Interface OAuthComponentConfigurationConstants

    • Field Detail

      • OAUTH20_CLIENT_PROVIDER_CLASSNAME

        static final java.lang.String OAUTH20_CLIENT_PROVIDER_CLASSNAME
        Defines the implementation class for the client provider which must implement the OAuth20ClientProvider interface. This configuration property MUST be defined and should be a single string represents the class name of the implementation class for your client configuration provider. The SampleComponentConfiguration class does not contain a default value for this property. You can see an example of it being set in the examples source in com.ibm.oauth.examples.config.OAuthComponentConfigurationTestImpl
        See Also:
        Constant Field Values
      • OAUTH20_TOKEN_CACHE_CLASSNAME

        static final java.lang.String OAUTH20_TOKEN_CACHE_CLASSNAME
        Defines the implementation class for the token cache which must implement the OAuth20TokenCache interface. This configuration property MUST be defined and should be a single string represents the class name of the implementation class for your token cache. The SampleComponentConfiguration class does not contain a default value for this property. You can see an example of it being set in the examples source in com.ibm.oauth.examples.config.OAuthComponentConfigurationTestImpl
        See Also:
        Constant Field Values
      • OAUTH20_MAX_AUTHORIZATION_GRANT_LIFETIME_SECONDS

        static final java.lang.String OAUTH20_MAX_AUTHORIZATION_GRANT_LIFETIME_SECONDS
        Defines the maximum authorization grant lifetime for OAuth 2.0 flows in which a refresh token is used. The value will determine the maximum possible lifetime of any issued refresh or access token starting from when the resource owner first grants authorization (i.e. when the first refresh/access token is issued from either the authorization code flow or the resource owner password credentials flow. This property is not relevant for flows where no refresh token is used since the OAUTH20_TOKEN_LIFETIME_SECONDS property will determine the lifetime of access tokens. This configuration property MUST be defined and should be a single string representing the lifetime in seconds. The value should be greater than the value for OAUTH20_TOKEN_LIFETIME_SECONDS. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_CODE_LIFETIME_SECONDS

        static final java.lang.String OAUTH20_CODE_LIFETIME_SECONDS
        Defines the lifetime of an authorization code. The value will determine the lifetime of an issued authorization code for the authorization code flow. The client must exchange the authorization code for an access token before this lifetime expires. As authorization codes are typically sent via browser redirect to the client which then immediately uses them, this value is normally a small number of seconds. This property is not relevant for flows other than the authorization code flow. This configuration property MUST be defined and should be a single string representing the lifetime in seconds. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_CODE_LENGTH

        static final java.lang.String OAUTH20_CODE_LENGTH
        Defines the length in characters of a generated authorization code. This configuration property MUST be defined and should be a single string representing the length. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_TOKEN_LIFETIME_SECONDS

        static final java.lang.String OAUTH20_TOKEN_LIFETIME_SECONDS
        Defines the maximum lifetime of an issued access token. The value will determine the maximum lifetime of an issued access token. The actual lifetime of the access token may be smaller than this if the access token is being issued as part of a refresh token flow and the remaining time associated with maximum authorization grant lifetime is less than this value. This configuration property MUST be defined and should be a single string representing the lifetime in seconds. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_ACCESS_TOKEN_LENGTH

        static final java.lang.String OAUTH20_ACCESS_TOKEN_LENGTH
        Defines the length in characters of a generated access token. This configuration property MUST be defined and should be a single string representing the length. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_ISSUE_REFRESH_TOKEN

        static final java.lang.String OAUTH20_ISSUE_REFRESH_TOKEN
        Defines a boolean to indicate whether or not refresh tokens should be issued. This property is only relevant for flows which issue refresh tokens (authorization code and resource owner password credentials). This configuration property MUST be defined and should be a single string representing "true" or "false". The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_REFRESH_TOKEN_LENGTH

        static final java.lang.String OAUTH20_REFRESH_TOKEN_LENGTH
        Defines the length in characters of a generated refresh token. This configuration property MUST be defined and should be a single string representing the length. The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_MEDIATOR_CLASSNAMES

        static final java.lang.String OAUTH20_MEDIATOR_CLASSNAMES
        Defines a list of implementation classes for custom mediators that implement the OAuth20Mediator interface to execute during OAuth flows. This configuration property is optional and when provided should be a list of string class names.
        See Also:
        Constant Field Values
      • OAUTH20_ALLOW_PUBLIC_CLIENTS

        static final java.lang.String OAUTH20_ALLOW_PUBLIC_CLIENTS
        Defines a boolean to indicate whether or not public clients may access the token endpoint. This property is only relevant for the authorization code flow and the resource owner password credentials flow (although it doesn't make a lot of sense to use pulic clients in the resource owner password credentials flow). The token endpoint is not used in the implicit grant flow and despite the fact that all implicit grant clients are behaving as public clients this parameter does not affect whether or not a client may use the implicit grant flow. The ability for any client to use the implicit grant flow is solely controlled by the configuration property OAUTH20_GRANT_TYPES_ALLOWED. The client_credentials flow may not be used by a public client. This configuration property MUST be defined and should be a single string representing "true" or "false". The SampleComponentConfiguration class contains a default value for this property.
        See Also:
        Constant Field Values
      • OAUTH20_AUDITHANDLER_CLASSNAME

        static final java.lang.String OAUTH20_AUDITHANDLER_CLASSNAME
        Defines an implementation class for an audit handler that implements the OAuthAuditHandler interface to be called during OAuth flows. This configuration property is optional and when provided should be string class names. The component supports these two pre-defined audit handlers, or you can write your own:
        • com.ibm.oauth.core.api.audit.SimpleFileOAuthAuditHandler - SimpleFileOAuthAuditHandler
        • com.ibm.oauth.core.api.audit.XMLFileOAuthAuditHandler - XMLFileOAuthAuditHandler
        See Also:
        Constant Field Values
      • OAUTH20_GRANT_TYPE_AUTH_CODE

        static final java.lang.String OAUTH20_GRANT_TYPE_AUTH_CODE
        Constant to be used as a value for the OAUTH20_GRANT_TYPES_ALLOWED property to enable clients to use the authorization code flow.
        See Also:
        Constant Field Values
      • OAUTH20_GRANT_TYPE_IMPLICIT

        static final java.lang.String OAUTH20_GRANT_TYPE_IMPLICIT
        Constant to be used as a value for the OAUTH20_GRANT_TYPES_ALLOWED property to enable clients to use the implicit grant flow.
        See Also:
        Constant Field Values
      • OAUTH20_GRANT_TYPE_CLIENT_CREDENTIALS

        static final java.lang.String OAUTH20_GRANT_TYPE_CLIENT_CREDENTIALS
        Constant to be used as a value for the OAUTH20_GRANT_TYPES_ALLOWED property to enable clients to use the client credentials flow.
        See Also:
        Constant Field Values
      • OAUTH20_GRANT_TYPE_OWNER_PASSWORD

        static final java.lang.String OAUTH20_GRANT_TYPE_OWNER_PASSWORD
        Constant to be used as a value for the OAUTH20_GRANT_TYPES_ALLOWED property to enable clients to use the resource owner password credentials flow.
        See Also:
        Constant Field Values
      • OAUTH20_GRANT_TYPE_REFRESH_TOKEN

        static final java.lang.String OAUTH20_GRANT_TYPE_REFRESH_TOKEN
        Constant to be used as a value for the OAUTH20_GRANT_TYPES_ALLOWED property to enable clients to the token endpoint to exchange refresh tokens for a new access token and refresh token.
        See Also:
        Constant Field Values