TokenVerificationService

Verifies access tokens and refresh tokens, that may have been generated by a TokenGenerationService, or by any other OAuth 2.0 authorization server.

Functions

abstract suspend fun extractValidatedClientKey(httpRequest: RequestInfo?): KmmResult<JsonWebKey?>

Validate a DPoP proof and extract the client's key if the proof exists at all.

abstract suspend fun getTokenInfo(tokenOrAuthHeader: String): TokenInfo

Reads information about the token contained in tokenOrAuthHeader for token introspection.

abstract suspend fun validateAccessToken(tokenOrAuthHeader: String, httpRequest: RequestInfo?, dpopNonceService: NonceService? = null): KmmResult<Unit>

Validates the token (either plain token or from an HTTP Authorization header, i.e., with prefix).

abstract suspend fun validateRefreshToken(refreshToken: String, httpRequest: RequestInfo?, validatedClientKey: JsonWebKey?): String

Validates that this refresh token was actually issued by the known TokenGenerationService.