1 /* 2 * Copyright 2008 Web Cohesion 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.springframework.security.oauth.provider.token; 18 19 import org.springframework.security.core.Authentication; 20 import org.springframework.security.core.AuthenticationException; 21 22 /** 23 * @author Ryan Heaton 24 */ 25 public interface OAuthProviderTokenServices { 26 27 /** 28 * Read a token by its value. 29 * 30 * @param token The token value. 31 * @return The token. 32 * @throws AuthenticationException If the token is invalid, expired, or disabled. 33 */ 34 OAuthProviderToken getToken(String token) throws AuthenticationException; 35 36 /** 37 * Create an unauthorized OAuth request token. 38 * 39 * @param consumerKey The consumer key for which to create the token. 40 * @param callbackUrl The callback URL associated with the consumer key. 41 * @return The token. 42 * @throws AuthenticationException If the consumer isn't valid or otherwise isn't allowed to create a new request token. 43 */ 44 OAuthProviderToken createUnauthorizedRequestToken(String consumerKey, String callbackUrl) throws AuthenticationException; 45 46 /** 47 * Authorize the specified request token with the specified authentication credentials. After the 48 * request token is authorized, the consumer to which that request token was issued will be able 49 * to use it to obtain an access token. 50 * 51 * @param requestToken The request token. 52 * @param verifier The verifier to be assigned to the request token. 53 * @param authentication The authentication credentials with which to authorize the request token. This is the 54 * authentication of the <i>user</i> who has signed in and is authorizing the consumer to have access to a 55 * protected resource. This same authentication can be pulled from the security context, but it's passed explicitly 56 * here to suggest to the method implementation that it needs to take into account what authorities are being 57 * granted to the consumer by the user. 58 * @throws AuthenticationException If the token is expired or otherwise unauthorizable, or if the 59 * authentication credentials are insufficient. 60 */ 61 void authorizeRequestToken(String requestToken, String verifier, Authentication authentication) throws AuthenticationException; 62 63 /** 64 * Create an OAuth access token given the specified request token. This token will be used to provide 65 * access to a protected resource. After the access token is created, the request token should be invalidated. 66 * 67 * @param requestToken The (presumably authorized) request token used to create the access token. 68 * @return The access token. 69 * @throws AuthenticationException If the request token is expired or disabled or doesn't reference the necessary authentication 70 * credentials or otherwise isn't authorized. 71 */ 72 OAuthAccessProviderToken createAccessToken(String requestToken) throws AuthenticationException; 73 74 }