Package com.broadleafcommerce.auth.server.domain

Class AuthorizedClient

  • All Implemented Interfaces:
    Serializable
    public class AuthorizedClient
extends Object
implements Serializable
    Represents the authorization service concept of an authorized client. This structure is used to store a persistent representation of an OAuth2 ClientDetails for an AuthorizationServer.
    Author:
    Nick Crum (ncrum)
    See Also:
    Serialized Form

    • Constructor Detail

      • AuthorizedClient

        public AuthorizedClient()

    • Method Detail

      • toClientDetails

        public org.springframework.security.oauth2.provider.ClientDetails toClientDetails()
        Convert this authorized client to a ClientDetails.
        Returns:
        the client details

      • getId

        public String getId()
        The primary key of this authorized client.
        Returns:
        the primary key

      • getServerId

        public String getServerId()
        The ID of the authorization server this authorized client is part of.
        Returns:
        the authorization server ID

      • getFriendlyName

        public String getFriendlyName()
        The friendly name of this authorized client. Intended for display purposes
        Returns:
        the friendly name

      • getClientId

        public String getClientId()
        The OAuth2 client ID for this authorized client. Usually generated as a randomized string.
        Returns:
        the client ID

      • getClientSecret

        public String getClientSecret()
        The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.
        Returns:
        the encrypted client secret

      • getTokenTimeoutSeconds

        public Integer getTokenTimeoutSeconds()
        The period of time, in seconds, that an access token issued will be valid for.
        Returns:
        the timeout in seconds

      • getRefreshTokenTimeoutSeconds

        public Integer getRefreshTokenTimeoutSeconds()
        The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.
        Returns:
        the timeout in seconds

      • getResourceIds

        public Set<String> getResourceIds()
        The resources that this client can access. Can be ignored by callers if empty.
        Returns:
        the resource IDs

      • getGrantTypes

        public Set<String> getGrantTypes()
        The grant types for which this client is authorized.
        Returns:
        The grant types for which this client is authorized.

      • getRedirectUris

        public Set<String> getRedirectUris()
        The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

        Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

        Returns:
        The pre-defined redirect URIs for this client.
        See Also:
        DefaultClientDetailsService, TenantUrlResolver

      • getScopes

        public Set<String> getScopes()
        The scopes for this client. Empty if the client isn't scoped.
        Returns:
        The scopes of this client.

      • getPermissions

        public Set<String> getPermissions()
        Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.
        Returns:
        the permissions (never null)

      • getApplicationId

        public String getApplicationId()
        Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.
        Returns:
        the application ID this client is used in, or null if not used for customers

      • getAttributes

        public Map<String,​Object> getAttributes()
        Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
        Returns:
        a map of additional attributes

      • getDefaultRedirectUri

        public String getDefaultRedirectUri()
        The default redirect URI to use if a user accesses a login page without a valid redirect cookie
        Returns:
        a string representing the default fallback URI

      • setId

        public void setId​(String id)
        The primary key of this authorized client.
        Parameters:
        id - the primary key

      • setServerId

        public void setServerId​(String serverId)
        The ID of the authorization server this authorized client is part of.
        Parameters:
        serverId - the authorization server ID

      • setFriendlyName

        public void setFriendlyName​(String friendlyName)
        The friendly name of this authorized client. Intended for display purposes
        Parameters:
        friendlyName - the friendly name

      • setClientId

        public void setClientId​(String clientId)
        The OAuth2 client ID for this authorized client. Usually generated as a randomized string.
        Parameters:
        clientId - the client ID

      • setClientSecret

        public void setClientSecret​(String clientSecret)
        The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.
        Parameters:
        clientSecret - the encrypted client secret

      • setTokenTimeoutSeconds

        public void setTokenTimeoutSeconds​(Integer tokenTimeoutSeconds)
        The period of time, in seconds, that an access token issued will be valid for.
        Parameters:
        tokenTimeoutSeconds - the timeout in seconds

      • setRefreshTokenTimeoutSeconds

        public void setRefreshTokenTimeoutSeconds​(Integer refreshTokenTimeoutSeconds)
        The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.
        Parameters:
        tokenTimeoutSeconds - the timeout in seconds

      • setResourceIds

        public void setResourceIds​(Set<String> resourceIds)
        The resources that this client can access. Can be ignored by callers if empty.
        Parameters:
        resourceIds - the resource IDs

      • setGrantTypes

        public void setGrantTypes​(Set<String> grantTypes)
        The grant types for which this client is authorized.
        Parameters:
        grantTypes - the grant types

      • setRedirectUris

        public void setRedirectUris​(Set<String> redirectUris)
        The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

        Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

        Parameters:
        redirectUris - the redirect URIs
        See Also:
        DefaultClientDetailsService, TenantUrlResolver

      • setScopes

        public void setScopes​(Set<String> scopes)
        The scopes for this client. Empty if the client isn't scoped.
        Parameters:
        scopes - the scopes

      • setPermissions

        public void setPermissions​(Set<String> permissions)
        Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.
        Parameters:
        permissions - the permissions

      • setAdmin

        public void setAdmin​(boolean isAdmin)
        Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.
        Parameters:
        isAdmin - whether or not this authorized client is for admin users

      • setApplicationId

        public void setApplicationId​(String applicationId)
        Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.
        Parameters:
        applicationId - the application ID this client is used in

      • setAttributes

        public void setAttributes​(Map<String,​Object> attributes)
        Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
        Parameters:
        attributes - the additional attributes

      • setDefaultRedirectUri

        public void setDefaultRedirectUri​(String defaultRedirectUri)
        The default redirect URI to use if a user accesses a login page without a valid redirect cookie
        Parameters:
        defaultRedirectUri - the default fallback URI to use for this client

      • canEqual

        protected boolean canEqual​(Object other)

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • isAdmin

        public boolean isAdmin()
        Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.
        Returns:
        whether or not this authorized client is for admin users