Class AccessToken
- java.lang.Object
-
- org.gluu.oxauth.model.common.AbstractToken
-
- org.gluu.oxauth.model.common.AccessToken
-
- All Implemented Interfaces:
java.io.Serializable
,org.gluu.persist.model.base.Deletable
public class AccessToken extends AbstractToken
Access token (as well as any access token type-specific attributes) MUST be kept confidential in transit and storage, and only shared among the authorization server, the resource servers the access token is valid for, and the client to whom the access token is issued.
When using the implicit grant type, the access token is transmitted in the URI fragment, which can expose it to unauthorized parties.
The authorization server MUST ensure that access tokens cannot be generated, modified, or guessed to produce valid access tokens by unauthorized parties.
The client SHOULD request access tokens with the minimal scope and lifetime necessary. The authorization server SHOULD take the client identity into account when choosing how to honor the requested scope and lifetime, and MAY issue an access token with a less rights than requested.
- Author:
- Javier Rojas Blum Date: 09.29.2011
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description AccessToken(int lifeTime)
Constructs an access token.AccessToken(java.lang.String tokenCode, java.util.Date creationDate, java.util.Date expirationDate)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description TokenType
getTokenType()
Returns theTokenType
.-
Methods inherited from class org.gluu.oxauth.model.common.AbstractToken
checkExpired, checkExpired, getAuthMode, getCode, getCreationDate, getExpirationDate, getExpiresIn, getHash, getSessionDn, getTtl, getX5ts256, isDeletable, isExpired, isRevoked, isValid, resetTtlFromExpirationDate, setAuthMode, setCode, setCreationDate, setDeletable, setExpirationDate, setExpired, setRevoked, setSessionDn, setX5ts256
-
-
-
-
Constructor Detail
-
AccessToken
public AccessToken(int lifeTime)
Constructs an access token.
When created, a token is valid for a given lifetime, and after this period of time, it will be marked as expired automatically by a background process.
When required, the token can be marked as revoked.
- Parameters:
lifeTime
- The life time of the token.
-
AccessToken
public AccessToken(java.lang.String tokenCode, java.util.Date creationDate, java.util.Date expirationDate)
-
-