Class AuthorizedClient
java.lang.Object
com.broadleafcommerce.auth.server.domain.AuthorizedClient
- All Implemented Interfaces:
Serializable
Represents the authorization service concept of an authorized client. This structure is used to
store a persistent representation of an OAuth2
ClientDetails
for an
AuthorizationServer
.- Author:
- Nick Crum (ncrum)
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
Populated if this authorized client is used for authorizing customer users in a certain application.Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.The OAuth2 client ID for this authorized client.The encrypted OAuth2 client secret for this authorized client.The default redirect URI to use if a user accesses a login page without a valid redirect cookieThe friendly name of this authorized client.The grant types for which this client is authorized.getId()
The primary key of this authorized client.Returns the permissions that are granted to the OAuth client.The pre-defined redirect URIs for this client to use during the "authorization_code" access grant.The period of time, in seconds, that an refresh token issued will be valid for.The resources that this client can access.The scopes for this client.The ID of the authorization server this authorized client is part of.The period of time, in seconds, that an access token issued will be valid for.int
hashCode()
boolean
isAdmin()
Whether or not this authorized client is used for authorizing admin users.void
setAdmin
(boolean isAdmin) Whether or not this authorized client is used for authorizing admin users.void
setApplicationId
(String applicationId) Populated if this authorized client is used for authorizing customer users in a certain application.void
setAttributes
(Map<String, Object> attributes) Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.void
setClientId
(String clientId) The OAuth2 client ID for this authorized client.void
setClientSecret
(String clientSecret) The encrypted OAuth2 client secret for this authorized client.void
setDefaultRedirectUri
(String defaultRedirectUri) The default redirect URI to use if a user accesses a login page without a valid redirect cookievoid
setFriendlyName
(String friendlyName) The friendly name of this authorized client.void
setGrantTypes
(Set<String> grantTypes) The grant types for which this client is authorized.void
The primary key of this authorized client.void
setPermissions
(Set<String> permissions) Returns the permissions that are granted to the OAuth client.void
setRedirectUris
(Set<String> redirectUris) The pre-defined redirect URIs for this client to use during the "authorization_code" access grant.void
setRefreshTokenTimeoutSeconds
(Integer refreshTokenTimeoutSeconds) The period of time, in seconds, that an refresh token issued will be valid for.void
setResourceIds
(Set<String> resourceIds) The resources that this client can access.void
The scopes for this client.void
setServerId
(String serverId) The ID of the authorization server this authorized client is part of.void
setTokenTimeoutSeconds
(Integer tokenTimeoutSeconds) The period of time, in seconds, that an access token issued will be valid for.org.springframework.security.oauth2.provider.ClientDetails
Convert this authorized client to aClientDetails
.toString()
-
Constructor Details
-
AuthorizedClient
public AuthorizedClient()
-
-
Method Details
-
toClientDetails
public org.springframework.security.oauth2.provider.ClientDetails toClientDetails()Convert this authorized client to aClientDetails
.- Returns:
- the client details
-
getId
The primary key of this authorized client.- Returns:
- the primary key
-
getServerId
The ID of the authorization server this authorized client is part of.- Returns:
- the authorization server ID
-
getFriendlyName
The friendly name of this authorized client. Intended for display purposes- Returns:
- the friendly name
-
getClientId
The OAuth2 client ID for this authorized client. Usually generated as a randomized string.- Returns:
- the client ID
-
getClientSecret
The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.- Returns:
- the encrypted client secret
-
getTokenTimeoutSeconds
The period of time, in seconds, that an access token issued will be valid for.- Returns:
- the timeout in seconds
-
getRefreshTokenTimeoutSeconds
The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.- Returns:
- the timeout in seconds
-
getResourceIds
The resources that this client can access. Can be ignored by callers if empty.- Returns:
- the resource IDs
-
getGrantTypes
The grant types for which this client is authorized.- Returns:
- The grant types for which this client is authorized.
-
getRedirectUris
The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.Any of these values may be relative, and if so, the
DefaultClientDetailsService
will use theTenantUrlResolver
to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the finalClientDetails.getRegisteredRedirectUri()
.- Returns:
- The pre-defined redirect URIs for this client.
- See Also:
-
getScopes
The scopes for this client. Empty if the client isn't scoped.- Returns:
- The scopes of this client.
-
getPermissions
Returns the permissions that are granted to the OAuth client. Cannot returnnull
. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.- Returns:
- the permissions (never
null
)
-
getApplicationId
Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.- Returns:
- the application ID this client is used in, or null if not used for customers
-
getAttributes
Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.- Returns:
- a map of additional attributes
-
getDefaultRedirectUri
The default redirect URI to use if a user accesses a login page without a valid redirect cookie- Returns:
- a string representing the default fallback URI
-
setId
The primary key of this authorized client.- Parameters:
id
- the primary key
-
setServerId
The ID of the authorization server this authorized client is part of.- Parameters:
serverId
- the authorization server ID
-
setFriendlyName
The friendly name of this authorized client. Intended for display purposes- Parameters:
friendlyName
- the friendly name
-
setClientId
The OAuth2 client ID for this authorized client. Usually generated as a randomized string.- Parameters:
clientId
- the client ID
-
setClientSecret
The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.- Parameters:
clientSecret
- the encrypted client secret
-
setTokenTimeoutSeconds
The period of time, in seconds, that an access token issued will be valid for.- Parameters:
tokenTimeoutSeconds
- the timeout in seconds
-
setRefreshTokenTimeoutSeconds
The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.- Parameters:
tokenTimeoutSeconds
- the timeout in seconds
-
setResourceIds
The resources that this client can access. Can be ignored by callers if empty.- Parameters:
resourceIds
- the resource IDs
-
setGrantTypes
The grant types for which this client is authorized.- Parameters:
grantTypes
- the grant types
-
setRedirectUris
The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.Any of these values may be relative, and if so, the
DefaultClientDetailsService
will use theTenantUrlResolver
to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the finalClientDetails.getRegisteredRedirectUri()
.- Parameters:
redirectUris
- the redirect URIs- See Also:
-
setScopes
The scopes for this client. Empty if the client isn't scoped.- Parameters:
scopes
- the scopes
-
setPermissions
Returns the permissions that are granted to the OAuth client. Cannot returnnull
. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.- Parameters:
permissions
- the permissions
-
setAdmin
public void setAdmin(boolean isAdmin) Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.- Parameters:
isAdmin
- whether or not this authorized client is for admin users
-
setApplicationId
Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.- Parameters:
applicationId
- the application ID this client is used in
-
setAttributes
Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.- Parameters:
attributes
- the additional attributes
-
setDefaultRedirectUri
The default redirect URI to use if a user accesses a login page without a valid redirect cookie- Parameters:
defaultRedirectUri
- the default fallback URI to use for this client
-
equals
-
canEqual
-
hashCode
public int hashCode() -
toString
-
isAdmin
public boolean isAdmin()Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.- Returns:
- whether or not this authorized client is for admin users
-