Class ImplicitGrant
- java.lang.Object
-
- io.jans.as.server.model.common.AbstractAuthorizationGrant
-
- io.jans.as.server.model.common.AuthorizationGrant
-
- io.jans.as.server.model.common.ImplicitGrant
-
- All Implemented Interfaces:
IAuthorizationGrant
public class ImplicitGrant extends AuthorizationGrant
The implicit grant is a simplified authorization code flow optimized for clients implemented in a browser using a scripting language such as JavaScript. In the implicit flow, instead of issuing the client an authorization code, the client is issued an access token directly (as the result of the resource owner authorization). The grant type is implicit as no intermediate credentials (such as an authorization code) are issued (and later used to obtain an access token).
When issuing an implicit grant, the authorization server does not authenticate the client. In some cases, the client identity can be verified via the redirection URI used to deliver the access token to the client. The access token may be exposed to the resource owner or other applications with access to the resource owner's user-agent.
Implicit grants improve the responsiveness and efficiency of some clients (such as a client implemented as an in-browser application) since it reduces the number of round trips required to obtain an access token. However, this convenience should be weighed against the security implications of using implicit grants, especially when the authorization code grant type is available.
- Version:
- September 30, 2021
- Author:
- Javier Rojas Blum, Yuriy Movchan
-
-
Field Summary
-
Fields inherited from class io.jans.as.server.model.common.AbstractAuthorizationGrant
accessTokens, appConfiguration, refreshTokens, scopeChecker
-
-
Constructor Summary
Constructors Constructor Description ImplicitGrant()
ImplicitGrant(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
Constructs an implicit grant.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description RefreshToken
createRefreshToken(ExecutionContext executionContext)
The authorization server MUST NOT issue a refresh token.io.jans.as.model.common.GrantType
getGrantType()
void
init(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
-
Methods inherited from class io.jans.as.server.model.common.AuthorizationGrant
asToken, asToken, asToken, asToken, asTokenEntity, checkExpiredTokens, checkScopesPolicy, createAccessToken, createAccessTokenAsJwt, createIdToken, createRefreshToken, createRefreshToken, getScopesAsString, getSub, init, isCachedWithNoPersistence, isImplicitFlow, persist, persist, revokeAllTokens, save, setIsCachedWithNoPersistence
-
Methods inherited from class io.jans.as.server.model.common.AbstractAuthorizationGrant
getAccessToken, getAccessTokenLifetimeInSeconds, getAccessTokens, getAccessTokensCodes, getAcrValues, getAuthenticationTime, getAuthorizationCode, getAuthorizationGrantType, getAuthzDetails, getAuthzDetailsAsString, getClaims, getClient, getClientDn, getClientId, getCodeChallenge, getCodeChallengeMethod, getDpopJkt, getGrantId, getIdToken, getJwtAuthorizationRequest, getLongLivedAccessToken, getNonce, getRefreshToken, getRefreshTokens, getRefreshTokensCodes, getScopes, getSessionDn, getTokenBindingHash, getTokenEntity, getUser, getUserDn, getUserId, getX5ts256, setAccessTokens, setAcrValues, setAuthenticationTime, setAuthorizationCode, setAuthzDetails, setClaims, setCodeChallenge, setCodeChallengeMethod, setDpopJkt, setGrantId, setIdToken, setJwtAuthorizationRequest, setLongLivedAccessToken, setNonce, setRefreshTokens, setScopes, setSessionDn, setTokenBindingHash, setTokenEntity, setX5ts256, toString
-
-
-
-
Constructor Detail
-
ImplicitGrant
public ImplicitGrant()
-
ImplicitGrant
public ImplicitGrant(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
Constructs an implicit grant.- Parameters:
user
- The resource owner.client
- An application making protected resource requests on behalf of the resource owner and with its authorization.authenticationTime
- The Claim Value is the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time that the End-User authentication occurred.
-
-
Method Detail
-
getGrantType
public io.jans.as.model.common.GrantType getGrantType()
-
init
public void init(io.jans.as.common.model.common.User user, io.jans.as.common.model.registration.Client client, Date authenticationTime)
-
createRefreshToken
public RefreshToken createRefreshToken(ExecutionContext executionContext)
The authorization server MUST NOT issue a refresh token.- Specified by:
createRefreshToken
in interfaceIAuthorizationGrant
- Overrides:
createRefreshToken
in classAuthorizationGrant
-
-