Package com.authlete.common.dto

Class GMRequest

  • All Implemented Interfaces:
    Serializable
    public class GMRequest
extends Object
implements Serializable
    Request to Authlete's /api/gm API.
    gmAction (REQUIRED)

    The grant management action of the grant management request. Either QUERY or REVOKE.

    grantId (REQUIRED)

    The grant ID of the grant management request.

    accessToken (REQUIRED)

    The access token included in the grant management request.

    clientCertificate (OPTIONAL)

    The client certificate used in the TLS connection established between the client application and the grant management endpoint. See "RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens" for details.

    dpop (OPTIONAL)

    The value of the DPoP HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    htm (OPTIONAL)

    The HTTP method of the grant management request. Either "GET" or "DELETE". This parameter is used to validate the value of the DPoP HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    API callers don't have to specify this parameter unless they have a special reason because the default value can be easily determined based on the value of gmAction.

    htu (OPTIONAL)

    The URL of the grant management endpoint. This parameter is used to validate the value of the DPoP HTTP header. See RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) for details.

    When omitted, a string built by concatenating (1) the grantManagementEndpoint property of the Service, (2) a slash (/) and (3) the grant ID is used as the default value.

    dpopNonceRequired (OPTIONAL; Authlete 3.0 onwards)

    The flag indicating whether to require the DPoP proof JWT to include the nonce claim. Even if the service's dpopNonceRequired property is false, calling the /auth/gm API with this dpopNonceRequired parameter true will force the Authlete API to check whether the DPoP proof JWT includes the expected nonce value.

    Since:
    3.1
    See Also:
    Grant Management for OAuth 2.0, Serialized Form

    • Constructor Detail

      • GMRequest

        public GMRequest()

    • Method Detail

      • getGmAction

        public GMAction getGmAction()
        Get the grant management action of the grant management request. Either QUERY or REVOKE.
        Returns:
        The grant management action of the grant management request.

      • setGmAction

        public GMRequest setGmAction​(GMAction gmAction)
        Set the grant management action of the grant management request. Either QUERY or REVOKE.
        Parameters:
        gmAction - The grant management action of the grant management request.
        Returns:
        this object.

      • getGrantId

        public String getGrantId()
        Get the grant ID of the grant management request.
        Returns:
        The grant ID.

      • setGrantId

        public GMRequest setGrantId​(String grantId)
        Set the grant ID of the grant management request.
        Parameters:
        grantId - The grant ID.
        Returns:
        this object.

      • getAccessToken

        public String getAccessToken()
        Get the access token which has come along with the grant management request from the client application.
        Returns:
        The access token.

      • setAccessToken

        public GMRequest setAccessToken​(String accessToken)
        Set the access token that has come along with the grant management request from the client application.
        Parameters:
        accessToken - The access token.
        Returns:
        this object.

      • getHtm

        public String getHtm()
        Get the HTTP method of the grant management request.

        This property is used to validate the value of the DPoP header.

        When this property is omitted, "GET" is used as the default value in the case of gmAction=QUERY. Likewise, "DELETE" is used as the default value in the case of gmAction=REVOKE.

        Returns:
        The HTTP method of the grant management request.
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setHtm

        public GMRequest setHtm​(String htm)
        Set the HTTP method of the grant management request.

        This property is used to validate the value of the DPoP header.

        When this property is omitted, "GET" is used as the default value in the case of gmAction=QUERY. Likewise, "DELETE" is used as the default value in the case of gmAction=REVOKE.

        Parameters:
        htm - The HTTP method of the grant management request.
        Returns:
        this object.
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • getHtu

        public String getHtu()
        Get the URL of the grant management endpoint.

        This property is used to validate the value of the DPoP header.

        When this property is omitted, a string built by concatenating (1) the grantManagementEndpoint property of the Service, (2) a slash (/) and (3) the grant ID is used as the default value.

        Returns:
        The URL of the grant management endpoint.
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setHtu

        public GMRequest setHtu​(String htu)
        Set the URL of the grant management endpoint.

        This property is used to validate the value of the DPoP header.

        When this property is omitted, a string built by concatenating (1) the grantManagementEndpoint property of the Service, (2) a slash (/) and (3) the grant ID is used as the default value.

        Parameters:
        htu - The URL of the userinfo endpoint.
        Returns:
        this object.
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • isDpopNonceRequired

        public boolean isDpopNonceRequired()
        Get the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /auth/gm API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /auth/gm API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Returns:
        true if the /auth/gm API checks whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)

      • setDpopNonceRequired

        public GMRequest setDpopNonceRequired​(boolean required)
        Set the flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.

        If this request parameter is true or if the service's dpopNonceRequired property (Service.isDpopNonceRequired()) is true, the /auth/gm API checks if the DPoP proof JWT includes the expected nonce value. In this case, the response from the /auth/gm API will include the dpopNonce response parameter, which should be used as the value of the DPoP-Nonce HTTP header.

        Parameters:
        required - true to have the /auth/gm API check whether the DPoP proof JWT includes the expected nonce value, even if the service's dpopNonceRequired property is false.
        Returns:
        this object.
        Since:
        3.82, Authlete 3.0
        See Also:
        RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)