Package com.sap.cloud.security.xsuaa.tokenflows

Class JwtBearerTokenFlow

java.lang.Object
com.sap.cloud.security.xsuaa.tokenflows.JwtBearerTokenFlow
public class JwtBearerTokenFlow extends Object
A JWT bearer token flow builder.
Applications can use this flow to exchange a given user token for a new JWT token.

  • Constructor Details

  • Method Details

    • token

      public JwtBearerTokenFlow token(@Nonnull String bearerToken)
      Sets the bearer token that should be exchanged for another JWT token.
      Parameters:
      bearerToken - - the bearer token.
      Returns:
      this builder.

    • token

      public JwtBearerTokenFlow token(@Nonnull Token token)
      Sets the JWT token that should be exchanged for another JWT token. This setter also extracts the zid(zone id) claim from the token and sets it in the X-zid header, therefore zoneId(String)} is not required to be used.
      Parameters:
      token - - the Token.
      Returns:
      this builder.

    • zoneId

      public JwtBearerTokenFlow zoneId(String zoneId)
      Sets the zid(zone id) of the tenant
      Parameters:
      zoneId - - the zoneId.
      Returns:
      this builder.

    • scopes

      public JwtBearerTokenFlow scopes(@Nonnull String... scopes)
      Sets the scope attribute for the token request. This will restrict the scope of the created token to the scopes provided. By default the scope is not restricted and the created token contains all granted scopes.

      If you specify a scope that is not authorized for the user, the token request will fail.

      Parameters:
      scopes - - one or many scopes as string.
      Returns:
      this builder.

    • subdomain

      public JwtBearerTokenFlow subdomain(String subdomain)
      Set the Subdomain the token is requested for.
      Parameters:
      subdomain - - the subdomain.
      Returns:
      this builder.

    • attributes

      public JwtBearerTokenFlow attributes(Map<String,String> additionalAuthorizationAttributes)
      Adds additional authorization attributes to the request.
      Clients can use this to request additional attributes in the 'az_attr' claim of the returned token.
      Parameters:
      additionalAuthorizationAttributes - - the additional attributes.
      Returns:
      this builder.

    • disableCache

      public JwtBearerTokenFlow disableCache(boolean disableCache)
      Can be used to disable the cache for the flow.
      Parameters:
      disableCache - - disables cache when set to true.
      Returns:
      this builder.

    • setOpaqueTokenFormat

      public JwtBearerTokenFlow setOpaqueTokenFormat(boolean opaque)
      Can be used to change the format of the returned token.
      Parameters:
      opaque - enables opaque token format when set to true.
      Returns:
      this builder.

    • execute

      public OAuth2TokenResponse execute() throws TokenFlowException
      Executes this flow against the XSUAA endpoint. As a result the exchanged JWT token is returned.
      Returns:
      the JWT instance returned by XSUAA.
      Throws:
      IllegalStateException - - in case not all mandatory fields of the token flow request have been set.
      TokenFlowException - - in case of an error during the flow, or when the token cannot be obtained.