Package org.forgerock.http.oauth2.resolver

Class OpenAmAccessTokenResolver

java.lang.Object

org.forgerock.http.oauth2.resolver.OpenAmAccessTokenResolver

All Implemented Interfaces:

AccessTokenResolver

public class OpenAmAccessTokenResolver
extends Object
implements AccessTokenResolver

An OpenAmAccessTokenResolver knows how to resolve a given token identifier against an OpenAm instance.

Models an AccessTokenInfo as returned by the OpenAM tokeninfo endpoint.

     
     curl https://openam.example.com:8443/openam/oauth2/tokeninfo?access_token=70e5776c-b0fa-4c70-9962-defb0e9c3cd6
     
 

Example of OpenAM returned Json value (for the previous request):

     
     {
         "scope": [
             "email",
             "profile"
         ],
         "grant_type": "password",
         "realm": "/",
         "token_type": "Bearer",
         "expires_in": 471,
         "access_token": "70e5776c-b0fa-4c70-9962-defb0e9c3cd6",
         "email": "",
         "profile": ""
     }
     
 

Constructor Summary

Constructors

Constructor	Description
OpenAmAccessTokenResolver(org.forgerock.http.Handler client, org.forgerock.util.time.TimeService time, String tokenInfoEndpoint)	Creates a new OpenAmAccessTokenResolver configured to access the given /oauth2/tokeninfo OpenAm endpoint.

Method Summary

Modifier and Type	Method	Description
org.forgerock.util.promise.Promise<AccessTokenInfo,AccessTokenException>	resolve(org.forgerock.services.context.Context context, String token)	Resolves a given access token against an authorization server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenAmAccessTokenResolver

public OpenAmAccessTokenResolver(org.forgerock.http.Handler client,
                                 org.forgerock.util.time.TimeService time,
                                 String tokenInfoEndpoint)

Creates a new OpenAmAccessTokenResolver configured to access the given /oauth2/tokeninfo OpenAm endpoint.

Parameters:

client - Http client handler used to perform the request

time - Time service used to compute the token expiration time

tokenInfoEndpoint - full URL of the /oauth2/tokeninfo endpoint

Method Detail

resolve

public org.forgerock.util.promise.Promise<AccessTokenInfo,AccessTokenException> resolve(org.forgerock.services.context.Context context,
                                                                                              String token)

Description copied from interface: AccessTokenResolver

Resolves a given access token against an authorization server.

Specified by:

resolve in interface AccessTokenResolver

Parameters:

context - Context chain used to keep a relationship between requests (tracking)

token - token identifier to be resolved

Returns:

a promise completed either with a valid AccessTokenInfo (well-formed, known by the server), or by an exception