1 package org.springframework.security.oauth2.provider; 2 3 import java.io.Serializable; 4 import java.util.Collection; 5 import java.util.Map; 6 import java.util.Set; 7 8 import org.springframework.security.core.GrantedAuthority; 9 10 /** 11 * Client details for OAuth 2 12 * 13 * @author Ryan Heaton 14 */ 15 public interface ClientDetails extends Serializable { 16 17 /** 18 * The client id. 19 * 20 * @return The client id. 21 */ 22 String getClientId(); 23 24 /** 25 * The resources that this client can access. Can be ignored by callers if empty. 26 * 27 * @return The resources of this client. 28 */ 29 Set<String> getResourceIds(); 30 31 /** 32 * Whether a secret is required to authenticate this client. 33 * 34 * @return Whether a secret is required to authenticate this client. 35 */ 36 boolean isSecretRequired(); 37 38 /** 39 * The client secret. Ignored if the {@link #isSecretRequired() secret isn't required}. 40 * 41 * @return The client secret. 42 */ 43 String getClientSecret(); 44 45 /** 46 * Whether this client is limited to a specific scope. If false, the scope of the authentication request will be 47 * ignored. 48 * 49 * @return Whether this client is limited to a specific scope. 50 */ 51 boolean isScoped(); 52 53 /** 54 * The scope of this client. Empty if the client isn't scoped. 55 * 56 * @return The scope of this client. 57 */ 58 Set<String> getScope(); 59 60 /** 61 * The grant types for which this client is authorized. 62 * 63 * @return The grant types for which this client is authorized. 64 */ 65 Set<String> getAuthorizedGrantTypes(); 66 67 /** 68 * The pre-defined redirect URI for this client to use during the "authorization_code" access grant. See OAuth spec, 69 * section 4.1.1. 70 * 71 * @return The pre-defined redirect URI for this client. 72 */ 73 Set<String> getRegisteredRedirectUri(); 74 75 /** 76 * Returns the authorities that are granted to the OAuth client. Cannot return <code>null</code>. 77 * Note that these are NOT the authorities that are granted to the user with an authorized access token. 78 * Instead, these authorities are inherent to the client itself. 79 * 80 * @return the authorities (never <code>null</code>) 81 */ 82 Collection<GrantedAuthority> getAuthorities(); 83 84 /** 85 * The access token validity period for this client. Null if not set explicitly (implementations might use that fact 86 * to provide a default value for instance). 87 * 88 * @return the access token validity period 89 */ 90 Integer getAccessTokenValiditySeconds(); 91 92 /** 93 * The refresh token validity period for this client. Null for default value set by token service, and 94 * zero or negative for non-expiring tokens. 95 * 96 * @return the refresh token validity period 97 */ 98 Integer getRefreshTokenValiditySeconds(); 99 100 /** 101 * Test whether client needs user approval for a particular scope. 102 * 103 * @param scope the scope to consider 104 * @return true if this client does not need user approval 105 */ 106 boolean isAutoApprove(String scope); 107 108 /** 109 * Additional information for this client, not needed by the vanilla OAuth protocol but might be useful, for example, 110 * for storing descriptive information. 111 * 112 * @return a map of additional information 113 */ 114 Map<String, Object> getAdditionalInformation(); 115 116 }