Class AuthorizationCodeGrant
- java.lang.Object
-
- io.jans.as.server.model.common.AbstractAuthorizationGrant
-
- io.jans.as.server.model.common.AuthorizationGrant
-
- io.jans.as.server.model.common.AuthorizationCodeGrant
-
- All Implemented Interfaces:
IAuthorizationGrant
public class AuthorizationCodeGrant extends AuthorizationGrant
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user- agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.
Before directing the resource owner back to the client with the authorization code, the authorization server authenticates the resource owner and obtains authorization. Because the resource owner only authenticates with the authorization server, the resource owner's credentials are never shared with the client.
The authorization code provides a few important security benefits such as the ability to authenticate the client, and the transmission of the access token directly to the client without passing it through the resource owner's user-agent, potentially exposing it to others, including the resource owner.
- Author:
- Javier Rojas Blum Date: 09.29.2011, Yuriy Movchan
-
-
Field Summary
-
Fields inherited from class io.jans.as.server.model.common.AbstractAuthorizationGrant
accessTokens, appConfiguration, refreshTokens, scopeChecker, txTokens
-
-
Constructor Summary
Constructors Constructor Description AuthorizationCodeGrant()
AuthorizationCodeGrant(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
Constructs and authorization code grant.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkExpiredTokens()
Checks all tokens for expiration.io.jans.as.model.common.GrantType
getGrantType()
void
init(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
void
revokeAllTokens()
Revokes all the issued tokens.-
Methods inherited from class io.jans.as.server.model.common.AuthorizationGrant
asToken, asToken, asToken, asToken, asToken, asTokenEntity, checkScopesPolicy, createAccessToken, createAccessTokenAsJwt, createIdToken, createRefreshToken, createRefreshToken, createRefreshToken, getScopesAsString, getSub, init, isCachedWithNoPersistence, isImplicitFlow, persist, persist, save, setIsCachedWithNoPersistence
-
Methods inherited from class io.jans.as.server.model.common.AbstractAuthorizationGrant
getAccessToken, getAccessTokenLifetimeInSeconds, getAccessTokens, getAccessTokensCodes, getAcrValues, getAuthenticationTime, getAuthorizationCode, getAuthorizationGrantType, getAuthzDetails, getAuthzDetailsAsString, getClaims, getClient, getClientDn, getClientId, getCodeChallenge, getCodeChallengeMethod, getDpopJkt, getGrantId, getIdToken, getJwtAuthorizationRequest, getLongLivedAccessToken, getNonce, getRefreshToken, getRefreshTokens, getRefreshTokensCodes, getScopes, getSessionDn, getTokenBindingHash, getTokenEntity, getTxToken, getTxTokens, getUser, getUserDn, getUserId, getX5ts256, setAccessTokens, setAcrValues, setAuthenticationTime, setAuthorizationCode, setAuthzDetails, setClaims, setCodeChallenge, setCodeChallengeMethod, setDpopJkt, setGrantId, setIdToken, setJwtAuthorizationRequest, setLongLivedAccessToken, setNonce, setRefreshTokens, setScopes, setSessionDn, setTokenBindingHash, setTokenEntity, setTxTokens, setX5ts256, toString
-
-
-
-
Constructor Detail
-
AuthorizationCodeGrant
public AuthorizationCodeGrant()
-
AuthorizationCodeGrant
public AuthorizationCodeGrant(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
Constructs and authorization code grant.- Parameters:
user
- The resource owner.client
- An application making protected resource requests on behalf of the resource owner and with its authorization.authenticationTime
- The Claim Value is the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time that the End-User authentication occurred.
-
-
Method Detail
-
init
public void init(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
-
getGrantType
public io.jans.as.model.common.GrantType getGrantType()
-
revokeAllTokens
public void revokeAllTokens()
Revokes all the issued tokens.- Specified by:
revokeAllTokens
in interfaceIAuthorizationGrant
- Overrides:
revokeAllTokens
in classAuthorizationGrant
-
checkExpiredTokens
public void checkExpiredTokens()
Checks all tokens for expiration. Each token will check itself and mark as expired when needed.- Specified by:
checkExpiredTokens
in interfaceIAuthorizationGrant
- Overrides:
checkExpiredTokens
in classAuthorizationGrant
-
-