Package org.forgerock.secrets.oauth2
Class AccessTokenSecretStore
- java.lang.Object
-
- org.forgerock.secrets.oauth2.AccessTokenSecretStore
-
- All Implemented Interfaces:
SecretStore<GenericSecret>
public final class AccessTokenSecretStore extends Object implements SecretStore<GenericSecret>
A secret store that can obtain access tokens from an OAuth 2 provider. This store will fetch a fresh access token every time one is requested, so it is recommended to use aSecretReferenceto cache the returned access token:secretsProvider.setActiveStore(accessTokenStore, purpose); SecretReference<GenericSecret> accessTokenRef = secretsProvider.createActiveReference(purpose);
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classAccessTokenSecretStore.BuilderBuilder object for the access token secret store.
-
Field Summary
-
Fields inherited from interface org.forgerock.secrets.SecretStore
CLOCK, LEASE_EXPIRY_DURATION
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static AccessTokenSecretStore.Builderbuilder()Creates a builder for the access token secret store.<S extends GenericSecret>
Promise<S,NoSuchSecretException>getActive(Purpose<S> purpose)Returns the active secret for the given purpose.<S extends GenericSecret>
Promise<S,NoSuchSecretException>getNamed(Purpose<S> purpose, String name)Returns the named secret from this store.Class<GenericSecret>getStoredType()The top-level class that this store is capable of storing.<S extends GenericSecret>
Promise<Stream<S>,NeverThrowsException>getValid(Purpose<S> purpose)Returns all valid secrets for the given purpose from this store.voidrefresh()Indicates that the store should refresh its secrets from the backing storage mechanism.StringtoString()-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface org.forgerock.secrets.SecretStore
retire, revoke, rotate
-
-
-
-
Method Detail
-
builder
public static AccessTokenSecretStore.Builder builder()
Creates a builder for the access token secret store.- Returns:
- the builder object.
-
getStoredType
public Class<GenericSecret> getStoredType()
Description copied from interface:SecretStoreThe top-level class that this store is capable of storing. This is a reification of the type parameter and can be used to lookup stores for a given type.- Specified by:
getStoredTypein interfaceSecretStore<GenericSecret>- Returns:
- the top-most type that this store is capable of storing, typically either
CryptoKeyfor key-stores,GenericSecretfor password stores, orSecretif the store is capable of storing any type of secret.
-
getActive
public <S extends GenericSecret> Promise<S,NoSuchSecretException> getActive(Purpose<S> purpose)
Description copied from interface:SecretStoreReturns the active secret for the given purpose.- Specified by:
getActivein interfaceSecretStore<GenericSecret>- Type Parameters:
S- the type of secret.- Parameters:
purpose- the purpose for which a secret is required.- Returns:
- the active secret from this store.
-
getNamed
public <S extends GenericSecret> Promise<S,NoSuchSecretException> getNamed(Purpose<S> purpose, String name)
Description copied from interface:SecretStoreReturns the named secret from this store. The default implementation callsSecretStore.getValid(Purpose)and then returns the first valid key with a matching stable ID.- Specified by:
getNamedin interfaceSecretStore<GenericSecret>- Type Parameters:
S- the type of secret.- Parameters:
purpose- the secret purpose.name- the name (stable id) of the secret.- Returns:
- a promise for the named secret, or a
NoSuchSecretExceptionpromise if no such secret exists.
-
getValid
public <S extends GenericSecret> Promise<Stream<S>,NeverThrowsException> getValid(Purpose<S> purpose)
Description copied from interface:SecretStoreReturns all valid secrets for the given purpose from this store.- Specified by:
getValidin interfaceSecretStore<GenericSecret>- Type Parameters:
S- the type of secret.- Parameters:
purpose- the purpose.- Returns:
- a stream of all valid secrets of the given type from this store, or an empty stream if none exist.
-
refresh
public void refresh()
Description copied from interface:SecretStoreIndicates that the store should refresh its secrets from the backing storage mechanism. This can be used to cause reload of a store after a secret rotation if the backend does not automatically detect such changes. Refresh may be an asynchronous operation and no guarantees are made about when clients of this secret store may see updated secrets after a call to refresh.- Specified by:
refreshin interfaceSecretStore<GenericSecret>
-
-