Package com.nimbusds.openid.connect.provider.spi.tokens.introspection

Class BaseTokenIntrospectionResponseComposer

java.lang.Object

com.nimbusds.openid.connect.provider.spi.tokens.introspection.BaseTokenIntrospectionResponseComposer

All Implemented Interfaces:

TokenIntrospectionResponseComposer

@ThreadSafe
public abstract class BaseTokenIntrospectionResponseComposer
extends Object
implements TokenIntrospectionResponseComposer

Base implementation of the SPI for composing token introspection (RFC 7662) responses.

Outputs only those introspection details which are defined in section 2.2 of the standard OAuth 2.0 Token Introspection (RFC 7662) specification as well as in section 3.2 of OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens(draft-ietf-oauth-mtls-07):

• "active"
• "scope"
• "client_id"
• "token_type"
• "exp"
• "iat"
• "sub"
• "aud"
• "iss"
• "jti"
• "cnf.x5t#S256"

The following non-standard access token parameters are not output by this base implementation:

• consented OpenID claim names
• preferred claims locales
• preset OpenID claims
• actor, in impersonation and delegation scenarios
• additional data

The extending class may implement output of the above non-standard parameters. It may also choose not to output parameters if they are not required by the client (resource server), e.g. for privacy and data minimisation purposes.

Constructor Summary

Constructors

Constructor	Description
BaseTokenIntrospectionResponseComposer()

Method Summary

Modifier and Type	Method	Description
com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse	compose(AccessTokenAuthorization tokenAuthz, TokenIntrospectionContext context)	Composes a token introspection response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseTokenIntrospectionResponseComposer

public BaseTokenIntrospectionResponseComposer()

Method Detail

compose

public com.nimbusds.oauth2.sdk.TokenIntrospectionSuccessResponse compose(AccessTokenAuthorization tokenAuthz,
                                                                         TokenIntrospectionContext context)

Description copied from interface: TokenIntrospectionResponseComposer

Composes a token introspection response.

If the access token was found to be invalid or expired the method should simply return

 if (tokenAuthz == null) {
        return new TokenIntrospectionSuccessResponse.Builder(false)
            .build();
 }
 

Specified by:

compose in interface TokenIntrospectionResponseComposer

Parameters:

tokenAuthz - The access token authorisation, null if the token was found to be invalid or expired (implies "active":false).

context - The token introspection context. Not null.

Returns:

The token introspection success response (for "active":true as well as "active":false access tokens.