Package com.adobe.granite.auth.oauth

Interface AccessTokenProvider

@ProviderType public interface AccessTokenProvider
Interface for an OAuth 2.0 access token provider using Authorization Grants as defined in the Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (see RFC 7523).
Since:
3.1
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getAccessToken(ResourceResolver resolver, String userId, Map<String,?> claims)
    Return a valid access token or throws an exception.
    @NotNull String
    getApiKey()
    Return the ClientId, even called ApiKey, configured for the AccessTokenProvider
    @Nullable String
    getKeyPairAlias()
    Return the KeyPairAlias, configured for the AccessTokenProvider.
    @Nullable String
    getOrgId()
    Return the orgId, configured for the AccessTokenProvider.
    @Nullable String
    getTechnicalAccount()
    Return the TechnicalAccount, configured for the AccessTokenProvider.

  • Method Details

    • getAccessToken

      String getAccessToken(ResourceResolver resolver, String userId, Map<String,?> claims) throws CryptoException, IOException, NullPointerException

      Return a valid access token or throws an exception. A new access token is obtained from the authorization server if needed, by generating a JWT and using it as authorization grant. Custom claims may be added via the claim parameter. The custom claims do override the claims computed by a AccessTokenProvider implementation.

      An implementation may or may not reuse the access tokens.

      Parameters:
      resolver - The resource resolver to access the user associated to the userId
      userId - The user identifier which has access to the required asymmetric cryptographic material
      claims - An optional map of JWT claims that overrides the claims computed by a AccessTokenProvider implementation. Providing an empty map or null uses the default AccessTokenProvider implementation claims
      Returns:
      A valid JWT access token or throws an Exception (does not return null)
      Throws:
      CryptoException - If an error occurred while generating/signing the JWT claim
      IOException - If an error occurred while communicating with the authorization server
      NullPointerException - If the resolver or the userId is null

    • getApiKey

      @NotNull @NotNull String getApiKey()
      Return the ClientId, even called ApiKey, configured for the AccessTokenProvider
      Returns:

    • getTechnicalAccount

      @Nullable @Nullable String getTechnicalAccount()
      Return the TechnicalAccount, configured for the AccessTokenProvider. This is not required by the OAuth Server-to-Server flow, but can be stored for backward compatibility
      Returns:

    • getOrgId

      @Nullable @Nullable String getOrgId()
      Return the orgId, configured for the AccessTokenProvider. This is optional in the OAuth Server-to-Server flow, but can be stored for backward compatibility
      Returns:

    • getKeyPairAlias

      @Nullable @Nullable String getKeyPairAlias()
      Return the KeyPairAlias, configured for the AccessTokenProvider. This is not required by the OAuth Server-to-Server flow, but can be stored for backward compatibility
      Returns: