com.broadleafcommerce.auth.token.provider.jpa.domain

Class JpaRefreshToken3

java.lang.Object

com.broadleafcommerce.auth.token.provider.jpa.domain.JpaRefreshToken3

All Implemented Interfaces:

RefreshToken, Serializable

@Entity
public class JpaRefreshToken3
extends Object
implements Serializable, RefreshToken

JPA Shard partition for recording a refresh token assignment

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
JpaRefreshToken3()

Method Summary

Modifier and Type	Method and Description
protected boolean	canEqual(Object other)
boolean	equals(Object o)
String	getAncestor() The primary key value of the first refresh token assigned in the current inheritance line.
Long	getExpiration() The maximum lifespan of a refresh token.
String	getId() The primary key of the refresh token.
Long	getRotationExpiration() Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure.
int	hashCode()
boolean	isRotated() Whether or not this refresh token instance has been used as part of a refresh attempt
void	setAncestor(String ancestor)
void	setExpiration(Long expiration)
void	setId(String id)
void	setRotated(boolean isRotated)
void	setRotationExpiration(Long rotationExpiration)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

JpaRefreshToken3

public JpaRefreshToken3()

Method Detail

getId

public String getId()

Description copied from interface: RefreshToken

The primary key of the refresh token. Aligns with the JTI param in the refresh token JWT. Note, for a rotatable token, the JTI is two-part. The first segment is the partition identifier (e.g. see JpaRefreshToken1 as an integer. The second segment is the id captured in this field.

Specified by:

getId in interface RefreshToken

Returns:

The primary key of the refresh token

getAncestor

public String getAncestor()

Description copied from interface: RefreshToken

The primary key value of the first refresh token assigned in the current inheritance line. Every time a refresh token is used to get a new access token, the rotated refresh token returned in the access token / refresh token pair will reference the original refresh token used at the beginning. Any attempt to re-use a refresh token outside of the RefreshToken.setRotationExpiration(Long) timeline will result in immediate revocation of the entire inheritance line of refresh tokens.

Specified by:

getAncestor in interface RefreshToken

Returns:

The primary key value of the first refresh token assigned in the current inheritance line

isRotated

public boolean isRotated()

Description copied from interface: RefreshToken

Whether or not this refresh token instance has been used as part of a refresh attempt

Specified by:

isRotated in interface RefreshToken

Returns:

Whether or not this refresh token instance has been used as part of a refresh attempt

getRotationExpiration

public Long getRotationExpiration()

Description copied from interface: RefreshToken

Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure. Once this point in time is exceeded, the security response detailed in RefreshToken.getAncestor() is triggered. This window is designed to allow for system irregularities like network latency or outage in which an application may be forced to quickly retry a rotation. Represented as milliseconds after epoch.

This value is generally set in JpaAuthorizedClient.getRefreshTokenRotationIntervalSeconds() and the system harvests from there and converts to millis based on the current client being used in the oauth flow.

Specified by:

getRotationExpiration in interface RefreshToken

Returns:

The configurable window of time in which a refresh token may be used multiple times without failure

getExpiration

public Long getExpiration()

Description copied from interface: RefreshToken

The maximum lifespan of a refresh token. Any attempt (even valid) to use this refresh token after this point in time will result in an invalid security response. Represented as milliseconds after epoch.

This value is generally set in JpaAuthorizedClient.getRefreshTokenTimeoutSeconds() and the system harvest from there and converts to millis based on the current client being used in the oauth flow.

Specified by:

getExpiration in interface RefreshToken

Returns:

The maximum lifespan of a refresh token

setId

public void setId(String id)

Specified by:

setId in interface RefreshToken

See Also:

RefreshToken.getId()

setAncestor

public void setAncestor(String ancestor)

Specified by:

setAncestor in interface RefreshToken

See Also:

RefreshToken.getAncestor()

setRotated

public void setRotated(boolean isRotated)

Specified by:

setRotated in interface RefreshToken

See Also:

RefreshToken.isRotated()

setRotationExpiration

public void setRotationExpiration(Long rotationExpiration)

Specified by:

setRotationExpiration in interface RefreshToken

See Also:

RefreshToken.getRotationExpiration()

setExpiration

public void setExpiration(Long expiration)

Specified by:

setExpiration in interface RefreshToken

See Also:

RefreshToken.getExpiration()

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

canEqual

protected boolean canEqual(Object other)

hashCode

public int hashCode()

Overrides:

hashCode in class Object