Class RefreshToken

  • All Implemented Interfaces:
    io.jans.orm.model.base.Deletable, Serializable

    public class RefreshToken
    extends AbstractToken

    Authorization servers MAY issue refresh tokens to web application clients and native application clients.

    Refresh tokens MUST be kept confidential in transit and storage, and shared only among the authorization server and the client to whom the refresh tokens were issued.

    The authorization server MUST maintain the binding between a refresh token and the client to whom it was issued. The authorization server MUST verify the binding between the refresh token and client identity whenever the client identity can be authenticated. When client authentication is not possible, the authorization server SHOULD deploy other means to detect refresh token abuse.

    For example, the authorization server could employ refresh token rotation in which a new refresh token is issued with every access token refresh response. The previous refresh token is invalidated but retained by the authorization server. If a refresh token is compromised and subsequently used by both the attacker and the legitimate client, one of them will present an invalidated refresh token which will inform the authorization server of the breach.

    The authorization server MUST ensure that refresh tokens cannot be generated, modified, or guessed to produce valid refresh tokens by unauthorized parties.

    Author:
    Javier Rojas Date: 09.29.2011
    See Also:
    Serialized Form
    • Constructor Detail

      • RefreshToken

        public RefreshToken​(int lifeTime)

        Constructs a refresh token.

        When created, a token is valid for a given lifetime, and after this period of time, it will be marked as expired automatically by a background process.

        When required, the token can be marked as revoked.

        Parameters:
        lifeTime - The life time of the token.
      • RefreshToken

        public RefreshToken​(String code,
                            Date creationDate,
                            Date expirationDate)