Package com.broadleafcommerce.auth.token.provider.jpa.domain

Interface RefreshToken

    • Method Detail

      • getId

        String getId()
        The primary key of the refresh token. Aligns with the JTI param in the refresh token JWT. Note, for a rotatable token, the JTI is two-part. The first segment is the partition identifier (e.g. see JpaRefreshToken1 as an integer. The second segment is the id captured in this field.
        Returns:
        The primary key of the refresh token

      • getAncestor

        String getAncestor()
        The primary key value of the first refresh token assigned in the current inheritance line. Every time a refresh token is used to get a new access token, the rotated refresh token returned in the access token / refresh token pair will reference the original refresh token used at the beginning. Any attempt to re-use a refresh token outside of the setRotationExpiration(Long) timeline will result in immediate revocation of the entire inheritance line of refresh tokens.
        Returns:
        The primary key value of the first refresh token assigned in the current inheritance line

      • isRotated

        boolean isRotated()
        Whether or not this refresh token instance has been used as part of a refresh attempt
        Returns:
        Whether or not this refresh token instance has been used as part of a refresh attempt

      • getRotationExpiration

        Long getRotationExpiration()
        Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure. Once this point in time is exceeded, the security response detailed in getAncestor() is triggered. This window is designed to allow for system irregularities like network latency or outage in which an application may be forced to quickly retry a rotation. Represented as milliseconds after epoch.

        This value is generally set in JpaAuthorizedClient.getRefreshTokenRotationIntervalSeconds() and the system harvests from there and converts to millis based on the current client being used in the oauth flow.
        Returns:
        The configurable window of time in which a refresh token may be used multiple times without failure

      • getExpiration

        Long getExpiration()
        The maximum lifespan of a refresh token. Any attempt (even valid) to use this refresh token after this point in time will result in an invalid security response. Represented as milliseconds after epoch.

        This value is generally set in JpaAuthorizedClient.getRefreshTokenTimeoutSeconds() and the system harvest from there and converts to millis based on the current client being used in the oauth flow.
        Returns:
        The maximum lifespan of a refresh token

      • setId

        void setId​(String id)
        Parameters:
        id -
        See Also:
        getId()

      • setAncestor

        void setAncestor​(String ancestor)
        Parameters:
        ancestor -
        See Also:
        getAncestor()

      • setRotated

        void setRotated​(boolean isRotated)
        Parameters:
        isRotated -
        See Also:
        isRotated()

      • setRotationExpiration

        void setRotationExpiration​(Long rotationExpiration)
        Parameters:
        rotationExpiration -
        See Also:
        getRotationExpiration()

      • setExpiration

        void setExpiration​(Long expiration)
        Parameters:
        expiration -
        See Also:
        getExpiration()