Package org.apache.kafka.common.security.oauthbearer.secured

Class BasicOAuthBearerToken

java.lang.Object
org.apache.kafka.common.security.oauthbearer.secured.BasicOAuthBearerToken
All Implemented Interfaces:
OAuthBearerToken
public class BasicOAuthBearerToken extends Object implements OAuthBearerToken
An implementation of the OAuthBearerToken that fairly straightforwardly stores the values given to its constructor (except the scope set which is copied to avoid modifications). Very little validation is applied here with respect to the validity of the given values. All validation is assumed to happen by users of this class.
See Also:

  • Constructor Details

    • BasicOAuthBearerToken

      public BasicOAuthBearerToken(String token, Set<String> scopes, long lifetimeMs, String principalName, Long startTimeMs)
      Creates a new OAuthBearerToken instance around the given values.
      Parameters:
      token - Value containing the compact serialization as a base 64 string that can be parsed, decoded, and validated as a well-formed JWS. Must be non-null, non-blank, and non-whitespace only.
      scopes - Set of non-null scopes. May contain case-sensitive "duplicates". The given set is copied and made unmodifiable so neither the caller of this constructor nor any downstream users can modify it.
      lifetimeMs - The token's lifetime, expressed as the number of milliseconds since the epoch. Must be non-negative.
      principalName - The name of the principal to which this credential applies. Must be non-null, non-blank, and non-whitespace only.
      startTimeMs - The token's start time, expressed as the number of milliseconds since the epoch, if available, otherwise null. Must be non-negative if a non-null value is provided.

  • Method Details

    • value

      public String value()
      The b64token value as defined in RFC 6750 Section 2.1
      Specified by:
      value in interface OAuthBearerToken
      Returns:
      b64token value as defined in RFC 6750 Section 2.1

    • scope

      public Set<String> scope()
      The token's scope of access, as per RFC 6749 Section 1.4
      Specified by:
      scope in interface OAuthBearerToken
      Returns:
      the token's (always non-null but potentially empty) scope of access, as per RFC 6749 Section 1.4. Note that all values in the returned set will be trimmed of preceding and trailing whitespace, and the result will never contain the empty string.

    • lifetimeMs

      public long lifetimeMs()
      The token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4
      Specified by:
      lifetimeMs in interface OAuthBearerToken
      Returns:
      the token's lifetime, expressed as the number of milliseconds since the epoch, as per RFC 6749 Section 1.4.

    • principalName

      public String principalName()
      The name of the principal to which this credential applies
      Specified by:
      principalName in interface OAuthBearerToken
      Returns:
      the always non-null/non-empty principal name

    • startTimeMs

      public Long startTimeMs()
      When the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null. An expiring credential may not necessarily indicate when it was created -- just when it expires -- so we need to support a null return value here.
      Specified by:
      startTimeMs in interface OAuthBearerToken
      Returns:
      the time when the credential became valid, in terms of the number of milliseconds since the epoch, if known, otherwise null

    • toString

      public String toString()
      Overrides:
      toString in class Object