AuthorizationCode (Jans authentication server 1.0.11-SNAPSHOT API)

java.lang.Object
- io.jans.as.server.model.common.AbstractToken
- - io.jans.as.server.model.common.AuthorizationCode

All Implemented Interfaces:

io.jans.orm.model.base.Deletable, java.io.Serializable
```
public class AuthorizationCode
extends AbstractToken
```
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user- agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.

Before directing the resource owner back to the client with the authorization code, the authorization server authenticates the resource owner and obtains authorization. Because the resource owner only authenticates with the authorization server, the resource owner's credentials are never shared with the client.

The authorization code provides a few important security benefits such as the ability to authenticate the client, and the transmission of the access token directly to the client without passing it through the resource owner's user-agent, potentially exposing it to others, including the resource owner.

Author:

Javier Rojas Blum Date: 09.29.2011

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor	Description
`AuthorizationCode(int lifeTime)`	Constructs an authorization code.
`AuthorizationCode(java.lang.String code, java.util.Date creationDate, java.util.Date expirationDate)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`boolean`	`isUsed()`	Returns whether an authorization code has been used.
`boolean`	`isValid()`	Checks whether a token is valid.
`void`	`setUsed(boolean used)`	Sets the flag to indicate whether a token has been used.

Methods inherited from class io.jans.as.server.model.common.AbstractToken
checkExpired, checkExpired, getCode, getCreationDate, getDpop, getExpirationDate, getExpiresIn, getHash, getSessionDn, getTtl, getX5ts256, isDeletable, isExpired, isRevoked, resetTtlFromExpirationDate, setCode, setCreationDate, setDeletable, setDpop, setExpirationDate, setExpired, setRevoked, setSessionDn, setX5ts256

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthorizationCode
```
public AuthorizationCode(int lifeTime)
```
    Constructs an authorization code.
    
    When created, a token is valid for a given lifetime, and after this period of time, it will be marked as expired automatically by a background process.
    
    When required, the token can be marked as revoked.
    
    Parameters:
    
    lifeTime - The life time of the token.
  - AuthorizationCode
```
public AuthorizationCode(java.lang.String code,
                         java.util.Date creationDate,
                         java.util.Date expirationDate)
```
- Method Detail
  - isValid
```
public boolean isValid()
```
    Checks whether a token is valid. An authorization code is valid if it has not been used before, not revoked and not expired.
    
    Overrides:
    
    isValid in class AbstractToken
    
    Returns:
    
    Returns true if the token is valid.
  - isUsed
```
public boolean isUsed()
```
    Returns whether an authorization code has been used.
    
    Returns:
    
    true if the authorization code has been used.
  - setUsed
```
public void setUsed(boolean used)
```
    Sets the flag to indicate whether a token has been used. The authorization code must be used only once and after it must be marked as used.
    
    Parameters:
    
    used - Used or not.