Package org.forgerock.oauth2.core

Interface TokenStore

    • Field Detail

      • REALM_AGNOSTIC_TOKEN_STORE

        static final String REALM_AGNOSTIC_TOKEN_STORE
        A constant to identify the realm agnostic version of the TokenStore implementation when using dependency injection. The realm agnostic TokenStore does not verify whether the incoming OAuth2Request's realm is the same as the OAuth2 access token's realm.
        See Also:
        Constant Field Values

    • Method Detail

      • createAuthorizationCode

        AuthorizationCode createAuthorizationCode​(Set<String> scope,
                                          ResourceOwner resourceOwner,
                                          String clientId,
                                          String redirectUri,
                                          String nonce,
                                          OAuth2Request request,
                                          String codeChallenge,
                                          String codeChallengeMethod)
                                   throws ServerException,
                                          NotFoundException
        Creates an Authorization Code and stores it in the OAuth2 Provider's store.
        Parameters:
        scope - The requested scope.
        resourceOwner - The resource owner.
        clientId - The client's id.
        redirectUri - The redirect uri.
        nonce - The nonce.
        request - The OAuth2 request.
        codeChallenge -
        codeChallengeMethod -
        Returns:
        An AuthorizationCode.
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createAccessToken

        AccessToken createAccessToken​(String grantType,
                              String accessTokenType,
                              String authorizationCode,
                              String resourceOwnerId,
                              String clientId,
                              String redirectUri,
                              Set<String> scope,
                              RefreshToken refreshToken,
                              String nonce,
                              String claims,
                              OAuth2Request request)
                       throws ServerException,
                              NotFoundException
        Creates an Access Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The grant type.
        accessTokenType - The access token type.
        authorizationCode - The authorization code.
        resourceOwnerId - The resource owner's id.
        clientId - The client's id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        refreshToken - The refresh token. May be null.
        nonce - The nonce.
        claims - Additional claims requested (for id_token or userinfo).
        request - The OAuth2 request.
        Returns:
        An Access Token.
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createAccessToken

        AccessToken createAccessToken​(String grantType,
                              String accessTokenType,
                              String authorizationCode,
                              String resourceOwnerId,
                              String clientId,
                              String redirectUri,
                              Set<String> scope,
                              RefreshToken refreshToken,
                              String nonce,
                              String claims,
                              OAuth2Request request,
                              long authTime)
                       throws ServerException,
                              NotFoundException
        Creates an Access Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The grant type.
        accessTokenType - The access token type.
        authorizationCode - The authorization code.
        resourceOwnerId - The resource owner's id.
        clientId - The client's id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        refreshToken - The refresh token. May be null.
        nonce - The nonce.
        claims - Additional claims requested (for id_token or userinfo).
        request - The OAuth2 request.
        authTime - The end user's authentication time.
        Returns:
        An Access Token.
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createRefreshToken

        RefreshToken createRefreshToken​(String grantType,
                                String clientId,
                                String resourceOwnerId,
                                String redirectUri,
                                Set<String> scope,
                                OAuth2Request request)
                         throws ServerException,
                                NotFoundException
        Creates a Refresh Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The OAuth2 Grant Type.
        clientId - The client's id.
        resourceOwnerId - The resource owner's Id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        request - The OAuth2 request.
        Returns:
        A RefreshToken
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createRefreshToken

        RefreshToken createRefreshToken​(String grantType,
                                String clientId,
                                String resourceOwnerId,
                                String redirectUri,
                                Set<String> scope,
                                OAuth2Request request,
                                String validatedClaims)
                         throws ServerException,
                                NotFoundException
        Creates a Refresh Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The OAuth2 Grant Type.
        clientId - The client's id.
        resourceOwnerId - The resource owner's Id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        request - The OAuth2 request.
        validatedClaims - The validated claims.
        Returns:
        A RefreshToken
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createRefreshToken

        RefreshToken createRefreshToken​(String grantType,
                                String clientId,
                                String resourceOwnerId,
                                String redirectUri,
                                Set<String> scope,
                                OAuth2Request request,
                                String validatedClaims,
                                long authTime)
                         throws ServerException,
                                NotFoundException
        Creates a Refresh Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The OAuth2 Grant Type.
        clientId - The client's id.
        resourceOwnerId - The resource owner's Id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        request - The OAuth2 request.
        validatedClaims - The validated claims.
        authTime - The end user's authentication time.
        Returns:
        A RefreshToken
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createRefreshToken

        RefreshToken createRefreshToken​(String grantType,
                                String clientId,
                                String resourceOwnerId,
                                String redirectUri,
                                Set<String> scope,
                                OAuth2Request request,
                                String validatedClaims,
                                String authGrantId)
                         throws ServerException,
                                NotFoundException
        Creates a Refresh Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The OAuth2 Grant Type.
        clientId - The client's id.
        resourceOwnerId - The resource owner's Id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        request - The OAuth2 request.
        validatedClaims - The validated claims.
        authGrantId - The authorization grant Id.
        Returns:
        A RefreshToken
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • createRefreshToken

        RefreshToken createRefreshToken​(String grantType,
                                String clientId,
                                String resourceOwnerId,
                                String redirectUri,
                                Set<String> scope,
                                OAuth2Request request,
                                String validatedClaims,
                                String authGrantId,
                                long authTime)
                         throws ServerException,
                                NotFoundException
        Creates a Refresh Token and stores it in the OAuth2 Provider's store.
        Parameters:
        grantType - The OAuth2 Grant Type.
        clientId - The client's id.
        resourceOwnerId - The resource owner's Id.
        redirectUri - The redirect uri.
        scope - The requested scope.
        request - The OAuth2 request.
        validatedClaims - The validated claims.
        authGrantId - The authorization grant Id.
        authTime - The end user's authentication time.
        Returns:
        A RefreshToken
        Throws:
        ServerException - If any internal server error occurs.
        NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • deleteAuthorizationCode

        void deleteAuthorizationCode​(OAuth2Request request,
                             String authorizationCode)
                      throws NotFoundException,
                             ServerException
        Deletes an Authorization Code from the OAuth2 Provider's store.
        Parameters:
        request - The current request.
        authorizationCode - The authorization code.
        Throws:
        ServerException - If the authorization code could not be deleted.
        NotFoundException - If the requested realm does not exist.

      • createDeviceCode

        DeviceCode createDeviceCode​(Set<String> scope,
                            ResourceOwner resourceOwner,
                            String clientId,
                            String nonce,
                            String responseType,
                            String state,
                            String acrValues,
                            String prompt,
                            String uiLocales,
                            String loginHint,
                            Integer maxAge,
                            String claims,
                            OAuth2Request request,
                            String codeChallenge,
                            String codeChallengeMethod)
                     throws ServerException,
                            NotFoundException
        Creates a new device code token.
        Parameters:
        scope - The scope of the requested access token.
        resourceOwner - The resource owner ID.
        clientId - The client ID.
        nonce - The nonce for the ID token.
        responseType - The response type string.
        state - The client-side state token.
        acrValues - The requested ACR values.
        prompt - The prompt request parameter.
        uiLocales - The ui_locales request parameter.
        loginHint - The login_hint request parameter.
        maxAge - The max_age request parameter.
        claims - The claims request parameter for ID token claims.
        request - The request.
        codeChallenge - The submitted code challenge.
        codeChallengeMethod - The code challenge method.
        Returns:
        The created device code object.
        Throws:
        ServerException - If there was an error in constructing the code.
        NotFoundException - If the realm does not have an OAuth2Provider configured.

      • queryForToken

        org.forgerock.json.JsonValue queryForToken​(String realm,
                                           org.forgerock.util.query.QueryFilter<CoreTokenField> queryFilter)
                                    throws ServerException,
                                           NotFoundException
        Queries the OAuth2 Provider's store for tokens.
        Parameters:
        realm - The Realm.
        queryFilter - The query keyed by auth grant id, client id and resource owner.
        Returns:
        A JsonValue of the query results.
        Throws:
        ServerException - If there was an error in reading the token using the id.
        NotFoundException - If the realm does not have an OAuth2Provider configured.

      • delete

        void delete​(String realm,
            String tokenId)
     throws ServerException,
            NotFoundException
        Deletes the Token from the OAuth2 Provider's store with the specified identifier.
        Parameters:
        realm - The Realm
        tokenId - The token ID
        Throws:
        ServerException - If there was an error in reading the token using the id.
        NotFoundException - If the realm does not have an OAuth2Provider configured.

      • read

        org.forgerock.json.JsonValue read​(String tokenId)
                           throws ServerException,
                                  NotFoundException
        Reads the Token from the OAuth2 Provider's store with the specified identifier.
        Parameters:
        tokenId - The token ID
        Returns:
        A JsonValue of the token. May be null if the token is not found.
        Throws:
        ServerException - If there was an error in reading the token using the id.
        NotFoundException - If the realm does not have an OAuth2Provider configured.