Class AccessToken

  • All Implemented Interfaces:
    java.io.Serializable, org.gluu.persist.model.base.Deletable

    public class AccessToken
    extends AbstractToken

    Access token (as well as any access token type-specific attributes) MUST be kept confidential in transit and storage, and only shared among the authorization server, the resource servers the access token is valid for, and the client to whom the access token is issued.

    When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties.

    The authorization server MUST ensure that access tokens cannot be generated, modified, or guessed to produce valid access tokens by unauthorized parties.

    The client SHOULD request access tokens with the minimal scope and lifetime necessary. The authorization server SHOULD take the client identity into account when choosing how to honor the requested scope and lifetime, and MAY issue an access token with a less rights than requested.

    Author:
    Javier Rojas Blum Date: 09.29.2011
    See Also:
    Serialized Form
    • Constructor Detail

      • AccessToken

        public AccessToken​(int lifeTime)

        Constructs an access token.

        When created, a token is valid for a given lifetime, and after this period of time, it will be marked as expired automatically by a background process.

        When required, the token can be marked as revoked.

        Parameters:
        lifeTime - The life time of the token.
      • AccessToken

        public AccessToken​(java.lang.String tokenCode,
                           java.util.Date creationDate,
                           java.util.Date expirationDate)
    • Method Detail

      • getTokenType

        public TokenType getTokenType()
        Returns the TokenType.
        Returns:
        The token type.