Class ServiceProviderToken
Consumer
the token belongs to.
A request token that has been authorized will also contain the user that authorized the request. An access token
will always contain user that gave permission to the Consumer
to make requests on their behalf.
Tokens instances are immutable. To create a new ServiceProviderToken
instance, use builder. To build an
unauthorized request token, use the newRequestToken(String)
as follows
ServiceProviderToken unauthorizedRequestToken = ServiceProviderToken.newRequestToken("bb6dd1391ce33b5bd3ecad1175139a39") .tokenSecret("29c3005cc5fbe5d431f27b29d6191ea3") .consumer(consumer) .build();
An authorized request token can be built by calling authorize(String, String)
method on an unauthorized request
token
ServiceProviderToken authorizedRequestToken = unauthorizedRequestToken.authorize(fred);or from scratch in a similar way to unauthorized request tokens, but also setting the authorizedBy attribute by calling
ServiceProviderToken.ServiceProviderTokenBuilder.authorizedBy(String)
before calling build()
ServiceProviderToken authorizedRequestToken = ServiceProviderToken.newRequestToken("bb6dd1391ce33b5bd3ecad1175139a39") .tokenSecret("29c3005cc5fbe5d431f27b29d6191ea3") .consumer(consumer) .authorizedBy(fred) .build();
To build an access token, use the newAccessToken(String)
method as the starting point
ServiceProviderToken accessToken = ServiceProviderToken.newAccessToken("bb6dd1391ce33b5bd3ecad1175139a39") .tokenSecret("29c3005cc5fbe5d431f27b29d6191ea3") .consumer(consumer) .authorizedBy(fred) .build();
ServiceProviderToken
s also have two additional attributes that control when they expire: the
creationTime
and timeToLive
. If these values are not specified when building a token, the defaults
are used. The default value for creationTime
is when the ServiceProviderToken.ServiceProviderTokenBuilder.build()
method
is called and the token constructed. The default value for timeToLive
depends on the type of token being
constructed. For request tokens, the default value is 10 minutes. For access tokens, the default value is 1 week.
When a token has been around for longer than its timeToLive
, any attempts to use it should result in an
OAuth problem of token_expired
, as described in the
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
Defines the status of request tokens.static final class
static final class
Representation of an OAuth session.Nested classes/interfaces inherited from class com.atlassian.bitbucket.jenkins.internal.applink.oauth.Token
Token.TokenBuilder<T,
B extends Token.TokenBuilder<T, B>>, Token.Type -
Field Summary
Modifier and TypeFieldDescriptionstatic final long
The default value for access token time to live.static final long
The default value for request token time to live.static final long
The default value for session time to live. -
Method Summary
Modifier and TypeMethodDescriptionIf this is an unauthorized request token, this method will return a request token that has been authorized by theuser
.If this is an unauthorized request token, this method will return a request token that has been denied by theuser
.Returns the authorization status of this token.Returns theURI
the consumer should be redirected to after the user has completed authorization.long
Returns the time the token was originally created for the user, in milliseconds.Returns theSession
associated with the token.long
Returns the maximum amount of time the token is considered valid, in milliseconds.getUser()
If this is an authorized request token, returns the user that authorized the token.If this is an authorized request token, returns the verification code that is used to verify the user that authorized the token is the same one that is swapping it for an access token.boolean
Returnstrue
if this token has been authorized,false
otherwise.boolean
Returnstrue
if this token has been denied,false
otherwise.boolean
hasExpired
(Clock clock) Returnstrue
if the time to live has been exceeded,false
otherwise.boolean
Returnstrue
if there is aSession
associated with the token.static boolean
isValidCallback
(URI callback) newAccessToken
(String token) Static factory method that starts the process of building an accessServiceProviderToken
instance.newRequestToken
(String token) Static factory method that starts the process of building a requestServiceProviderToken
instance.Methods inherited from class com.atlassian.bitbucket.jenkins.internal.applink.oauth.Token
getConsumer, getProperties, getProperty, getPropertyNames, getToken, getTokenSecret, hasProperty, isAccessToken, isRequestToken, toString
-
Field Details
-
DEFAULT_REQUEST_TOKEN_TTL
public static final long DEFAULT_REQUEST_TOKEN_TTLThe default value for request token time to live. Value corresponds to 10 minutes in ms. -
DEFAULT_ACCESS_TOKEN_TTL
public static final long DEFAULT_ACCESS_TOKEN_TTLThe default value for access token time to live. Value corresponds to 5 years in ms. -
DEFAULT_SESSION_TTL
public static final long DEFAULT_SESSION_TTLThe default value for session time to live. Value corresponds to 5 years + 30 days in ms. This value is supposed to be longer thanDEFAULT_ACCESS_TOKEN_TTL
so that the session is still live while the access token has just expired.
-
-
Method Details
-
newRequestToken
Static factory method that starts the process of building a requestServiceProviderToken
instance. Returns aServiceProviderTokenBuilder
so the additional attributes of the token can be set.- Parameters:
token
- unique token used to theServiceProviderToken
to be used in OAuth operations- Returns:
- builder to set additional attributes and build the
ServiceProviderToken
-
newAccessToken
Static factory method that starts the process of building an accessServiceProviderToken
instance. Returns aServiceProviderTokenBuilder
so the additional attributes of the token can be set.- Parameters:
token
- unique token used to theServiceProviderToken
to be used in OAuth operations- Returns:
- builder to set additional attributes and build the
ServiceProviderToken
-
authorize
If this is an unauthorized request token, this method will return a request token that has been authorized by theuser
.- Parameters:
user
- name of the user that has authorized the request tokenverifier
- value used to prove the user authorizing the token is the same as the one swapping it for an access token- Returns:
- authorized request token
- Throws:
IllegalStateException
- thrown if the token is not a request token or has already been authorized or denied
-
hasBeenAuthorized
public boolean hasBeenAuthorized()Returnstrue
if this token has been authorized,false
otherwise. This is a short-cut for callinggetAuthorization()
and checking the return type. As such, it has the same condition that it will always returntrue
if the token is an access token.- Returns:
true
if this token has been authorized,false
otherwise
-
deny
If this is an unauthorized request token, this method will return a request token that has been denied by theuser
.- Parameters:
user
- name of the user that has denied the request token- Returns:
- denied request token
- Throws:
IllegalStateException
- thrown if the token is not a request token or has already been authorized or denied
-
hasBeenDenied
public boolean hasBeenDenied()Returnstrue
if this token has been denied,false
otherwise. This is a short-cut for callinggetAuthorization()
and checking the return type. As such, it has the same condition that it will always returnfalse
if the token is an access token.- Returns:
true
if this token has been denied,false
otherwise
-
getAuthorization
Returns the authorization status of this token. If the token is a request token, it will returnAuthorization.NONE
if it the user has not yet approved or denied the request,Authorization.APPROVED
if the user approved the access request, orAuthorization.DENIED
if the user denied the access request. For access tokens,Authorized.APPROVED
will always be returned.- Returns:
- authorization status of this token
-
getUser
If this is an authorized request token, returns the user that authorized the token. If this is an access token, it's the user theConsumer
is making requests on behalf of. Returnsnull
otherwise.- Returns:
- name of the user that authorized the
Consumer
to make requests on behalf of themselves
-
getVerifier
If this is an authorized request token, returns the verification code that is used to verify the user that authorized the token is the same one that is swapping it for an access token. Returnsnull
otherwise.- Returns:
- verification code that is used to verify the user that authorized the token is the same one that is swapping it for an access token
-
getCreationTime
public long getCreationTime()Returns the time the token was originally created for the user, in milliseconds.- Returns:
- time the token was originally created for the user, in milliseconds
-
getTimeToLive
public long getTimeToLive()Returns the maximum amount of time the token is considered valid, in milliseconds.- Returns:
- maximum amount of time the token is considered valid, in milliseconds
-
hasExpired
Returnstrue
if the time to live has been exceeded,false
otherwise.- Parameters:
clock
- a way to determine the current time- Returns:
true
if the time to live has been exceeded,false
otherwise
-
getCallback
Returns theURI
the consumer should be redirected to after the user has completed authorization. It will benull
if theURI
was communicated out-of-band via another form of communication between the service provider and consumer. It will also benull
if the token is a version 1.0 request token.- Returns:
URI
the consumer should be redirected to after the user has completed authorization
-
isValidCallback
-
getSession
Returns theSession
associated with the token. -
hasSession
public boolean hasSession()Returnstrue
if there is aSession
associated with the token.
-