Package com.sap.cloud.security.xsuaa.client

Interface OAuth2TokenService

All Known Implementing Classes:
AbstractOAuth2TokenService, DefaultOAuth2TokenService, XsuaaOAuth2TokenService
public interface OAuth2TokenService
Retrieves OAuth2 Access Tokens as documented on Cloud Foundry UAA.
Note that the XSUAA API might differ slightly from these specs which is why not all parameters from the Cloud Foundry UAA documentation are configurable via this library.

  • Method Details

    • retrieveAccessTokenViaClientCredentialsGrant

      OAuth2TokenResponse retrieveAccessTokenViaClientCredentialsGrant(@Nonnull URI tokenEndpointUri, @Nonnull ClientIdentity clientIdentity, @Nullable String zoneId, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Requests access token from OAuth Server with client credentials.
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      zoneId - Zone identifier - tenant discriminator
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken.
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaRefreshToken

      OAuth2TokenResponse retrieveAccessTokenViaRefreshToken(URI tokenEndpointUri, ClientIdentity clientIdentity, String refreshToken, @Nullable String subdomain, boolean disableCacheForRequest) throws OAuth2ServiceException
      Requests access token from OAuth Server with refresh-token.
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      refreshToken - the refresh token that was returned along with the access token {link #OAuth2AccessToken}.
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaPasswordGrant

      OAuth2TokenResponse retrieveAccessTokenViaPasswordGrant(URI tokenEndpointUri, ClientIdentity clientIdentity, String username, String password, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Requests access token from OAuth Server with user / password.
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      username - the username for the user trying to get a token
      password - the password for the user trying to get a token
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaJwtBearerTokenGrant

      OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI tokenEndpointUri, ClientIdentity clientIdentity, String token, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      token - the JWT token identifying representing the user to be authenticated
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaJwtBearerTokenGrant

      OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI tokenEndpointUri, ClientIdentity clientIdentity, @Nonnull String token, @Nullable Map<String,String> optionalParameters, boolean disableCache, @Nonnull String xZid) throws OAuth2ServiceException
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      token - the JWT token identifying representing the user to be authenticated
      optionalParameters - optional request parameters, can be null.
      disableCache - setting to true disables the token cache for this request.
      xZid - zone id of the tenant
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.