Package com.sap.cloud.security.xsuaa.tokenflows

Class UserTokenFlow

  • public class UserTokenFlow
extends Object
    A user token flow builder class.
    Applications retrieve an instance of this builder from XsuaaTokenFlows and then create the flow request using a builder pattern.

    • Method Detail

      • token

        public UserTokenFlow token​(String encodedToken)
        Sets the JWT token that should be exchanged for another JWT token.
        Parameters:
        encodedToken - - the JWT token.
        Returns:
        this builder object.

      • token

        public UserTokenFlow token​(Token token)
        Sets the JWT token that should be exchanged for another JWT token.
        Parameters:
        token - - decoded JWT token.
        Returns:
        this builder object.

      • attributes

        public UserTokenFlow attributes​(Map<String,​String> additionalAuthorizationAttributes)
        Adds additional authorization attributes to the request.
        Clients can use this to request additional attributes in the 'az_attr' claim of the returned token.
        Parameters:
        additionalAuthorizationAttributes - - the additional attributes.
        Returns:
        this builder.

      • subdomain

        public UserTokenFlow subdomain​(String subdomain)
        Sets the subdomain (tenant) the token is requested for.
        Parameters:
        subdomain - - the subdomain.
        Returns:
        this builder.

      • scopes

        public UserTokenFlow scopes​(@Nonnull
                            String... scopes)
        Sets the scope attribute for the token request. This will restrict the scope of the created token to the scopes provided. By default the scope is not restricted and the created token contains all granted scopes. If you specify a scope that is not authorized for the user, the token request will fail.
        Parameters:
        scopes - - one or many scopes as string.
        Returns:
        this builder.

      • disableCache

        public UserTokenFlow disableCache​(boolean disableCache)
        Can be used to disable the cache for the flow.
        Parameters:
        disableCache - - disables cache when set to true.
        Returns:
        this builder.

      • execute

        public OAuth2TokenResponse execute()
                            throws TokenFlowException
        Executes this flow against the XSUAA endpoint. As a result the exchanged JWT token is returned.
        Note, that in a standard flow, only the refresh token would be returned.
        Returns:
        the JWT instance returned by XSUAA.
        Throws:
        IllegalStateException - - in case not all mandatory fields of the token flow request have been set.
        TokenFlowException - - in case of an error during the flow, or when the token cannot be refreshed.