Package com.authlete.common.dto

Class ClientExtension

  • All Implemented Interfaces:
    Serializable
    public class ClientExtension
extends Object
implements Serializable
    Client extension.

    There are some attributes that belong to a client application but should not be changed by the developer of the client application. Basically, this class holds such attributes.

    For example, an authorization server may narrow the range of scopes (permissions) that a particular client application can request. In this case, it is meaningless if the developer of the client application can freely decide the set of requestable scopes. It is not the developer of the client application but the administrator of the authorization server that should be allowed to define the set of scopes that the client application can request.

    Since:
    1.39
    Author:
    Takahiko Kawasaki
    See Also:
    Serialized Form

    • Constructor Detail

      • ClientExtension

        public ClientExtension()

    • Method Detail

      • isRequestableScopesEnabled

        public boolean isRequestableScopesEnabled()
        Check whether "Requestable Scopes per Client" is enabled or not.

        If this method returns true, a special set of scopes (permissions) is defined on the server side (the requestableScopes array represents the special set) and scopes which this client application can request are limited to the scopes listed in the set. In other words, this application cannot request scopes that are not included in the set. To be specific, this client application cannot list other scopes in the scope request parameter when it makes an authorization request. To be exact, other scopes can be listed but will be ignored by the authorization server.

        On the other hand, if this method returns false, the valid set of scopes (permissions) that this client application can request is equal to the whole scope set defined by the authorization server.

        Returns:
        true if "Requestable Scopes per Client" is enabled for this client. Otherwise, false.

      • setRequestableScopesEnabled

        public ClientExtension setRequestableScopesEnabled​(boolean enabled)
        Enable or disable "Requestable Scopes per Client".

        See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

        Parameters:
        enabled - true to enable "Requestable Scopes per Client". false to disable it.
        Returns:
        this object.

      • getRequestableScopes

        public String[] getRequestableScopes()
        Get the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

        See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

        Returns:
        The set of scopes that this client application can request when "Requestable Scopes per Client" is enabled.

      • setRequestableScopes

        public ClientExtension setRequestableScopes​(String[] scopes)
        Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

        See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

        Parameters:
        scopes - A set of scopes.
        Returns:
        this object.

      • setRequestableScopes

        public ClientExtension setRequestableScopes​(Set<String> scopes)
        Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

        See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

        Parameters:
        scopes - A set of scopes.
        Returns:
        this object.
        Since:
        1.41

      • getAccessTokenDuration

        public long getAccessTokenDuration()
        Get the value of the duration of access tokens per client in seconds.

        In normal cases, the value of the service's accessTokenDuration property is used as the duration of access tokens issued by the service. However, if this accessTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of access tokens issued to the client application.

        Note that the duration of access tokens can be controlled by the scope attribute "access_token.duration", too. Authlete chooses the minimum value among the candidates.

        Returns:
        The duration of access tokens per client in seconds.
        Since:
        2.59

      • setAccessTokenDuration

        public ClientExtension setAccessTokenDuration​(long duration)
        Set the value of the duration of access tokens per client in seconds.

        In normal cases, the value of the service's accessTokenDuration property is used as the duration of access tokens issued by the service. However, if this accessTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of access tokens issued to the client application.

        Note that the duration of access tokens can be controlled by the scope attribute "access_token.duration", too. Authlete chooses the minimum value among the candidates.

        Parameters:
        duration - The duration of access tokens per client in seconds.
        Returns:
        this object.
        Since:
        2.59

      • getRefreshTokenDuration

        public long getRefreshTokenDuration()
        Get the value of the duration of refresh tokens per client in seconds.

        In normal cases, the value of the service's refreshTokenDuration property is used as the duration of refresh tokens issued by the service. However, if this refreshTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of refresh tokens issued to the client application.

        Note that the duration of refresh tokens can be controlled by the scope attribute "refresh_token.duration", too. Authlete chooses the minimum value among the candidates.

        Returns:
        The duration of refresh tokens per client in seconds.
        Since:
        2.59

      • setRefreshTokenDuration

        public ClientExtension setRefreshTokenDuration​(long duration)
        Set the value of the duration of refresh tokens per client in seconds.

        In normal cases, the value of the service's refreshTokenDuration property is used as the duration of refresh tokens issued by the service. However, if this refreshTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of refresh tokens issued to the client application.

        Note that the duration of refresh tokens can be controlled by the scope attribute "refresh_token.duration", too. Authlete chooses the minimum value among the candidates.

        Parameters:
        duration - The duration of refresh tokens per client in seconds.
        Returns:
        this object.
        Since:
        2.59

      • isTokenExchangePermitted

        public boolean isTokenExchangePermitted()
        Get the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).

        This flag is referred to only when the tokenExchangeByPermittedClientOnly flag of the service which the client belongs to is true.

        Returns:
        true when the client is explicitly given a permission to make token exchange requests.
        Since:
        3.26, Authlete 2.3
        See Also:
        Service.isTokenExchangeByPermittedClientsOnly(), RFC 8693 OAuth 2.0 Token Exchange

      • setTokenExchangePermitted

        public ClientExtension setTokenExchangePermitted​(boolean permitted)
        Set the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).

        This flag is referred to only when the tokenExchangeByPermittedClientOnly flag of the service which the client belongs to is true.

        Parameters:
        permitted - true to explicitly give the client a permission to make token exchange requests.
        Returns:
        this instance.
        Since:
        3.26, Authlete 2.3
        See Also:
        Service.setTokenExchangeByPermittedClientsOnly(boolean), RFC 8693 OAuth 2.0 Token Exchange

      • getIdTokenDuration

        public long getIdTokenDuration()
        Get the value of the duration of ID tokens per client in seconds.

        In normal cases, the value of the service's idTokenDuration property is used as the duration of ID tokens issued by the service. However, if this idTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of ID tokens issued to the client application.

        Note that the duration of ID tokens can be controlled by the scope attribute "id_token.duration", too. Authlete chooses the minimum value among the candidates.

        Returns:
        The duration of ID tokens per client in seconds.
        Since:
        4.19, Authlete 3.0.14

      • setIdTokenDuration

        public ClientExtension setIdTokenDuration​(long duration)
        Set the value of the duration of ID tokens per client in seconds.

        In normal cases, the value of the service's idTokenDuration property is used as the duration of ID tokens issued by the service. However, if this idTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of access tokens issued to the client application.

        Note that the duration of access tokens can be controlled by the scope attribute "id_token.duration", too. Authlete chooses the minimum value among the candidates.

        Parameters:
        duration - The duration of ID tokens per client in seconds.
        Returns:
        this object.
        Since:
        4.19, Authlete 3.0.14