Interface OAuthBearerToken
-
@Evolving public interface OAuthBearerToken
Theb64token
value as defined in RFC 6750 Section 2.1 along with the token's specific scope and lifetime and principal name.A network request would be required to re-hydrate an opaque token, and that could result in (for example) an
IOException
, but retrievers for various attributes (scope()
,lifetimeMs()
, etc.) declare no exceptions. Therefore, if a network request is required for any of these retriever methods, that request could be performed at construction time so that the various attributes can be reliably provided thereafter. For example, a constructor might declarethrows IOException
in such a case. Alternatively, the retrievers could throw unchecked exceptions.This interface was introduced in 2.0.0 and, while it feels stable, it could evolve. We will try to evolve the API in a compatible manner (easier now that Java 7 and its lack of default methods doesn't have to be supported), but we reserve the right to make breaking changes in minor releases, if necessary. We will update the
InterfaceStability
annotation and this notice once the API is considered stable.- See Also:
- RFC 6749 Section 1.4 and RFC 6750 Section 2.1
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description long
lifetimeMs()
The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4String
principalName()
The name of the principal to which this credential appliesSet<String>
scope()
The token's scope of access, as per RFC 6749 Section 1.4Long
startTimeMs()
When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null.String
value()
Theb64token
value as defined in RFC 6750 Section 2.1
-
-
-
Method Detail
-
value
String value()
Theb64token
value as defined in RFC 6750 Section 2.1- Returns:
b64token
value as defined in RFC 6750 Section 2.1
-
scope
Set<String> scope()
The token's scope of access, as per RFC 6749 Section 1.4- Returns:
- the token's (always non-null but potentially empty) scope of access, as per RFC 6749 Section 1.4. Note that all values in the returned set will be trimmed of preceding and trailing whitespace, and the result will never contain the empty string.
-
lifetimeMs
long lifetimeMs()
The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4- Returns:
- the token'slifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4.
-
principalName
String principalName()
The name of the principal to which this credential applies- Returns:
- the always non-null/non-empty principal name
-
startTimeMs
Long startTimeMs()
When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null. An expiring credential may not necessarily indicate when it was created -- just when it expires -- so we need to support a null return value here.- Returns:
- the time when the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null
-
-