long	getAccessTokenDuration() Get the duration of a newly created access token in seconds.
long	getClientId() Get the client ID that will be associated with a newly created access token.
GrantType	getGrantType() Get the grant type for a newly created access token.
Property[]	getProperties() Get the extra properties to associate with an access token which will be issued by this request.
String	getRefreshToken() Get the refresh token.
long	getRefreshTokenDuration() Get the duration of a newly created refresh token in seconds.
String[]	getScopes() Get the scopes that will be associated with a newly created access token.
String	getSubject() Get the subject (= unique identifier) of the user who will be associated with a newly created access token.
boolean	isClientIdAliasUsed() Get the flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.
TokenCreateRequest	setAccessToken(String accessToken) Set the access token.
TokenCreateRequest	setAccessTokenDuration(long accessTokenDuration) Set the duration of a newly created access token in seconds.
TokenCreateRequest	setClientId(long clientId) Set the client ID that will be associated with a newly created access token.
TokenCreateRequest	setClientIdAliasUsed(boolean used) Set the flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.
TokenCreateRequest	setGrantType(GrantType grantType) Set the grant type for a newly created access token.
TokenCreateRequest	setProperties(Property[] properties) Set extra properties to associate with an access token which will be issued by this request.
TokenCreateRequest	setRefreshToken(String refreshToken) Set the refresh token.
TokenCreateRequest	setRefreshTokenDuration(long refreshTokenDuration) Set the duration of a newly created refresh token in seconds.
TokenCreateRequest	setScopes(String[] scopes) Set the scopes that will be associated with a newly created access token.
TokenCreateRequest	setSubject(String subject) Set the subject (= unique identifier) of the user who will be associated with a newly created access token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenCreateRequest

public TokenCreateRequest()

Method Detail

getGrantType

public GrantType getGrantType()

Get the grant type for a newly created access token.

Returns:

Grant type.

setGrantType

public TokenCreateRequest setGrantType(GrantType grantType)

Set the grant type for a newly created access token.

Parameters:

grantType - Grant type.

Returns:

this object.

getClientId

public long getClientId()

Get the client ID that will be associated with a newly created access token.

Returns:

Client ID.

setClientId

public TokenCreateRequest setClientId(long clientId)

Set the client ID that will be associated with a newly created access token.

Parameters:

clientId - Client ID.

Returns:

this object.

getSubject

public String getSubject()

Get the subject (= unique identifier) of the user who will be associated with a newly created access token.

Returns:

The subject of the user.

setSubject

public TokenCreateRequest setSubject(String subject)

Set the subject (= unique identifier) of the user who will be associated with a newly created access token.

Parameters:

subject - The subject of the user.

Returns:

this object.

getScopes

public String[] getScopes()

Get the scopes that will be associated with a newly created access token.

Returns:

Scopes.

setScopes

public TokenCreateRequest setScopes(String[] scopes)

Set the scopes that will be associated with a newly created access token.

Parameters:

scopes - Scopes.

Returns:

this object.

getAccessTokenDuration

public long getAccessTokenDuration()

Get the duration of a newly created access token in seconds. 0 means that the duration will be determined according to the settings of the service.

Returns:

The duration of a newly created access token.

setAccessTokenDuration

public TokenCreateRequest setAccessTokenDuration(long accessTokenDuration)

Set the duration of a newly created access token in seconds. 0 means that the duration will be determined according to the settings of the service.

Parameters:

accessTokenDuration - The duration of a newly created access token.

Returns:

this object.

getRefreshTokenDuration

public long getRefreshTokenDuration()

Get the duration of a newly created refresh token in seconds. 0 means that the duration will be determined according to the settings of the service.

Returns:

The duration of a newly created refresh token.

setRefreshTokenDuration

public TokenCreateRequest setRefreshTokenDuration(long refreshTokenDuration)

Set the duration of a newly created refresh token in seconds. 0 means that the duration will be determined according to the settings of the service.

Parameters:

refreshTokenDuration - The duration of a newly created refresh token.

Returns:

this object.

getProperties

public Property[] getProperties()

Get the extra properties to associate with an access token which will be issued by this request.

Returns:

Extra properties.

Since:

1.30

setProperties

public TokenCreateRequest setProperties(Property[] properties)

Set extra properties to associate with an access token which will be issued by this request.

Keys of extra properties will be used as labels of top-level entries in a JSON response containing an access token which is returned from an authorization server. An example is example_parameter, which you can find in 5.1. Successful Response in RFC 6749. The following code snippet is an example to set one extra property having example_parameter as its key and example_value as its value.

 Property[] properties = { new Property("example_parameter", "example_value") };
 request.setProperties(properties);
 

Keys listed below should not be used and they would be ignored on the server side even if they were used. It's because they are reserved in RFC 6749 and OpenID Connect Core 1.0.

• access_token
• token_type
• expires_in
• refresh_token
• scope
• error
• error_description
• error_uri
• id_token

Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to a multidimensional string array, (2) converted to JSON, (3) encrypted by AES/CBC/PKCS5Padding, (4) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.

Parameters:

properties - Extra properties.

Returns:

this object.

Since:

1.30

isClientIdAliasUsed

public boolean isClientIdAliasUsed()

Get the flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.

This has an effect only on the value of the aud claim in a response from UserInfo endpoint. When you access the UserInfo endpoint (which is expected to be implemented using Authlete's /api/auth/userinfo API and /api/auth/userinfo/issue API) with an access token which has been created using Authlete's /api/auth/token/create API with this property (clientIdAliasUsed) true, the client ID alias is used as the value of the aud claim in a response from the UserInfo endpoint.

Note that if a client ID alias is not assigned to the client when Authlete's /api/auth/token/create API is called, this property (clientIdAliasUsed) has no effect (it is always regarded as false).

Returns:

true to emulate that the client ID alias is used when a new access token is created.

Since:

2.3

setClientIdAliasUsed

public TokenCreateRequest setClientIdAliasUsed(boolean used)

Set the flag which indicates whether to emulate that the client ID alias is used instead of the original numeric client ID when a new access token is created.

This has an effect only on the value of the aud claim in a response from UserInfo endpoint. When you access the UserInfo endpoint (which is expected to be implemented using Authlete's /api/auth/userinfo API and /api/auth/userinfo/issue API) with an access token which has been created using Authlete's /api/auth/token/create API with this property (clientIdAliasUsed) true, the client ID alias is used as the value of the aud claim in a response from the UserInfo endpoint.

Note that if a client ID alias is not assigned to the client when Authlete's /api/auth/token/create API is called, this property (clientIdAliasUsed) has no effect (it is always regarded as false).

Parameters:

used - true to emulate that the client ID alias is used when a new access token is created.

Returns:

this object.

Since:

2.3

getAccessToken

public String getAccessToken()

Get the access token.

When this method returns a non-null value, the implementation of /api/auth/token/create uses the value instead of generating a new one. See the description of setAccessToken(String) for details.

Returns:

The value of the access token. In normal cases, null is returned.

Since:

2.6

See Also:

setAccessToken(String)

setAccessToken

public TokenCreateRequest setAccessToken(String accessToken)

Set the access token.

The /api/auth/token/create API generates an access token. Therefore, callers of the API do not have to specify values of newly created access tokens. However, in some cases, for example, if you want to migrate existing access tokens from an old system to Authlete, you may want to specify values of access tokens. In such a case, you can specify the value of a newly created access token by passing a non-null value as the value of accessToken request parameter. The implementation of the /api/auth/token/create uses the value of the accessToken request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified access token already exists in Authlete's database, the access token cannot be inserted and the /api/auth/token/create API will report an error.

Parameters:

accessToken - The value of the access token. If a non-null value is specified, the implementation of /api/auth/token/create API will use the value instead of generating a new one. Because Authlete does not store the value of the access token into its database (Authlete stores the hash value of the access token only), any value is accepted as the value of this accessToken request parameter.

Returns:

this object.

Since:

2.6

getRefreshToken

public String getRefreshToken()

Get the refresh token.

When this method returns a non-null value, the implementation of /api/auth/token/create uses the value instead of generating a new one. See the description of setRefreshToken(String) for details.

Returns:

The value of the refresh token. In normal cases, null is returned.

Since:

2.6

See Also:

setRefreshToken(String)

setRefreshToken

public TokenCreateRequest setRefreshToken(String refreshToken)

Set the refresh token.

The /api/auth/token/create API may generate a refresh token. Therefore, callers of the API do not have to specify values of newly created refresh tokens. However, in some cases, for example, if you want to migrate existing refresh tokens from an old system to Authlete, you may want to specify values of refresh tokens. In such a case, you can specify the value of a newly created refresh token by passing a non-null value as the value of refreshToken request parameter. The implementation of the /api/auth/token/create uses the value of the refreshToken request parameter instead of generating a new value when the request parameter holds a non-null value.

Note that if the hash value of the specified refresh token already exists in Authlete's database, the refresh token cannot be inserted and the /api/auth/token/create API will report an error.

Parameters:

refreshToken - The value of the refresh token. If a non-null value is specified, the implementation of /api/auth/token/create API will use the value instead of generating a new one. Because Authlete does not store the value of the refresh token into its database (Authlete stores the hash value of the refresh token only), any value is accepted as the value of this refreshToken request parameter.

Returns:

this object.

Since:

2.6