Package org.forgerock.oauth2.core

Interface ScopeValidator

    • Method Detail

      • validateAuthorizationScope

        @Deprecated
Set<String> validateAuthorizationScope​(org.forgerock.oauth2.core.ClientRegistration clientRegistration,
                                       Set<String> scope,
                                       OAuth2Request request)
                                throws org.forgerock.oauth2.core.exceptions.InvalidScopeException,
                                       org.forgerock.oauth2.core.exceptions.ServerException
        Deprecated.
        since 7.2.0 Use #validateAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
        Provided as an extension point to allow the OAuth2 provider to customise the scope requested when authorization is requested.
        Specified by:
        validateAuthorizationScope in interface ScopeValidator
        Parameters:
        clientRegistration - The client registration.
        scope - The requested scope.
        request - The OAuth2 request.
        Returns:
        The updated scope used in the remaining OAuth2 process.
        Throws:
        org.forgerock.oauth2.core.exceptions.InvalidScopeException - If the requested scope is invalid, unknown, or malformed.
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.

      • validateAccessTokenScope

        @Deprecated
Set<String> validateAccessTokenScope​(org.forgerock.oauth2.core.ClientRegistration clientRegistration,
                                     Set<String> scope,
                                     OAuth2Request request)
                              throws org.forgerock.oauth2.core.exceptions.InvalidScopeException,
                                     org.forgerock.oauth2.core.exceptions.ServerException
        Deprecated.
        since 7.2.0 Use #validateAccessTokenScope(ClientRegistration, Set, OAuth2Request) instead.
        Provided as an extension point to allow the OAuth2 provider to customise the scope requested when an access token is requested.
        Specified by:
        validateAccessTokenScope in interface ScopeValidator
        Parameters:
        clientRegistration - The client registration.
        scope - The requested scope.
        request - The OAuth2 request.
        Returns:
        The updated scope used in the remaining OAuth2 process.
        Throws:
        org.forgerock.oauth2.core.exceptions.InvalidScopeException - If the requested scope is invalid, unknown, or malformed.
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.

      • validateRefreshTokenScope

        @Deprecated
Set<String> validateRefreshTokenScope​(org.forgerock.oauth2.core.ClientRegistration clientRegistration,
                                      Set<String> requestedScope,
                                      Set<String> tokenScope,
                                      OAuth2Request request)
                               throws org.forgerock.oauth2.core.exceptions.ServerException,
                                      org.forgerock.oauth2.core.exceptions.InvalidScopeException
        Deprecated.
        since 7.2.0 Use #validateRefreshTokenScope(ClientRegistration, Set, Set, OAuth2Request) instead.
        Provided as an extension point to allow the OAuth2 provider to customise the scope requested when a refresh token is requested.
        Specified by:
        validateRefreshTokenScope in interface ScopeValidator
        Parameters:
        clientRegistration - The client registration.
        requestedScope - The requested scope.
        tokenScope - The scope from the access token.
        request - The OAuth2 request.
        Returns:
        The updated scope used in the remaining OAuth2 process.
        Throws:
        org.forgerock.oauth2.core.exceptions.InvalidScopeException - If the requested scope is invalid, unknown, or malformed.
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.

      • validateBackChannelAuthorizationScope

        @Deprecated
Set<String> validateBackChannelAuthorizationScope​(org.forgerock.oauth2.core.ClientRegistration clientRegistration,
                                                  Set<String> requestedScopes,
                                                  OAuth2Request request)
                                           throws org.forgerock.oauth2.core.exceptions.InvalidScopeException,
                                                  org.forgerock.oauth2.core.exceptions.ServerException
        Deprecated.
        since 7.2.0 Use #validateBackChannelAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
        Provided as an extension point to allow the OAuth2 provider to customize the scope requested when performing a client initiated back channel authentication.
        Specified by:
        validateBackChannelAuthorizationScope in interface ScopeValidator
        Parameters:
        clientRegistration - The client registration.
        requestedScopes - The requested scope.
        request - The OAuth2 request.
        Returns:
        The updated scope used in the remaining OAuth2 process.
        Throws:
        org.forgerock.oauth2.core.exceptions.InvalidScopeException - If the requested scope is invalid, unknown or malformed.
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.

      • getUserInfo

        @Deprecated
UserInfoClaims getUserInfo​(org.forgerock.oauth2.core.ClientRegistration clientRegistration,
                           AccessToken token,
                           OAuth2Request request)
                    throws org.forgerock.oauth2.core.exceptions.UnauthorizedClientException,
                           org.forgerock.oauth2.core.exceptions.NotFoundException,
                           org.forgerock.oauth2.core.exceptions.ServerException,
                           InvalidRequestException
        Deprecated.
        since 7.2.0 Use UserInfoClaimsPlugin.getUserInfo(ClientRegistration, AccessToken, OAuth2Request) instead.
        Gets the resource owners information based on an issued access token.
        Specified by:
        getUserInfo in interface UserInfoClaimsPlugin
        Parameters:
        clientRegistration - The client registration.
        token - The access token.
        request - The OAuth2 request.
        Returns:
        A Map<String, Object> of the resource owner's information.
        Throws:
        org.forgerock.oauth2.core.exceptions.UnauthorizedClientException - If the client's authorization fails.
        org.forgerock.oauth2.core.exceptions.NotFoundException - If the realm does not have an OAuth 2.0 provider service.
        org.forgerock.oauth2.core.exceptions.ServerException - If the client's authorization fails due to a server error.
        InvalidRequestException - If the client's authorization fails.

      • additionalDataToReturnFromAuthorizeEndpoint

        @Deprecated
Map<String,​String> additionalDataToReturnFromAuthorizeEndpoint​(Map<String,​Token> tokens,
                                                                     OAuth2Request request)
        Deprecated.
        since 7.2.0 Use AuthorizeEndpointDataProvider.provide(Map, OAuth2Request) instead.
        Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization request.
        Parameters:
        tokens - The tokens that will be returned from the authorization call.
        request - The OAuth2 request.
        Returns:
        A Map<String, String> of the additional data to return.

      • additionalDataToReturnFromTokenEndpoint

        @Deprecated
void additionalDataToReturnFromTokenEndpoint​(AccessToken accessToken,
                                             OAuth2Request request)
                                      throws org.forgerock.oauth2.core.exceptions.ServerException,
                                             org.forgerock.oauth2.core.exceptions.InvalidClientException,
                                             org.forgerock.oauth2.core.exceptions.NotFoundException
        Deprecated.
        since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead. Functionality provided by Access Token Modification plugin supersedes the functionality this extension point was originally intended to provide.
        Provided as an extension point to allow the OAuth2 provider to return additional data from an access token request.
        Any additional data to be returned should be added to the access token by invoking, AccessToken#addExtraData(String, String).
        Parameters:
        accessToken - The access token.
        request - The OAuth2 request.
        Throws:
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.
        org.forgerock.oauth2.core.exceptions.InvalidClientException - If either the request does not contain the client's id or the client fails to be authenticated.
        org.forgerock.oauth2.core.exceptions.NotFoundException - If the realm does not have an OAuth 2.0 provider service.

      • modifyAccessToken

        @Deprecated
default void modifyAccessToken​(AccessToken accessToken,
                               OAuth2Request request)
                        throws org.forgerock.oauth2.core.exceptions.NotFoundException,
                               org.forgerock.oauth2.core.exceptions.ServerException,
                               org.forgerock.oauth2.core.exceptions.UnauthorizedClientException
        Deprecated.
        since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead.
        Allows modification of the OAuth2 access token before the token is persisted/returned to the client.
        Specified by:
        modifyAccessToken in interface AccessTokenModifier
        Parameters:
        accessToken - The access token.
        request - The OAuth2 request.
        Throws:
        org.forgerock.oauth2.core.exceptions.NotFoundException - If the realm does not have an OAuth 2.0 provider service.
        org.forgerock.oauth2.core.exceptions.ServerException - If any internal server error occurs.
        org.forgerock.oauth2.core.exceptions.UnauthorizedClientException - If the client identity cannot be obtained.

      • enrich

        default void enrich​(AccessToken accessToken,
                    OAuth2Request request)
             throws org.forgerock.oauth2.core.exceptions.ServerException,
                    org.forgerock.oauth2.core.exceptions.InvalidClientException,
                    org.forgerock.oauth2.core.exceptions.NotFoundException
        Deprecated.
        Throws:
        org.forgerock.oauth2.core.exceptions.ServerException
        org.forgerock.oauth2.core.exceptions.InvalidClientException
        org.forgerock.oauth2.core.exceptions.NotFoundException

      • provide

        default Map<String,​String> provide​(Map<String,​Token> tokens,
                                         OAuth2Request request)
        Deprecated.
        Description copied from interface: AuthorizeEndpointDataProvider
        Provided as an extension point to allow the OAuth2 provider to return additional data from an authorization request.
        Specified by:
        provide in interface AuthorizeEndpointDataProvider
        Parameters:
        tokens - The tokens that will be returned from the authorization call.
        request - The OAuth2 request.
        Returns:
        A Map<String, String> of the additional data to return.