Detailed Description
Authorization provider implementation that triggers token refresh when needed.
This class is stateful as it holds an OAuth token response and performs access token refresh when needed, if a refresh token has been provided.
NOTE: When using an instance of this class in mode AuthorizationHeaderMode#ID_TOKEN the authorization server (Identity Provider) is expected to issue a new Id Token on each access token refresh request.
Configuration and setup: after providing the required construction arguments the owner of an instance of this class may also use setupTokenResponseListener() to enable automated token response listening that then further enables refreshing access tokens (for clients that are issued with refresh tokens).
Classes | |
| enum | AuthorizationHeaderMode |
| Used to control the authorization header's type. More... | |
Public Member Functions | |
| String | buildAuthorizationHeader () |
| Builds value for Authorization header to use for authorizing API calls to the 10Duke Scale API. | |
| String | signingKeyId () |
| Returns the key identifier of the key that was used to sign the Authorization header token. | |
| void | setupTokenResponseListener () |
| Registers this instance as a subscriber for token responses emitted by the PKCe client instance member. | |
 Public Member Functions inherited from tenduke.sdk.core.service.AuthorizationProvider | |
Protected Member Functions | |
| boolean | tokenRequiresRefresh (final VerifiedOAuthTokenResponse token) |
| Checks if the currently held token (held in the token response object) has expired or will expire shortly. | |
| boolean | accessTokenRequiresRefresh (final VerifiedOAuthTokenResponse token) |
| Checks if the OAuth access token (held in the token response object) has expired. | |
| boolean | idTokenRequiresRefresh (final VerifiedOAuthTokenResponse token) |
| Checks if the Id Token (held in the token response object) has expired. | |
| void | refreshToken (final VerifiedOAuthTokenResponse currentToken) |
| Tries to refresh the current access token held in the OAuthTokenResponse object. | |
| String | serizalizeHeader () |
| Serializes the header value with expectation that token validation has passed. | |
Member Function Documentation
◆ accessTokenRequiresRefresh()
|
protected |
Checks if the OAuth access token (held in the token response object) has expired.
- Parameters
-
token The token response object with the access Token.
- Returns
- true if the access token has expired, false otherwise. True is also returned if the token is null.
◆ buildAuthorizationHeader()
| String tenduke.sdk.core.auth.SingleUserAuthorizationProvider.buildAuthorizationHeader | ( | ) |
Builds value for Authorization header to use for authorizing API calls to the 10Duke Scale API.
Note: does not include the header name and colon Authorization:.
- Returns
- built
Authorizationheader value.
Implements tenduke.sdk.core.service.AuthorizationProvider.
◆ idTokenRequiresRefresh()
|
protected |
Checks if the Id Token (held in the token response object) has expired.
- Parameters
-
token The token response object with the Id Token.
- Returns
- true if the Id Token has expired, false otherwise. True is also returned if the token is null.
◆ refreshToken()
|
protected |
Tries to refresh the current access token held in the OAuthTokenResponse object.
- Parameters
-
currentToken Previous token response object that provides the refresh token needed for the access token refresh call.
◆ serizalizeHeader()
|
protected |
Serializes the header value with expectation that token validation has passed.
- Returns
- The Authorization header value.
◆ setupTokenResponseListener()
| void tenduke.sdk.core.auth.SingleUserAuthorizationProvider.setupTokenResponseListener | ( | ) |
Registers this instance as a subscriber for token responses emitted by the PKCe client instance member.
This setup is required when wanting the most extensive level of automation that this class offers (access token renewal depends on this instance having a handle to the latest token response).
◆ signingKeyId()
| String tenduke.sdk.core.auth.SingleUserAuthorizationProvider.signingKeyId | ( | ) |
Returns the key identifier of the key that was used to sign the Authorization header token.
- Returns
- The key id or null if not applicable.
Implements tenduke.sdk.core.service.AuthorizationProvider.
◆ tokenRequiresRefresh()
|
protected |
Checks if the currently held token (held in the token response object) has expired or will expire shortly.
- Parameters
-
token The token response object.
- Returns
- true if the token has expired, false otherwise. True is also returned if the token is null.
The documentation for this class was generated from the following file:
- auth/src/main/java/tenduke/sdk/core/auth/SingleUserAuthorizationProvider.java
