Package com.authlete.common.dto

Class RevocationRequest

  • All Implemented Interfaces:
    Serializable
    public class RevocationRequest
extends Object
implements Serializable
    Request to Authlete's /auth/revocation API.
    parameters (REQUIRED)

    OAuth 2.0 token revocation request parameters which are the request parameters that the OAuth 2.0 token revocation endpoint (RFC 7009) of the service implementation received from the client application.

    The value of "parameters" is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request from the client application.

    clientId (OPTIONAL)

    The client ID extracted from Authorization header of the revocation request from the client application.

    If the token revocation endpoint of the service implementation supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client ID in Authorization header, the value should be extracted and set to this parameter.

    clientSecret (OPTIONAL)

    The client secret extracted from Authorization header of the revocation request from the client application.

    If the token revocation endpoint of the service implementation supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client secret in Authorization header, the value should be extracted and set to this parameter.

    clientCertificate (OPTIONAL)

    The client certification used in the TLS connection between the client application and the revocation endpoint.

    clientCertificatePath (OPTIONAL)

    The client certificate path presented by the client during client authentication. Each element is a string in PEM format.

    oauthClientAttestation (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    oauthClientAttestationPop (OPTIONAL; Authlete 3.0 onwards)

    The value of the OAuth-Client-Attestation-PoP HTTP header, which is defined in the specification of OAuth 2.0 Attestation-Based Client Authentication.

    The entity body of a token revocation request may contain the client ID (client_id) and the client secret (client_secret) along with other request parameters as described in RFC 6749, 2.3.1. Client Password. If the client credentials are contained in both Authorization header and the entity body, they must be identical. Otherwise, Authlete's /auth/revocation API generates an error (it's not a service error but a client error).

    When the presented token is an access token, the implementation revokes the access token and its associated refresh token, too. Likewise, if the presented token is a refresh token, the implementation revokes the refresh token and its associated access token. Note that, however, other access tokens and refresh tokens are not revoked even though their associated client application, subject and grant type are equal to those of the token to be revoked.

    Since:
    1.16
    Author:
    Takahiko Kawasaki
    See Also:
    Serialized Form

    • Constructor Detail

      • RevocationRequest

        public RevocationRequest()

    • Method Detail

      • getParameters

        public String getParameters()
        Get the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

      • setParameters

        public RevocationRequest setParameters​(String parameters)
        Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

      • setParameters

        public RevocationRequest setParameters​(Map<String,​String[]> parameters)
        Set the value of parameters which are the request parameters that the OAuth 2.0 token revocation endpoint of the service implementation received from the client application.

        This method converts the given map into a string in x-www-form-urlencoded and passes it to setParameters(String) method.

        Parameters:
        parameters - Request parameters.
        Returns:
        this object.
        Since:
        1.24

      • getClientId

        public String getClientId()
        Get the client ID extracted from Authorization header of the token revocation request from the client application.

      • setClientId

        public RevocationRequest setClientId​(String clientId)
        Set the client ID extracted from Authorization header of the token revocation request from the client application.

      • getClientSecret

        public String getClientSecret()
        Get the client secret extracted from Authorization header of the token revocation request from the client application.

      • setClientSecret

        public RevocationRequest setClientSecret​(String clientSecret)
        Set the client secret extracted from Authorization header of the token revocation request from the client application.

      • getClientCertificate

        public String getClientCertificate()
        Get the client certificate used in the TLS connection between the client application and the revocation endpoint.
        Returns:
        The client certificate.
        Since:
        2.88

      • setClientCertificate

        public RevocationRequest setClientCertificate​(String certificate)
        Set the client certificate used in the TLS connection between the client application and the revocation endpoint.
        Parameters:
        certificate - The client certificate.
        Returns:
        this object.
        Since:
        2.88

      • getClientCertificatePath

        public String[] getClientCertificatePath()
        Get the client certificate path presented by the client during client authentication.
        Returns:
        The client certificate path. Each element is a string in PEM format.
        Since:
        2.88

      • setClientCertificatePath

        public RevocationRequest setClientCertificatePath​(String[] path)
        Set the client certificate path presented by the client during client authentication.
        Parameters:
        path - The client certificate path. Each element is a string in PEM format.
        Returns:
        this object.
        Since:
        2.88

      • getOauthClientAttestation

        public String getOauthClientAttestation()
        Get the value of the OAuth-Client-Attestation HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication

      • getOauthClientAttestationPop

        public String getOauthClientAttestationPop()
        Get the value of the OAuth-Client-Attestation-PoP HTTP header.
        Returns:
        The value of the OAuth-Client-Attestation-PoP HTTP header.
        Since:
        4.3, Authlete 3.0
        See Also:
        OAuth 2.0 Attestation-Based Client Authentication