Interface OAuthBearerToken


  • @Evolving
    public interface OAuthBearerToken
    The b64token value as defined in RFC 6750 Section 2.1 along with the token's specific scope and lifetime and principal name.

    A network request would be required to re-hydrate an opaque token, and that could result in (for example) an IOException, but retrievers for various attributes (scope(), lifetimeMs(), etc.) declare no exceptions. Therefore, if a network request is required for any of these retriever methods, that request could be performed at construction time so that the various attributes can be reliably provided thereafter. For example, a constructor might declare throws IOException in such a case. Alternatively, the retrievers could throw unchecked exceptions.

    This interface was introduced in 2.0.0 and, while it feels stable, it could evolve. We will try to evolve the API in a compatible manner (easier now that Java 7 and its lack of default methods doesn't have to be supported), but we reserve the right to make breaking changes in minor releases, if necessary. We will update the InterfaceStability annotation and this notice once the API is considered stable.

    See Also:
    RFC 6749 Section 1.4 and RFC 6750 Section 2.1
    • Method Detail

      • scope

        Set<String> scope()
        The token's scope of access, as per RFC 6749 Section 1.4
        Returns:
        the token's (always non-null but potentially empty) scope of access, as per RFC 6749 Section 1.4. Note that all values in the returned set will be trimmed of preceding and trailing whitespace, and the result will never contain the empty string.
      • lifetimeMs

        long lifetimeMs()
        The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4
        Returns:
        the token'slifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4.
      • principalName

        String principalName()
        The name of the principal to which this credential applies
        Returns:
        the always non-null/non-empty principal name
      • startTimeMs

        Long startTimeMs()
        When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null. An expiring credential may not necessarily indicate when it was created -- just when it expires -- so we need to support a null return value here.
        Returns:
        the time when the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null