vck-openid/at.asitplus.wallet.lib.oauth2/TokenService

TokenService

Access token service that combines generation and verification, i.e., it is suitable to be used in an implementation of an OAuth 2.0 Authorization Server.

Also implements OAuth 2.0 Token Exchange.

Inheritors

BearerTokenService

JwtTokenService

Types

Companion

object Companion

Properties

dpopSigningAlgValuesSupportedStrings

abstract val dpopSigningAlgValuesSupportedStrings: Set<String>?

generation

abstract val generation: TokenGenerationService

supportsRefreshTokens

abstract val supportsRefreshTokens: Boolean

verification

abstract val verification: TokenVerificationService

Functions

dpopNonce

open suspend fun dpopNonce(): String?

readUserInfo

abstract suspend fun readUserInfo(authorizationHeader: String, request: RequestInfo?): ValidatedAccessToken

Provides information about the access token from authorizationHeader, if it has been issued by generation. Access token needs to be validated before (see TokenVerificationService.validateAccessToken)

tokenExchange

open suspend fun tokenExchange(request: TokenRequestParameters, expectedResource: String, httpRequest: RequestInfo?): TokenResponseParameters

OAuth 2.0 Token Exchange: Validate the received token from TokenRequestParameters.subjectToken and issue a fresh access token. Callers need to make sure that the client has been authenticated before calling this method.

validateTokenForTokenExchange

abstract suspend fun validateTokenForTokenExchange(subjectToken: String): ValidatedAccessToken

Validates the subject token (that is a token sent by a third party) for token exchange) is one issued from TokenGenerationService. Callers need to authenticate the client before calling this method.