com.authlete.common.dto

Class ClientExtension

java.lang.Object

com.authlete.common.dto.ClientExtension

All Implemented Interfaces:

Serializable

public class ClientExtension
extends Object
implements Serializable

Client extension.

There are some attributes that belong to a client application but should not be changed by the developer of the client application. Basically, this class holds such attributes.

For example, an authorization server may narrow the range of scopes (permissions) that a particular client application can request. In this case, it is meaningless if the developer of the client application can freely decide the set of requestable scopes. It is not the developer of the client application but the administrator of the authorization server that should be allowed to define the set of scopes that the client application can request.

Since:

1.39

Author:

Takahiko Kawasaki

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
ClientExtension()

Method Summary

Modifier and Type	Method and Description
long	getAccessTokenDuration() Get the value of the duration of access tokens per client in seconds.
long	getRefreshTokenDuration() Get the value of the duration of refresh tokens per client in seconds.
String[]	getRequestableScopes() Get the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).
boolean	isRequestableScopesEnabled() Check whether "Requestable Scopes per Client" is enabled or not.
boolean	isTokenExchangePermitted() Get the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).
ClientExtension	setAccessTokenDuration(long duration) Set the value of the duration of access tokens per client in seconds.
ClientExtension	setRefreshTokenDuration(long duration) Set the value of the duration of refresh tokens per client in seconds.
ClientExtension	setRequestableScopes(Set<String> scopes) Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).
ClientExtension	setRequestableScopes(String[] scopes) Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).
ClientExtension	setRequestableScopesEnabled(boolean enabled) Enable or disable "Requestable Scopes per Client".
ClientExtension	setTokenExchangePermitted(boolean permitted) Set the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientExtension

public ClientExtension()

Method Detail

isRequestableScopesEnabled

public boolean isRequestableScopesEnabled()

Check whether "Requestable Scopes per Client" is enabled or not.

If this method returns true, a special set of scopes (permissions) is defined on the server side (the requestableScopes array represents the special set) and scopes which this client application can request are limited to the scopes listed in the set. In other words, this application cannot request scopes that are not included in the set. To be specific, this client application cannot list other scopes in the scope request parameter when it makes an authorization request. To be exact, other scopes can be listed but will be ignored by the authorization server.

On the other hand, if this method returns false, the valid set of scopes (permissions) that this client application can request is equal to the whole scope set defined by the authorization server.

Returns:

true if "Requestable Scopes per Client" is enabled for this client. Otherwise, false.

setRequestableScopesEnabled

public ClientExtension setRequestableScopesEnabled(boolean enabled)

Enable or disable "Requestable Scopes per Client".

See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

Parameters:

enabled - true to enable "Requestable Scopes per Client". false to disable it.

Returns:

this object.

getRequestableScopes

public String[] getRequestableScopes()

Get the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

Returns:

The set of scopes that this client application can request when "Requestable Scopes per Client" is enabled.

setRequestableScopes

public ClientExtension setRequestableScopes(String[] scopes)

Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

Parameters:

scopes - A set of scopes.

Returns:

this object.

setRequestableScopes

public ClientExtension setRequestableScopes(Set<String> scopes)

Set the set of scopes that this client application can request when "Requestable Scopes per Client" is enabled (= when isRequestableScopesEnabled() returns true).

See the description of isRequestableScopesEnabled() for details about "Requestable Scopes per Client".

Parameters:

scopes - A set of scopes.

Returns:

this object.

Since:

1.41

getAccessTokenDuration

public long getAccessTokenDuration()

Get the value of the duration of access tokens per client in seconds.

In normal cases, the value of the service's accessTokenDuration property is used as the duration of access tokens issued by the service. However, if this accessTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of access tokens issued to the client application.

Note that the duration of access tokens can be controlled by the scope attribute "access_token.duration", too. Authlete chooses the minimum value among the candidates.

Returns:

The duration of access tokens per client in seconds.

Since:

2.59

setAccessTokenDuration

public ClientExtension setAccessTokenDuration(long duration)

Set the value of the duration of access tokens per client in seconds.

In normal cases, the value of the service's accessTokenDuration property is used as the duration of access tokens issued by the service. However, if this accessTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of access tokens issued to the client application.

Note that the duration of access tokens can be controlled by the scope attribute "access_token.duration", too. Authlete chooses the minimum value among the candidates.

Parameters:

duration - The duration of access tokens per client in seconds.

Returns:

this object.

Since:

2.59

getRefreshTokenDuration

public long getRefreshTokenDuration()

Get the value of the duration of refresh tokens per client in seconds.

In normal cases, the value of the service's refreshTokenDuration property is used as the duration of refresh tokens issued by the service. However, if this refreshTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of refresh tokens issued to the client application.

Note that the duration of refresh tokens can be controlled by the scope attribute "refresh_token.duration", too. Authlete chooses the minimum value among the candidates.

Returns:

The duration of refresh tokens per client in seconds.

Since:

2.59

setRefreshTokenDuration

public ClientExtension setRefreshTokenDuration(long duration)

Set the value of the duration of refresh tokens per client in seconds.

In normal cases, the value of the service's refreshTokenDuration property is used as the duration of refresh tokens issued by the service. However, if this refreshTokenDuration property holds a non-zero positive number and its value is less than the duration configured by the service, the value is used as the duration of refresh tokens issued to the client application.

Note that the duration of refresh tokens can be controlled by the scope attribute "refresh_token.duration", too. Authlete chooses the minimum value among the candidates.

Parameters:

duration - The duration of refresh tokens per client in seconds.

Returns:

this object.

Since:

2.59

isTokenExchangePermitted

public boolean isTokenExchangePermitted()

Get the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).

This flag is referred to only when the tokenExchangeByPermittedClientOnly flag of the service which the client belongs to is true.

Returns:

true when the client is explicitly given a permission to make token exchange requests.

Since:

3.26, Authlete 2.3

See Also:

Service.isTokenExchangeByPermittedClientsOnly(), RFC 8693 OAuth 2.0 Token Exchange

setTokenExchangePermitted

public ClientExtension setTokenExchangePermitted(boolean permitted)

Set the flag indicating whether the client is explicitly given a permission to make token exchange requests (cf. RFC 8693).

This flag is referred to only when the tokenExchangeByPermittedClientOnly flag of the service which the client belongs to is true.

Parameters:

permitted - true to explicitly give the client a permission to make token exchange requests.

Returns:

this instance.

Since:

3.26, Authlete 2.3

See Also:

Service.setTokenExchangeByPermittedClientsOnly(boolean), RFC 8693 OAuth 2.0 Token Exchange