eu.webtoolkit.jwt.auth.OAuthTokenEndpoint

public class OAuthTokenEndpoint extends WResource

Endpoint to retrieve an access token.

The token endpoint is used by the client to obtain an OAuthAccessToken by presenting its authorization grant. This implementation only supports the "authorization_code" grant type. The client ID and secret can be passed with Basic auth or by POST request parameters. When something goes wrong, the reply will include a JSON object with an "error" attribute.

This endpoint is implemented as a WResource, so it's usually deployed using

invalid reference

WServer#addResource()

.

For more information refer to the specification: https://tools.ietf.org/rfc/rfc6749.txt

When the scope includes "openid" an ID Token will be included as specified by the OpenID Connect standard.

Must be deployed using TLS.

Nested Class Summary

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WResource
WResource.DispositionType

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject
WObject.FormData
Constructor Summary

Constructors

Constructor

Description

OAuthTokenEndpoint(AbstractUserDatabase db, String issuer)

Constructor.
Method Summary

Modifier and Type

Method

Description

void

handleRequest(WebRequest request, WebResponse response)

Handles a request.

void

setAccessExpSecs(int seconds)

Sets the amount of seconds after which generated access tokens expire.

void

setIdExpSecs(int seconds)

Sets the amount of seconds after which generated id tokens expire.

Methods inherited from class eu.webtoolkit.jwt.WResource
dataChanged, dataExceeded, dataReceived, generateUrl, getAlternativeBotUrl, getBotResource, getBotResourceId, getDispositionType, getInternalPath, getSuggestedFileName, getUrl, getVersion, incrementVersion, isAllowAutoRemoval, isInvalidAfterChanged, setAllowAutoRemoval, setAlternativeBotUrl, setBotResourceId, setChanged, setDispositionType, setInternalPath, setInvalidAfterChanged, setTakesUpdateLock, setUploadProgress, suggestFileName, suggestFileName, takesUpdateLock, useCustomBotResourceId, write, write, writeToMemory

Methods inherited from class eu.webtoolkit.jwt.WObject
getId, getObjectName, remove, resendFormData, setFormData, setObjectName, tr

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- OAuthTokenEndpoint
  
  public OAuthTokenEndpoint(AbstractUserDatabase db, String issuer)
  
  Constructor.
  The issuer argument is used for the "iss" attribute in the ID Token when the scope includes "openid".
Method Details
- handleRequest
  
  public void handleRequest(WebRequest request, WebResponse response)
  
  Description copied from class: WResource
  
  Handles a request.
  Reimplement this method so that a proper response is generated for the given request. From the request object you can access request parameters and whether the request is a continuation request. In the response object, you should set the mime type and stream the output data.
  
  Specified by:
  
  handleRequest in class WResource
  
  Parameters:
  
  request - The request information
  
  response - The response object
- setAccessExpSecs
  
  public void setAccessExpSecs(int seconds)
  
  Sets the amount of seconds after which generated access tokens expire.
  Defaults to 3600 seconds.
- setIdExpSecs
  
  public void setIdExpSecs(int seconds)
  
  Sets the amount of seconds after which generated id tokens expire.
  Defaults to 3600 seconds.

Class OAuthTokenEndpoint

Nested Class Summary

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WResource

Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject

Constructor Summary

Method Summary

Methods inherited from class eu.webtoolkit.jwt.WResource

Methods inherited from class eu.webtoolkit.jwt.WObject

Methods inherited from class java.lang.Object

Constructor Details

OAuthTokenEndpoint

Method Details

handleRequest

setAccessExpSecs

setIdExpSecs