001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * docs/licenses/cddl.txt
011 * or http://www.opensource.org/licenses/cddl1.php.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * docs/licenses/cddl.txt.  If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 *      Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 *      Copyright 2018-2019 Ping Identity Corporation
026 */
027
028
029package com.unboundid.directory.sdk.proxy.api;
030
031import com.unboundid.directory.sdk.common.api.AbstractAccessTokenValidator;
032import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension;
033import com.unboundid.util.Extensible;
034import com.unboundid.util.ThreadSafety;
035import com.unboundid.util.ThreadSafetyLevel;
036
037/**
038 * This class defines an API that may be implemented by Data Governance Server
039 * extensions that validate externally generated access tokens.  Implementing
040 * extensions that support this API enables the Data Governance Server
041 * to accept access tokens generated from external Identity Providers.
042 *
043 * <H2>Configuring Access Token Validators</H2>
044 * In order to configure an Access Token Validator created using this API, use
045 * a command like:
046 * <PRE>
047 *      dsconfig create-token-validator \
048 *           ---validator-name "<I>{name}</I>" \
049 *           --type third-party \
050 *           --set "extension-class:<I>{class-name}</I>" \
051 *           --set "extension-argument:<I>{name=value}</I>"
052 * </PRE>
053 * where "<I>{name}</I>" is the name to use for the Access Token Validator
054 * instance, "<I>{class-name}</I>" is the fully-qualified name of the Java class
055 * that extends
056 * {@code com.unboundid.directory.sdk.proxy.api.AccessTokenValidator},
057 * and "<I>{name=value}</I>" represents name-value pairs for any arguments to
058 * provide to the Access Token Validator. If multiple arguments should be
059 * provided to the extension, then the
060 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be
061 * provided multiple times.
062 */
063@Extensible()
064@DirectoryProxyServerExtension(
065    appliesToLocalContent = true,
066    appliesToRemoteContent = true
067)
068@ThreadSafety(level= ThreadSafetyLevel.INTERFACE_THREADSAFE)
069public abstract class AccessTokenValidator
070    extends AbstractAccessTokenValidator {
071  // No implementation necessary. This class is in this package so it is
072  // bundled with the proxy server SDK.
073}