Package io.gravitee.am.service.utils

Class GrantTypeUtils

java.lang.Object
io.gravitee.am.service.utils.GrantTypeUtils
public class GrantTypeUtils extends Object
Author:
Alexandre FARIA (contact at alexandrefaria.net), GraviteeSource Team

  • Constructor Details

    • GrantTypeUtils

      public GrantTypeUtils()

  • Method Details

    • validateGrantTypes

      public static io.reactivex.rxjava3.core.Single<Application> validateGrantTypes(Application application)
       Check:
  - grant types are null or empty, or contains unknown grant types.
  - refresh_token does not come with authorization_code, password or client_credentials grant.
  - client_credentials grant come with another grant that require user authentication.
      Parameters:
      application - Application with grant_type to validate.
      Returns:
      Single client or error

    • getSupportedGrantTypes

      public static List<String> getSupportedGrantTypes()

    • isSupportedGrantType

      public static boolean isSupportedGrantType(List<String> grantTypes)
      Parameters:
      grantTypes - Array of grant_type to validate.

    • isSupportedGrantType

      public static boolean isSupportedGrantType(String grantType)
      Check if grant type is known/supported.
      Parameters:
      grantType - String grant_type to validate.

    • isRedirectUriRequired

      public static boolean isRedirectUriRequired(List<String> grantTypes)
       According to the specification: https://tools.ietf.org/html/rfc6749#section-10.6
 Authorization Server MUST require public clients and SHOULD require confidential clients to register their redirection URIs.
 confidential clients are clients that can keep their credentials secrets, ex:
  - web application (using a web server to save their credentials) : authorization_code
  - server application (considering credentials saved on a server as safe) : client_credentials
 by opposition to confidential, public clients are clients than can not keep their credentials as secret, ex:
  - Single Page Application : implicit
  - Native mobile application : authorization_code
 Because mobile and web application use the same grant, we force redirect_uri only for implicit grant.
      Parameters:
      grantTypes - Array of grant_type
      Returns:
      true if at least one of the grant type included in the array require a redirect_uri.

    • completeGrantTypeCorrespondance

      public static Application completeGrantTypeCorrespondance(Application application)
      As specified in openid specs, ensure correspondence between response_type and grant_type. Here is the following table lists response_type --> expected grant_type. code : authorization_code id_token : implicit token id_token : implicit code id_token : authorization_code, implicit code token : authorization_code, implicit code id_token token : authorization_code, implicit
      Parameters:
      application - Application to analyse.

    • completeGrantTypeCorrespondance

      public static Client completeGrantTypeCorrespondance(Client client)