Package com.broadleafcommerce.auth.server.domain

Class AuthorizedClient

java.lang.Object
com.broadleafcommerce.auth.server.domain.AuthorizedClient
All Implemented Interfaces:
Serializable
public class AuthorizedClient extends Object implements Serializable
Represents the authorization service concept of an authorized client. This structure is used to store a persistent representation of an OAuth2 ClientDetails for an AuthorizationServer.
Author:
Nick Crum (ncrum)
See Also:

  • Constructor Details

    • AuthorizedClient

      public AuthorizedClient()

  • Method Details

    • toClientDetails

      public org.springframework.security.oauth2.provider.ClientDetails toClientDetails()
      Convert this authorized client to a ClientDetails.
      Returns:
      the client details

    • getId

      public String getId()
      The primary key of this authorized client.
      Returns:
      the primary key

    • getServerId

      public String getServerId()
      The ID of the authorization server this authorized client is part of.
      Returns:
      the authorization server ID

    • getFriendlyName

      public String getFriendlyName()
      The friendly name of this authorized client. Intended for display purposes
      Returns:
      the friendly name

    • getClientId

      public String getClientId()
      The OAuth2 client ID for this authorized client. Usually generated as a randomized string.
      Returns:
      the client ID

    • getClientSecret

      public String getClientSecret()
      The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.
      Returns:
      the encrypted client secret

    • getTokenTimeoutSeconds

      public Integer getTokenTimeoutSeconds()
      The period of time, in seconds, that an access token issued will be valid for.
      Returns:
      the timeout in seconds

    • getRefreshTokenTimeoutSeconds

      public Integer getRefreshTokenTimeoutSeconds()
      The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.
      Returns:
      the timeout in seconds

    • getResourceIds

      public Set<String> getResourceIds()
      The resources that this client can access. Can be ignored by callers if empty.
      Returns:
      the resource IDs

    • getGrantTypes

      public Set<String> getGrantTypes()
      The grant types for which this client is authorized.
      Returns:
      The grant types for which this client is authorized.

    • getRedirectUris

      public Set<String> getRedirectUris()
      The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

      Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

      Returns:
      The pre-defined redirect URIs for this client.
      See Also:

    • getScopes

      public Set<String> getScopes()
      The scopes for this client. Empty if the client isn't scoped.
      Returns:
      The scopes of this client.

    • getPermissions

      public Set<String> getPermissions()
      Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.
      Returns:
      the permissions (never null)

    • getApplicationId

      public String getApplicationId()
      Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.
      Returns:
      the application ID this client is used in, or null if not used for customers

    • getAttributes

      public Map<String,Object> getAttributes()
      Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
      Returns:
      a map of additional attributes

    • getDefaultRedirectUri

      public String getDefaultRedirectUri()
      The default redirect URI to use if a user accesses a login page without a valid redirect cookie
      Returns:
      a string representing the default fallback URI

    • setId

      public void setId(String id)
      The primary key of this authorized client.
      Parameters:
      id - the primary key

    • setServerId

      public void setServerId(String serverId)
      The ID of the authorization server this authorized client is part of.
      Parameters:
      serverId - the authorization server ID

    • setFriendlyName

      public void setFriendlyName(String friendlyName)
      The friendly name of this authorized client. Intended for display purposes
      Parameters:
      friendlyName - the friendly name

    • setClientId

      public void setClientId(String clientId)
      The OAuth2 client ID for this authorized client. Usually generated as a randomized string.
      Parameters:
      clientId - the client ID

    • setClientSecret

      public void setClientSecret(String clientSecret)
      The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.
      Parameters:
      clientSecret - the encrypted client secret

    • setTokenTimeoutSeconds

      public void setTokenTimeoutSeconds(Integer tokenTimeoutSeconds)
      The period of time, in seconds, that an access token issued will be valid for.
      Parameters:
      tokenTimeoutSeconds - the timeout in seconds

    • setRefreshTokenTimeoutSeconds

      public void setRefreshTokenTimeoutSeconds(Integer refreshTokenTimeoutSeconds)
      The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.
      Parameters:
      tokenTimeoutSeconds - the timeout in seconds

    • setResourceIds

      public void setResourceIds(Set<String> resourceIds)
      The resources that this client can access. Can be ignored by callers if empty.
      Parameters:
      resourceIds - the resource IDs

    • setGrantTypes

      public void setGrantTypes(Set<String> grantTypes)
      The grant types for which this client is authorized.
      Parameters:
      grantTypes - the grant types

    • setRedirectUris

      public void setRedirectUris(Set<String> redirectUris)
      The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

      Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

      Parameters:
      redirectUris - the redirect URIs
      See Also:

    • setScopes

      public void setScopes(Set<String> scopes)
      The scopes for this client. Empty if the client isn't scoped.
      Parameters:
      scopes - the scopes

    • setPermissions

      public void setPermissions(Set<String> permissions)
      Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.
      Parameters:
      permissions - the permissions

    • setAdmin

      public void setAdmin(boolean isAdmin)
      Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.
      Parameters:
      isAdmin - whether or not this authorized client is for admin users

    • setApplicationId

      public void setApplicationId(String applicationId)
      Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.
      Parameters:
      applicationId - the application ID this client is used in

    • setAttributes

      public void setAttributes(Map<String,Object> attributes)
      Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
      Parameters:
      attributes - the additional attributes

    • setDefaultRedirectUri

      public void setDefaultRedirectUri(String defaultRedirectUri)
      The default redirect URI to use if a user accesses a login page without a valid redirect cookie
      Parameters:
      defaultRedirectUri - the default fallback URI to use for this client

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • canEqual

      protected boolean canEqual(Object other)

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • isAdmin

      public boolean isAdmin()
      Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.
      Returns:
      whether or not this authorized client is for admin users