Package com.adobe.granite.auth.oauth

Interface AccessTokenProvider

  • @ProviderType
public interface AccessTokenProvider
    Interface for an OAuth 2.0 access token provider using Authorization Grants as defined in the Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (see RFC 7523).
    Since:
    3.1
    See Also:
    AccessTokenRequestCustomizer

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.String getAccessToken​(ResourceResolver resolver, java.lang.String userId, java.util.Map<java.lang.String,​?> claims)
      Return a valid access token or throws an exception.
      @NotNull java.lang.String getApiKey()
      Return the ClientId, even called ApiKey, configured for the AccessTokenProvider
      @Nullable java.lang.String getKeyPairAlias()
      Return the KeyPairAlias, configured for the AccessTokenProvider.
      @Nullable java.lang.String getOrgId()
      Return the orgId, configured for the AccessTokenProvider.
      @Nullable java.lang.String getTechnicalAccount()
      Return the TechnicalAccount, configured for the AccessTokenProvider.

    • Method Detail

      • getAccessToken

        java.lang.String getAccessToken​(ResourceResolver resolver,
                                java.lang.String userId,
                                java.util.Map<java.lang.String,​?> claims)
                         throws CryptoException,
                                java.io.IOException,
                                java.lang.NullPointerException

        Return a valid access token or throws an exception. A new access token is obtained from the authorization server if needed, by generating a JWT and using it as authorization grant. Custom claims may be added via the claim parameter. The custom claims do override the claims computed by a AccessTokenProvider implementation.

        An implementation may or may not reuse the access tokens.

        Parameters:
        resolver - The resource resolver to access the user associated to the userId
        userId - The user identifier which has access to the required asymmetric cryptographic material
        claims - An optional map of JWT claims that overrides the claims computed by a AccessTokenProvider implementation. Providing an empty map or null uses the default AccessTokenProvider implementation claims
        Returns:
        A valid JWT access token or throws an Exception (does not return null)
        Throws:
        CryptoException - If an error occurred while generating/signing the JWT claim
        java.io.IOException - If an error occurred while communicating with the authorization server
        java.lang.NullPointerException - If the resolver or the userId is null

      • getApiKey

        @NotNull
@NotNull java.lang.String getApiKey()
        Return the ClientId, even called ApiKey, configured for the AccessTokenProvider
        Returns:

      • getTechnicalAccount

        @Nullable
@Nullable java.lang.String getTechnicalAccount()
        Return the TechnicalAccount, configured for the AccessTokenProvider. This is not required by the OAuth Server-to-Server flow, but can be stored for backward compatibility
        Returns:

      • getOrgId

        @Nullable
@Nullable java.lang.String getOrgId()
        Return the orgId, configured for the AccessTokenProvider. This is optional in the OAuth Server-to-Server flow, but can be stored for backward compatibility
        Returns:

      • getKeyPairAlias

        @Nullable
@Nullable java.lang.String getKeyPairAlias()
        Return the KeyPairAlias, configured for the AccessTokenProvider. This is not required by the OAuth Server-to-Server flow, but can be stored for backward compatibility
        Returns: