Interface RefreshToken
- All Known Implementing Classes:
JpaRefreshToken1
,JpaRefreshToken2
,JpaRefreshToken3
,JpaRefreshToken4
,JpaRefreshToken5
,JpaRefreshToken6
public interface RefreshToken
Represents a rotatable refresh token assignment. Supports expiration, as well as rotation leeway
threshold.
-
Method Summary
Modifier and TypeMethodDescriptionThe primary key value of the first refresh token assigned in the current inheritance line.The maximum lifespan of a refresh token.getId()
The primary key of the refresh token.Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure.boolean
Whether or not this refresh token instance has been used as part of a refresh attemptvoid
setAncestor
(String ancestor) void
setExpiration
(Long expiration) void
void
setRotated
(boolean isRotated) void
setRotationExpiration
(Long rotationExpiration)
-
Method Details
-
getId
String getId()The primary key of the refresh token. Aligns with theJTI
param in the refresh token JWT. Note, for a rotatable token, the JTI is two-part. The first segment is the partition identifier (e.g. seeJpaRefreshToken1
as an integer. The second segment is the id captured in this field.- Returns:
- The primary key of the refresh token
-
getAncestor
String getAncestor()The primary key value of the first refresh token assigned in the current inheritance line. Every time a refresh token is used to get a new access token, the rotated refresh token returned in the access token / refresh token pair will reference the original refresh token used at the beginning. Any attempt to re-use a refresh token outside of thesetRotationExpiration(Long)
timeline will result in immediate revocation of the entire inheritance line of refresh tokens.- Returns:
- The primary key value of the first refresh token assigned in the current inheritance line
-
isRotated
boolean isRotated()Whether or not this refresh token instance has been used as part of a refresh attempt- Returns:
- Whether or not this refresh token instance has been used as part of a refresh attempt
-
getRotationExpiration
Long getRotationExpiration()Refresh token rotation allows for a configurable window of time in which a refresh token may be used multiple times without failure. Once this point in time is exceeded, the security response detailed ingetAncestor()
is triggered. This window is designed to allow for system irregularities like network latency or outage in which an application may be forced to quickly retry a rotation. Represented as milliseconds after epoch.JpaAuthorizedClient.getRefreshTokenRotationIntervalSeconds()
and the system harvests from there and converts to millis based on the current client being used in the oauth flow.- Returns:
- The configurable window of time in which a refresh token may be used multiple times without failure
-
getExpiration
Long getExpiration()The maximum lifespan of a refresh token. Any attempt (even valid) to use this refresh token after this point in time will result in an invalid security response. Represented as milliseconds after epoch.JpaAuthorizedClient.getRefreshTokenTimeoutSeconds()
and the system harvest from there and converts to millis based on the current client being used in the oauth flow.- Returns:
- The maximum lifespan of a refresh token
-
setId
- Parameters:
id
-- See Also:
-
setAncestor
- Parameters:
ancestor
-- See Also:
-
setRotated
void setRotated(boolean isRotated) - Parameters:
isRotated
-- See Also:
-
setRotationExpiration
- Parameters:
rotationExpiration
-- See Also:
-
setExpiration
- Parameters:
expiration
-- See Also:
-