@NotExtensible public final class TokenValidationResult extends java.lang.Object
The decision as to whether an access token is accepted or not varies by
product. For the Directory Server, Directory Proxy Server,
Data Sync Server, or Data Metrics Server, different REST APIs
may enforce different authorization rules, depending on their configuration;
please refer to the relevant documentation. In general, a token's
active
property must be true and its tokenOwner
must not be
null.
For the Data Governance Server, authorization decisions are made by the policy
engine. All properties of the TokenValidationResult may be accessed by
policies; however, the default policy may only examine a subset of those
properties (e.g. especially the active
property).
Modifier and Type | Class and Description |
---|---|
static class |
TokenValidationResult.Builder
A Builder for TokenValidationResult.
|
Modifier and Type | Method and Description |
---|---|
java.lang.Boolean |
getActive()
Get whether the token is active.
|
java.util.Map<java.lang.String,java.lang.Object> |
getAdditionalProperties()
Get any extension properties associated with the token.
|
java.util.Set<java.lang.String> |
getAudience()
Get the token's intended audience(s).
|
java.lang.String |
getClientId()
Get the OAuth2 client Id of the client that requested the token.
|
java.lang.Long |
getExpirationTime()
Get the token expiration time in seconds since January 1 1970 UTC.
|
java.lang.Long |
getIssuedAt()
Get the token issue time in seconds since January 1 1970 UTC.
|
java.lang.Long |
getNotUsedBefore()
Get the not used before time in seconds since January 1 1070 UTC.
|
java.util.Set<java.lang.String> |
getScope()
Get the scopes granted to this token.
|
java.lang.String |
getTokenIdentifier()
Get the unique identifier for this token.
|
java.lang.String |
getTokenOwner()
Get the token subject as defined in JWT [RFC7519].
|
java.lang.String |
getTokenSubject()
Get the token subject as defined in JWT [RFC7519].
|
java.lang.String |
getTokenType()
Get the token type.
|
java.lang.String |
getUsername()
Get a human-readable user name for the resource owner that authorized
the token.
|
public java.lang.Boolean getActive()
public java.util.Set<java.lang.String> getScope()
public java.lang.String getClientId()
public java.lang.String getUsername()
public java.lang.String getTokenType()
public java.lang.Long getExpirationTime()
public java.lang.Long getIssuedAt()
public java.lang.Long getNotUsedBefore()
public java.lang.String getTokenSubject()
public java.lang.String getTokenOwner()
It is the responsibility of the Token Validator to translate an external subject identifier into the local server's syntax. This syntax varies by product. For the Directory Server, Directory Proxy Server, Data Sync Server, or Data Metrics Server, the value should be an LDAP DN. The Data Governance Server uses a relative resource path as the subject ID, e.g. "Users/user_id", where user_id is the value of the subject's SCIM id property.
public java.util.Set<java.lang.String> getAudience()
public java.lang.String getTokenIdentifier()
public java.util.Map<java.lang.String,java.lang.Object> getAdditionalProperties()