Package com.broadleafcommerce.resource.security.utils.service

Class AccessTokenClaims

java.lang.Object
com.broadleafcommerce.resource.security.utils.service.AccessTokenClaims
public final class AccessTokenClaims extends Object
These claims are also used in access tokens.
See Also:

  • Field Details

    • CUSTOMER_ID

      public static final String CUSTOMER_ID
      ID of the customer user if applicable.
      See Also:

    • ACCOUNT_ID

      public static final String ACCOUNT_ID
      ID of the account the user is currently active in (this is typically for B2B).
      See Also:

    • PARENT_ACCOUNTS

      public static final String PARENT_ACCOUNTS
      Claim containing the ids of the parent accounts if the user is active in an account context.
      See Also:

    • CUSTOMER_SEGMENT_IDS

      public static final String CUSTOMER_SEGMENT_IDS
      Claim containing the ids of the customer segments the active user is in.
      See Also:

    • USER_NAME

      @Deprecated(forRemoval=true) public static final String USER_NAME
      Deprecated, for removal: This API element is subject to removal in a future version.
      The user's username. This is the claim name used by AuthenticationServices 1.x, and is only relevant for backwards compatibility. Opt to use USERNAME instead.
      See Also:

    • USERNAME

      public static final String USERNAME
      The user's username. This is the claim name used by AuthenticationServices starting with version 2.
      See Also:

    • FULL_NAME

      public static final String FULL_NAME
      The user's full name.
      See Also:

    • CSR_CLIENT_ID

      public static final String CSR_CLIENT_ID
      The claim storing the CSR's client ID. Only populated if impersonated.
      See Also:

    • CSR_SUBJECT

      public static final String CSR_SUBJECT
      The claim storing the CSR's subject. Only populated if impersonated.
      See Also:

    • CSR_USER_ID

      public static final String CSR_USER_ID
      The claim storing the CSR's user ID. Only populated if impersonated.
      See Also:

    • CSR_ANONYMOUS

      public static final String CSR_ANONYMOUS
      The claim indicating that the CSR is impersonating an anonymous user. Only populated if impersonated as an anonymous user.
      See Also:

    • CSR_ANONYMOUS_SUB_VALUE

      public static final String CSR_ANONYMOUS_SUB_VALUE
      The value of the SessionTokenClaimKeys#SUBJECT when anonymously impersonated as a CSR.
      See Also:

    • CSR_INHERITED_AUTHORITIES

      public static final String CSR_INHERITED_AUTHORITIES
      The claim storing the authorities inherited from the CSR. Only populated if impersonated.
      See Also:

    • IMPERSONATING_SELF

      public static final String IMPERSONATING_SELF
      The claim indicating whether the CSR is impersonated themselves rather than a customer user. Usually done in order to perform functions such as managing quotes rather than shopping on behalf of.
      See Also:

    • CSR_USERNAME

      public static final String CSR_USERNAME
      Alias for CSR_SUBJECT.
      See Also:

    • ADMIN

      public static final String ADMIN
      The claim for whether this authentication belongs to an admin user.
      See Also:

    • USER_TYPE_ATTR

      public static final String USER_TYPE_ATTR
      The user type claim to distinguish the type of services the user interacts with.
      See Also:

    • AUTH_DETAILS_ADMIN_USER_ID_KEY

      public static final String AUTH_DETAILS_ADMIN_USER_ID_KEY
      The ID of the admin user. This is only applicable if the current user is bound to an admin context.
      See Also:

    • AUTHORITIES

      public static final String AUTHORITIES
      The claim storing the authorities of the user.
      See Also:

    • ADMIN_SCOPED_SERVICE_CLIENT

      public static final String ADMIN_SCOPED_SERVICE_CLIENT
      The claim if the current token is for an admin-scoped service client. Only used for service-to-service calls scoped from the admin context.
      See Also: