public class ClientExtension extends Object implements Serializable
There are some attributes that belong to a client application but should not be changed by the developer of the client application. Basically, this class holds such attributes.
For example, an authorization server may narrow the range of scopes (permissions) that a particular client application can request. In this case, it is meaningless if the developer of the client application can freely decide the set of requestable scopes. It is not the developer of the client application but the administrator of the authorization server that should be allowed to define the set of scopes that the client application can request.
Constructor and Description |
---|
ClientExtension() |
Modifier and Type | Method and Description |
---|---|
long |
getAccessTokenDuration()
Get the value of the duration of access tokens per client in seconds.
|
long |
getRefreshTokenDuration()
Get the value of the duration of refresh tokens per client in seconds.
|
String[] |
getRequestableScopes()
Get the set of scopes that this client application can request when
"Requestable Scopes per Client" is enabled (= when
isRequestableScopesEnabled() returns true ). |
boolean |
isRequestableScopesEnabled()
Check whether "Requestable Scopes per Client" is enabled or not.
|
boolean |
isTokenExchangePermitted()
Get the flag indicating whether the client is explicitly given a
permission to make token exchange requests (cf. RFC 8693).
|
ClientExtension |
setAccessTokenDuration(long duration)
Set the value of the duration of access tokens per client in seconds.
|
ClientExtension |
setRefreshTokenDuration(long duration)
Set the value of the duration of refresh tokens per client in seconds.
|
ClientExtension |
setRequestableScopes(Set<String> scopes)
Set the set of scopes that this client application can request when
"Requestable Scopes per Client" is enabled (= when
isRequestableScopesEnabled() returns true ). |
ClientExtension |
setRequestableScopes(String[] scopes)
Set the set of scopes that this client application can request when
"Requestable Scopes per Client" is enabled (= when
isRequestableScopesEnabled() returns true ). |
ClientExtension |
setRequestableScopesEnabled(boolean enabled)
Enable or disable "Requestable Scopes per Client".
|
ClientExtension |
setTokenExchangePermitted(boolean permitted)
Set the flag indicating whether the client is explicitly given a
permission to make token exchange requests (cf. RFC 8693).
|
public boolean isRequestableScopesEnabled()
If this method returns true
, a special set of scopes (permissions)
is defined on the server side (the requestableScopes
array
represents the special set) and scopes which this client application can
request are limited to the scopes listed in the set. In other words, this
application cannot request scopes that are not included in the set. To be
specific, this client application cannot list other scopes in the scope
request parameter when it makes an authorization request. To be
exact, other scopes can be listed but will be ignored by the authorization
server.
On the other hand, if this method returns false
, the valid set of
scopes (permissions) that this client application can request is equal to
the whole scope set defined by the authorization server.
true
if "Requestable Scopes per Client" is enabled
for this client. Otherwise, false
.public ClientExtension setRequestableScopesEnabled(boolean enabled)
See the description of isRequestableScopesEnabled()
for details
about "Requestable Scopes per Client".
enabled
- true
to enable "Requestable Scopes per Client".
false
to disable it.this
object.public String[] getRequestableScopes()
isRequestableScopesEnabled()
returns true
).
See the description of isRequestableScopesEnabled()
for details
about "Requestable Scopes per Client".
public ClientExtension setRequestableScopes(String[] scopes)
isRequestableScopesEnabled()
returns true
).
See the description of isRequestableScopesEnabled()
for details
about "Requestable Scopes per Client".
scopes
- A set of scopes.this
object.public ClientExtension setRequestableScopes(Set<String> scopes)
isRequestableScopesEnabled()
returns true
).
See the description of isRequestableScopesEnabled()
for details
about "Requestable Scopes per Client".
scopes
- A set of scopes.this
object.public long getAccessTokenDuration()
In normal cases, the value of the service
's
accessTokenDuration
property is used as the duration of access
tokens issued by the service. However, if this accessTokenDuration
property holds a non-zero positive number and its value is less than the
duration configured by the service, the value is used as the duration of
access tokens issued to the client application.
Note that the duration of access tokens can be controlled by the scope
attribute "access_token.duration"
, too. Authlete chooses the
minimum value among the candidates.
public ClientExtension setAccessTokenDuration(long duration)
In normal cases, the value of the service
's
accessTokenDuration
property is used as the duration of access
tokens issued by the service. However, if this accessTokenDuration
property holds a non-zero positive number and its value is less than the
duration configured by the service, the value is used as the duration of
access tokens issued to the client application.
Note that the duration of access tokens can be controlled by the scope
attribute "access_token.duration"
, too. Authlete chooses the
minimum value among the candidates.
duration
- The duration of access tokens per client in seconds.this
object.public long getRefreshTokenDuration()
In normal cases, the value of the service
's
refreshTokenDuration
property is used as the duration of refresh
tokens issued by the service. However, if this refreshTokenDuration
property holds a non-zero positive number and its value is less than the
duration configured by the service, the value is used as the duration of
refresh tokens issued to the client application.
Note that the duration of refresh tokens can be controlled by the scope
attribute "refresh_token.duration"
, too. Authlete chooses the
minimum value among the candidates.
public ClientExtension setRefreshTokenDuration(long duration)
In normal cases, the value of the service
's
refreshTokenDuration
property is used as the duration of refresh
tokens issued by the service. However, if this refreshTokenDuration
property holds a non-zero positive number and its value is less than the
duration configured by the service, the value is used as the duration of
refresh tokens issued to the client application.
Note that the duration of refresh tokens can be controlled by the scope
attribute "refresh_token.duration"
, too. Authlete chooses the
minimum value among the candidates.
duration
- The duration of refresh tokens per client in seconds.this
object.public boolean isTokenExchangePermitted()
This flag is referred to only when the
tokenExchangeByPermittedClientOnly
flag of the service which
the client belongs to is true
.
true
when the client is explicitly given a permission
to make token exchange requests.Service.isTokenExchangeByPermittedClientsOnly()
,
RFC 8693 OAuth 2.0 Token Exchangepublic ClientExtension setTokenExchangePermitted(boolean permitted)
This flag is referred to only when the
tokenExchangeByPermittedClientOnly
flag of the service which
the client belongs to is true
.
permitted
- true
to explicitly give the client a permission to
make token exchange requests.this
instance.Service.setTokenExchangeByPermittedClientsOnly(boolean)
,
RFC 8693 OAuth 2.0 Token ExchangeCopyright © 2023. All rights reserved.