com.sap.cloud.security.xsuaa.tokenflows

Class UserTokenFlow

java.lang.Object

com.sap.cloud.security.xsuaa.tokenflows.UserTokenFlow

public class UserTokenFlow
extends Object

A user token flow builder class.
Applications retrieve an instance of this builder from XsuaaTokenFlows and then create the flow request using a builder pattern.

Method Summary

Modifier and Type	Method and Description
UserTokenFlow	attributes(Map<String,String> additionalAuthorizationAttributes) Adds additional authorization attributes to the request.
UserTokenFlow	disableCache(boolean disableCache) Can be used to disable the cache for the flow.
OAuth2TokenResponse	execute() Executes this flow against the XSUAA endpoint.
UserTokenFlow	scopes(String... scopes) Sets the scope attribute for the token request.
UserTokenFlow	subdomain(String subdomain) Sets the subdomain (tenant) the token is requested for.
UserTokenFlow	token(String encodedToken) Sets the JWT token that should be exchanged for another JWT token.
UserTokenFlow	token(Token token) Sets the JWT token that should be exchanged for another JWT token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

token

public UserTokenFlow token(String encodedToken)

Sets the JWT token that should be exchanged for another JWT token.

Parameters:

encodedToken - - the JWT token.

Returns:

this builder object.

token

public UserTokenFlow token(Token token)

Sets the JWT token that should be exchanged for another JWT token.

Parameters:

token - - decoded JWT token.

Returns:

this builder object.

attributes

public UserTokenFlow attributes(Map<String,String> additionalAuthorizationAttributes)

Adds additional authorization attributes to the request.
Clients can use this to request additional attributes in the 'az_attr' claim of the returned token.

Parameters:

additionalAuthorizationAttributes - - the additional attributes.

Returns:

this builder.

subdomain

public UserTokenFlow subdomain(String subdomain)

Sets the subdomain (tenant) the token is requested for.

Parameters:

subdomain - - the subdomain.

Returns:

this builder.

scopes

public UserTokenFlow scopes(@Nonnull
                            String... scopes)

Sets the scope attribute for the token request. This will restrict the scope of the created token to the scopes provided. By default the scope is not restricted and the created token contains all granted scopes. If you specify a scope that is not authorized for the user, the token request will fail.

Parameters:

scopes - - one or many scopes as string.

Returns:

this builder.

disableCache

public UserTokenFlow disableCache(boolean disableCache)

Can be used to disable the cache for the flow.

Parameters:

disableCache - - disables cache when set to true.

Returns:

this builder.

execute

public OAuth2TokenResponse execute()
                            throws TokenFlowException

Executes this flow against the XSUAA endpoint. As a result the exchanged JWT token is returned.
Note, that in a standard flow, only the refresh token would be returned.

Returns:

the JWT instance returned by XSUAA.

Throws:

IllegalStateException - - in case not all mandatory fields of the token flow request have been set.

TokenFlowException - - in case of an error during the flow, or when the token cannot be refreshed.