com.sap.cloud.security.xsuaa.tokenflows

Class ClientCredentialsTokenFlow

java.lang.Object

com.sap.cloud.security.xsuaa.tokenflows.ClientCredentialsTokenFlow

public class ClientCredentialsTokenFlow
extends Object

A client credentials flow builder class. Applications retrieve an instance of this builder from XsuaaTokenFlows and then create the flow request using a builder pattern.

Method Summary

Modifier and Type	Method and Description
ClientCredentialsTokenFlow	attributes(Map<String,String> additionalAuthorizationAttributes) Adds additional authorization attributes to the request.
ClientCredentialsTokenFlow	disableCache(boolean disableCache) Can be used to disable the cache for the flow.
OAuth2TokenResponse	execute() Executes the token flow and returns a JWT token from XSUAA.
ClientCredentialsTokenFlow	scopes(String... scopes) Sets the scope attribute for the token request.
ClientCredentialsTokenFlow	subdomain(String subdomain) Sets the subdomain (tenant) the token is requested for.
ClientCredentialsTokenFlow	zoneId(String zoneId) Sets the zone Id of the tenant

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

attributes

public ClientCredentialsTokenFlow attributes(Map<String,String> additionalAuthorizationAttributes)

Adds additional authorization attributes to the request.
Clients can use this to request additional attributes in the 'az_attr' claim of the returned token.

Parameters:

additionalAuthorizationAttributes - - the additional attributes.

Returns:

this builder.

subdomain

public ClientCredentialsTokenFlow subdomain(String subdomain)

Sets the subdomain (tenant) the token is requested for.

Parameters:

subdomain - - the subdomain.

Returns:

this builder.

zoneId

public ClientCredentialsTokenFlow zoneId(String zoneId)

Sets the zone Id of the tenant

Parameters:

zoneId - - the zoneId.

Returns:

this builder.

scopes

public ClientCredentialsTokenFlow scopes(@Nonnull
                                         String... scopes)

Sets the scope attribute for the token request. This will restrict the scope of the created token to the scopes provided. By default the scope is not restricted and the created token contains all granted scopes. If you specify a scope that is not authorized for the client, the token request will fail.

Parameters:

scopes - - one or many scopes as string.

Returns:

this builder.

disableCache

public ClientCredentialsTokenFlow disableCache(boolean disableCache)

Can be used to disable the cache for the flow.

Parameters:

disableCache - - disables cache when set to true.

Returns:

this builder.

execute

public OAuth2TokenResponse execute()
                            throws IllegalArgumentException,
                                   TokenFlowException

Executes the token flow and returns a JWT token from XSUAA.

Returns:

the encoded OAuth access token returned by XSUAA.

Throws:

IllegalArgumentException - - in case not all mandatory fields of the token flow request have been set.

TokenFlowException - - in case of an error during the flow, or when the token cannot be refreshed.