Package com.broadleafcommerce.auth.token.provider.jpa.domain

Class JpaRefreshToken4

    • Constructor Detail

      • JpaRefreshToken4

        public JpaRefreshToken4()

    • Method Detail

      • getId

        public String getId()
        Description copied from interface: RefreshToken
        The primary key of the refresh token. Aligns with the JTI param in the refresh token JWT. Note, for a rotatable token, the JTI is two-part. The first segment is the partition identifier (e.g. see JpaRefreshToken1 as an integer. The second segment is the id captured in this field.
        Specified by:
        getId in interface RefreshToken
        Returns:
        The primary key of the refresh token

      • getAncestor

        public String getAncestor()
        Description copied from interface: RefreshToken
        The primary key value of the first refresh token assigned in the current inheritance line. Every time a refresh token is used to get a new access token, the rotated refresh token returned in the access token / refresh token pair will reference the original refresh token used at the beginning. Any attempt to re-use a refresh token outside of the RefreshToken.setRotationExpiration(Long) timeline will result in immediate revocation of the entire inheritance line of refresh tokens.
        Specified by:
        getAncestor in interface RefreshToken
        Returns:
        The primary key value of the first refresh token assigned in the current inheritance line

      • isRotated

        public boolean isRotated()
        Description copied from interface: RefreshToken
        Whether or not this refresh token instance has been used as part of a refresh attempt
        Specified by:
        isRotated in interface RefreshToken
        Returns:
        Whether or not this refresh token instance has been used as part of a refresh attempt

      • getRotationExpiration

        public Long getRotationExpiration()
        Description copied from interface: RefreshToken
        Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure. Once this point in time is exceeded, the security response detailed in RefreshToken.getAncestor() is triggered. This window is designed to allow for system irregularities like network latency or outage in which an application may be forced to quickly retry a rotation. Represented as milliseconds after epoch.

        This value is generally set in JpaAuthorizedClient.getRefreshTokenRotationIntervalSeconds() and the system harvests from there and converts to millis based on the current client being used in the oauth flow.
        Specified by:
        getRotationExpiration in interface RefreshToken
        Returns:
        The configurable window of time in which a refresh token may be used multiple times without failure

      • getExpiration

        public Long getExpiration()
        Description copied from interface: RefreshToken
        The maximum lifespan of a refresh token. Any attempt (even valid) to use this refresh token after this point in time will result in an invalid security response. Represented as milliseconds after epoch.

        This value is generally set in JpaAuthorizedClient.getRefreshTokenTimeoutSeconds() and the system harvest from there and converts to millis based on the current client being used in the oauth flow.
        Specified by:
        getExpiration in interface RefreshToken
        Returns:
        The maximum lifespan of a refresh token

      • canEqual

        protected boolean canEqual​(Object other)

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object