Package org.forgerock.oauth2.core

Class AccessTokenService

java.lang.Object

org.forgerock.oauth2.core.AccessTokenService

public class AccessTokenService
extends Object

Handles access token requests from OAuth2 clients to the OAuth2 provider to grant access tokens for the requested grant types.

Since:

12.0.0

Constructor Summary

Constructors

Constructor	Description
AccessTokenService(Map<String,GrantTypeHandler> grantTypeHandlers, ClientAuthenticator clientAuthenticator, TokenStore tokenStore, OAuth2ProviderSettingsFactory providerSettingsFactory, OAuth2UrisFactory urisFactory, ConfirmationKeyValidator confirmationKeyValidator)	Constructs a new AccessTokenServiceImpl.

Method Summary

Modifier and Type	Method	Description
AccessToken	refreshToken(OAuth2Request request)	Handles a request to refresh an already issued access token for a OAuth2 client, validates that the request is valid and contains the required parameters, checks that the refresh token on the request is valid and has not expired, or been previously used to refresh an access token.
AccessToken	requestAccessToken(OAuth2Request request)	Handles a request for access token(s) by a OAuth2 client, validates that the request is valid and contains the required parameters, checks that the authorization code on the request is valid and has not expired, or been previously used.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessTokenService

@Inject
public AccessTokenService(Map<String,GrantTypeHandler> grantTypeHandlers,
                          ClientAuthenticator clientAuthenticator,
                          TokenStore tokenStore,
                          OAuth2ProviderSettingsFactory providerSettingsFactory,
                          OAuth2UrisFactory urisFactory,
                          ConfirmationKeyValidator confirmationKeyValidator)

Constructs a new AccessTokenServiceImpl.

Parameters:

grantTypeHandlers - A Map of the grant type handlers.

clientAuthenticator - An instance of the ClientAuthenticator.

tokenStore - An instance of the TokenStore.

providerSettingsFactory - An instance of the OAuth2ProviderSettingsFactory.

urisFactory - An instance of the OAuth2UrisFactory.

Method Detail

requestAccessToken

public AccessToken requestAccessToken(OAuth2Request request)
                               throws RedirectUriMismatchException,
                                      InvalidClientException,
                                      InvalidRequestException,
                                      InvalidCodeException,
                                      InvalidGrantException,
                                      ServerException,
                                      UnauthorizedClientException,
                                      InvalidScopeException,
                                      NotFoundException,
                                      AuthorizationPendingException,
                                      ExpiredTokenException,
                                      AuthorizationDeclinedException,
                                      BadRequestException

Handles a request for access token(s) by a OAuth2 client, validates that the request is valid and contains the required parameters, checks that the authorization code on the request is valid and has not expired, or been previously used.

Parameters:

request - The OAuth2Request for the client requesting an access token. Must not be null.

Returns:

An AccessToken.

Throws:

InvalidGrantException - If the requested grant on the request is not supported.

RedirectUriMismatchException - If the redirect uri on the request does not match the redirect uri registered for the client.

InvalidClientException - If either the request does not contain the client's id or the client fails to be authenticated.

InvalidRequestException - If the request is missing any required parameters or is otherwise malformed.

InvalidCodeException - If the authorization code on the request has expired.

ServerException - If any internal server error occurs.

UnauthorizedClientException - If the client's authorization fails.

IllegalArgumentException - If the request is missing any required parameters.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

InvalidScopeException

AuthorizationPendingException

ExpiredTokenException

AuthorizationDeclinedException

BadRequestException

refreshToken

public AccessToken refreshToken(OAuth2Request request)
                         throws InvalidClientException,
                                InvalidRequestException,
                                BadRequestException,
                                ServerException,
                                ExpiredTokenException,
                                InvalidGrantException,
                                InvalidScopeException,
                                NotFoundException

Handles a request to refresh an already issued access token for a OAuth2 client, validates that the request is valid and contains the required parameters, checks that the refresh token on the request is valid and has not expired, or been previously used to refresh an access token.

Parameters:

request - The OAuth2Request for the client requesting an refresh token. Must not be null.

Returns:

An Access Token.

Throws:

InvalidClientException - If either the request does not contain the client's id or the client fails to be authenticated.

InvalidRequestException - If the request is missing any required parameters or is otherwise malformed.

BadRequestException - If the request is malformed.

ServerException - If any internal server error occurs.

ExpiredTokenException - If the access token or refresh token has expired.

IllegalArgumentException - If the request is missing any required parameters.

InvalidGrantException - If the given token is not a refresh token.

NotFoundException - If the realm does not have an OAuth 2.0 provider service.

InvalidScopeException