Interface OAuthBearerToken
@Evolving public interface OAuthBearerToken
b64token
value as defined in
RFC 6750 Section
2.1 along with the token's specific scope and lifetime and principal
name.
A network request would be required to re-hydrate an opaque token, and that
could result in (for example) an IOException
, but retrievers for
various attributes (scope()
, lifetimeMs()
, etc.) declare no
exceptions. Therefore, if a network request is required for any of these
retriever methods, that request could be performed at construction time so
that the various attributes can be reliably provided thereafter. For example,
a constructor might declare throws IOException
in such a case.
Alternatively, the retrievers could throw unchecked exceptions.
This interface was introduced in 2.0.0 and, while it feels stable, it could
evolve. We will try to evolve the API in a compatible manner (easier now that
Java 7 and its lack of default methods doesn't have to be supported), but we
reserve the right to make breaking changes in minor releases, if necessary.
We will update the InterfaceStability
annotation and this notice once
the API is considered stable.
- See Also:
- RFC 6749 Section 1.4 and RFC 6750 Section 2.1
-
Method Summary
Modifier and Type Method Description long
lifetimeMs()
The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4String
principalName()
The name of the principal to which this credential appliesSet<String>
scope()
The token's scope of access, as per RFC 6749 Section 1.4Long
startTimeMs()
When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null.String
value()
Theb64token
value as defined in RFC 6750 Section 2.1
-
Method Details
-
value
String value()Theb64token
value as defined in RFC 6750 Section 2.1- Returns:
b64token
value as defined in RFC 6750 Section 2.1
-
scope
The token's scope of access, as per RFC 6749 Section 1.4- Returns:
- the token's (always non-null but potentially empty) scope of access, as per RFC 6749 Section 1.4. Note that all values in the returned set will be trimmed of preceding and trailing whitespace, and the result will never contain the empty string.
-
lifetimeMs
long lifetimeMs()The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4- Returns:
- the token'slifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4.
-
principalName
String principalName()The name of the principal to which this credential applies- Returns:
- the always non-null/non-empty principal name
-
startTimeMs
Long startTimeMs()When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null. An expiring credential may not necessarily indicate when it was created -- just when it expires -- so we need to support a null return value here.- Returns:
- the time when the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null
-