com.authlete.common.dto

Class TokenRequest

java.lang.Object

com.authlete.common.dto.TokenRequest

All Implemented Interfaces:

Serializable

public class TokenRequest
extends Object
implements Serializable

Request to Authlete's /auth/token API.

parameters (REQUIRED)

OAuth 2.0 token request parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.

The value of "parameters" is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request from the client application.

clientId (OPTIONAL)

The client ID extracted from Authorization header of the token request from the client application.

If the token endpoint of the service implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client ID in Authorization header, the value should be extracted and set to this parameter.

clientSecret (OPTIONAL)

The client secret extracted from Authorization header of the token request from the client application.

If the token endpoint of the service implementation supports Basic Authentication as a means of client authentication, and the request from the client application contained its client secret in Authorization header, the value should be extracted and set to this parameter.

properties (OPTIONAL)

Extra properties to associate with an access token. Note that properties parameter is accepted only when Content-Type of the request is application/json, so don't use application/x-www-form-urlencoded if you want to specify properties.

An entity body of a token request may contain the client ID (client_id) and the client secret (client_secret) along with other request parameters as described in RFC 6749, 2.3.1. Client Password. If the client credentials are contained in both Authorization header and the entity body, they must be identical. Otherwise, Authlete's /auth/token API generates an error (it's not a service error but a client error).

Author:

Takahiko Kawasaki

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
TokenRequest()

Method Summary

Modifier and Type	Method and Description
String	getClientId() Get the client ID extracted from Authorization header of the token request from the client application.
String	getClientSecret() Get the client secret extracted from Authorization header of the token request from the client application.
String	getParameters() Get the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.
Property[]	getProperties() Get the extra properties to associate with an access token which may be issued by this request.
TokenRequest	setClientId(String clientId) Set the client ID extracted from Authorization header of the token request from the client application.
TokenRequest	setClientSecret(String clientSecret) Set the client secret extracted from Authorization header of the token request from the client application.
TokenRequest	setParameters(Map<String,String[]> parameters) Set the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.
TokenRequest	setParameters(String parameters) Set the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.
TokenRequest	setProperties(Property[] properties) Set extra properties to associate with an access token which may be issued by this request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TokenRequest

public TokenRequest()

Method Detail

getParameters

public String getParameters()

Get the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.

setParameters

public TokenRequest setParameters(String parameters)

Set the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.

setParameters

public TokenRequest setParameters(Map<String,String[]> parameters)

Set the value of parameters which are the request parameters that the OAuth 2.0 token endpoint of the service implementation received from the client application.

This method converts the given map into a string in x-www-form-urlencoded and passes it to setParameters(String) method.

Parameters:

parameters - Request parameters.

Returns:

this object.

Since:

1.24

getClientId

public String getClientId()

Get the client ID extracted from Authorization header of the token request from the client application.

setClientId

public TokenRequest setClientId(String clientId)

Set the client ID extracted from Authorization header of the token request from the client application.

getClientSecret

public String getClientSecret()

Get the client secret extracted from Authorization header of the token request from the client application.

setClientSecret

public TokenRequest setClientSecret(String clientSecret)

Set the client secret extracted from Authorization header of the token request from the client application.

getProperties

public Property[] getProperties()

Get the extra properties to associate with an access token which may be issued by this request.

Returns:

Extra properties.

Since:

1.30

setProperties

public TokenRequest setProperties(Property[] properties)

Set extra properties to associate with an access token which may be issued by this request.

If the value of grant_type parameter contained in the token request from the client application is authorization_code, properties set by this method will be added as the extra properties of a newly created access token. The extra properties specified when the authorization code was issued (using AuthorizationIssueRequest.setProperties(Property[])) will also be used, but their values will be overwritten if the extra properties set by this method have the same keys. In other words, extra properties contained in this request will be merged into existing extra properties which are associated with the authorization code.

Otherwise, if the value of grant_type parameter contained in the token request from the client application is refresh_token, properties set by this method will be added to the existing extra properties of the corresponding access token. Extra properties having the same keys will be overwritten in the same manner as the case of grant_type=authorization_code.

Otherwise, if the value of grant_type parameter contained in the token request from the client application is client_credentials, properties set by this method will be used simply as extra properties of a newly created access token. Because Client Credentials flow does not have a preceding authorization request, merging extra properties will not be performed. This is different from the cases of grant_type=authorization_code and grant_type=refresh_token.

In other cases (grant_type=password), properties set by this method will not be used. When you want to associate extra properties with an access token which is issued using Resource Owner Password Credentials flow, use TokenIssueRequest.setProperties(Property[]) method instead.

The argument properties is an array of properties. Each property must be a pair of a string key and a string value. That is, each property must be a string array of size 2. The key must not be null or an empty string, but the value may be.

Keys of extra properties will be used as labels of top-level entries in a JSON response containing an access token which is returned from an authorization server. An example is example_parameter, which you can find in 5.1. Successful Response in RFC 6749. The following code snippet is an example to set one extra property having example_parameter as its key and example_value as its value.

 Property[] properties = { new Property("example_parameter", "example_value") };
 request.setProperties(properties);
 

Keys listed below should not be used and they would be ignored on the server side even if they were used. It's because they are reserved in RFC 6749 and OpenID Connect Core 1.0.

• access_token
• token_type
• expires_in
• refresh_token
• scope
• error
• error_description
• error_uri
• id_token

Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to a multidimensional string array, (2) converted to JSON, (3) encrypted by AES/CBC/PKCS5Padding, (4) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.

Parameters:

properties - Extra properties.

Returns:

this object.

Since:

1.30