Package com.authlete.common.dto

Class RevocationResponse

  • All Implemented Interfaces:
    Serializable
    public class RevocationResponse
extends ApiResponse
    Response from Authlete's /auth/revocation API.

    Authlete's /auth/revocation API returns JSON which can be mapped to this class. The service implementation should retrieve the value of "action" from the response and take the following steps according to the value.

    INVALID_CLIENT

    When the value of "action" is "INVALID_CLIENT", it means that authentication of the client failed. In this case, the HTTP status of the response to the client application is either "400 Bad Request" or "401 Unauthorized". The description about "invalid_client" shown below is an excerpt from RFC 6749.

    invalid_client

    Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.

    In either case, the JSON string returned by getResponseContent() can be used as the entity body of the response to the client application.

    The following illustrates the response which the service implementation should generate and return to the client application. 

     HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())
     HTTP/1.1 401 Unauthorized
 WWW-Authenticate: (challenge)
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())
    INTERNAL_SERVER_ERROR

    When the value of "action" is "INTERNAL_SERVER_ERROR", it means that the request from the service implementation (RevocationRequest) was wrong or that an error occurred in Authlete.

    In either case, from the viewpoint of the client application, it is an error on the server side. Therefore, the service implementation should generate a response to the client application with the HTTP status of "500 Internal Server Error".

    getResponseContent() returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the service implementation should generate and return to the client application. 

     HTTP/1.1 500 Internal Server Error
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())
    BAD_REQUEST

    When the value of "action" is "BAD_REQUEST", it means that the request from the client application is invalid.

    The HTTP status of the response returned to the client application must be "400 Bad Request" and the content type must be "application/json". RFC 7009, 2.2.1. Error Response states "The error presentation conforms to the definition in Section 5.2 of [RFC 6749]."

    getResponseContent() returns a JSON string which describes the error, so it can be used as the entity body of the response.

    The following illustrates the response which the service implementation should generate and return to the client application. 

     HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())
    OK

    When the value of "action" is "OK", it means that the request from the client application is valid and the presented token has been revoked successfully or that the client submitted an invalid token. Note that invalid tokens do not cause an error. See 2.2. Revocation Response for details.

    The HTTP status of the response returned to the client application must be "200 OK".

    If the original request from the client application contains callback request parameter and its value is not empty, the content type should be "application/javascript" and the content should be a JavaScript snippet for JSONP.

    getResponseContent() returns a JavaScript snippet if the original request from the client application contains callback request parameter and its value is not empty. Otherwise, getResponseContent() returns null.

    The following illustrates the response which the service implementation should generate and return to the client application. 

     HTTP/1.1 200 OK
 Content-Type: application/javascript
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())
    Since:
    1.16, Authlete 1.1
    Author:
    Takahiko Kawasaki
    See Also:
    RFC 7009, OAuth 2.0 Token Revocation, Serialized Form

    • Constructor Detail

      • RevocationResponse

        public RevocationResponse()

    • Method Detail

      • setAction

        public void setAction​(RevocationResponse.Action action)
        Set the next action that the service implementation should take.

      • getResponseContent

        public String getResponseContent()
        Get the response content which can be used as the entity body of the response returned to the client application.

      • setResponseContent

        public void setResponseContent​(String responseContent)
        Set the response content which can be used as the entity body of the response returned to the client application.

      • summarize

        public String summarize()
        Get the summary of this instance.