Package com.authlete.jaxrs

Class AccessTokenValidator

  • public class AccessTokenValidator
extends Object
    Access token validator.
    Since:
    1.2
    Author:
    Takahiko Kawasaki

    • Constructor Detail

      • AccessTokenValidator

        public AccessTokenValidator​(com.authlete.common.api.AuthleteApi api)
        Constructor with an implementation of AuthleteApi interface.
        Parameters:
        api - Implementation of AuthleteApi interface.

    • Method Detail

      • validate

        public AccessTokenInfo validate​(String accessToken)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validate(accessToken, (Options)null).
        Parameters:
        accessToken - An access token to validate.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, the access token does not exist or it has expired.

      • validate

        public AccessTokenInfo validate​(String accessToken,
                                com.authlete.common.api.Options options)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validate(accessToken, null, options).

        When the given access token is not valid, this method throws a WebApplicationException. The response contained in the exception complies with the requirements described in RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage).

        Parameters:
        accessToken - An access token to validate.
        options - The request options for the /api/auth/introspection API.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, the access token does not exist or it has expired.
        Since:
        2.82

      • validate

        public AccessTokenInfo validate​(String accessToken,
                                String[] requiredScopes)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validate(accessToken, requiredScopes, null).
        Parameters:
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.

      • validate

        public AccessTokenInfo validate​(String accessToken,
                                String[] requiredScopes,
                                com.authlete.common.api.Options options)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validate (accessToken, requiredScopes, null, null, options).
        Parameters:
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        options - The request options for the /api/auth/introspection API.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.
        Since:
        2.82

      • validate

        public AccessTokenInfo validate​(String accessToken,
                                String[] requiredScopes,
                                String requiredSubject,
                                String clientCertificate)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validate (accessToken, requiredScopes, requiredSubject, clientCertificate, null).
        Parameters:
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        requiredSubject - Subject (= user's unique identifier) that must be associated with the access token. null is okay.
        clientCertificate - TLS Certificate of the client presented during a call to the resource server, used with TLS-bound access tokens. Can be null if no certificate is presented.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.
        4. The access token is not associated with the required subject.
        5. The access token is bound to a client certificate, but the presented one does not match.
        Since:
        2.27

      • validate

        public AccessTokenInfo validate​(String accessToken,
                                String[] requiredScopes,
                                String requiredSubject,
                                String clientCertificate,
                                com.authlete.common.api.Options options)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of the validate(Params, Options) method.

        When the given access token is not valid, this method throws a WebApplicationException. The response contained in the exception complies with the requirements described in RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage).

        Parameters:
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        requiredSubject - Subject (= user's unique identifier) that must be associated with the access token. null is okay.
        clientCertificate - TLS Certificate of the client presented during a call to the resource server, used with TLS-bound access tokens. Can be null if no certificate is presented.
        options - The request options for the /api/auth/introspection API.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.
        4. The access token is not associated with the required subject.
        5. The access token is bound to a client certificate, but the presented one does not match.
        Since:
        2.82

      • validate

        public AccessTokenInfo validate​(AccessTokenValidator.Params params)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of the validate(Params, Options) method.
        Parameters:
        params - The request parameters needed for access token validation.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid.
        Since:
        2.27

      • validate

        public AccessTokenInfo validate​(AccessTokenValidator.Params params,
                                com.authlete.common.api.Options options)
                         throws javax.ws.rs.WebApplicationException
        Validate an access token.
        Parameters:
        params - The request parameters needed for access token validation.
        options - The request options for the /api/auth/introspection API.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid.
        Since:
        2.82

      • validate

        public com.authlete.common.dto.IntrospectionResponse validate​(com.authlete.common.dto.IntrospectionRequest request)
                                                       throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of the validate(request, null).
        Parameters:
        request - The request parameters for the /api/auth/introspection API.
        Returns:
        The response from the /api/auth/introspection API.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid or something unexpected happened. This exception is raised when the action response parameter in the response from the /auth/introspection API is not OK.
        Since:
        2.66

      • validate

        public com.authlete.common.dto.IntrospectionResponse validate​(com.authlete.common.dto.IntrospectionRequest request,
                                                              com.authlete.common.api.Options options)
                                                       throws javax.ws.rs.WebApplicationException
        Validate an access token.
        Parameters:
        request - The request parameters for the /api/auth/introspection API.
        options - The request options for the /api/auth/introspection API.
        Returns:
        The response from the /api/auth/introspection API.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid or something unexpected happened. This exception is raised when the action response parameter in the response from the /api/auth/introspection API is not OK.
        Since:
        2.82

      • getApiCaller

        protected com.authlete.jaxrs.AuthleteApiCaller getApiCaller()

      • unexpected

        protected javax.ws.rs.InternalServerErrorException unexpected​(String message,
                                                              Throwable cause)