1 package org.springframework.security.oauth2.provider;
2
3 import java.io.Serializable;
4 import java.util.Collection;
5 import java.util.Map;
6 import java.util.Set;
7
8 import org.springframework.security.core.GrantedAuthority;
9
10 /**
11 * Client details for OAuth 2
12 *
13 * @author Ryan Heaton
14 */
15 public interface ClientDetails extends Serializable {
16
17 /**
18 * The client id.
19 *
20 * @return The client id.
21 */
22 String getClientId();
23
24 /**
25 * The resources that this client can access. Can be ignored by callers if empty.
26 *
27 * @return The resources of this client.
28 */
29 Set<String> getResourceIds();
30
31 /**
32 * Whether a secret is required to authenticate this client.
33 *
34 * @return Whether a secret is required to authenticate this client.
35 */
36 boolean isSecretRequired();
37
38 /**
39 * The client secret. Ignored if the {@link #isSecretRequired() secret isn't required}.
40 *
41 * @return The client secret.
42 */
43 String getClientSecret();
44
45 /**
46 * Whether this client is limited to a specific scope. If false, the scope of the authentication request will be
47 * ignored.
48 *
49 * @return Whether this client is limited to a specific scope.
50 */
51 boolean isScoped();
52
53 /**
54 * The scope of this client. Empty if the client isn't scoped.
55 *
56 * @return The scope of this client.
57 */
58 Set<String> getScope();
59
60 /**
61 * The grant types for which this client is authorized.
62 *
63 * @return The grant types for which this client is authorized.
64 */
65 Set<String> getAuthorizedGrantTypes();
66
67 /**
68 * The pre-defined redirect URI for this client to use during the "authorization_code" access grant. See OAuth spec,
69 * section 4.1.1.
70 *
71 * @return The pre-defined redirect URI for this client.
72 */
73 Set<String> getRegisteredRedirectUri();
74
75 /**
76 * Returns the authorities that are granted to the OAuth client. Cannot return <code>null</code>.
77 * Note that these are NOT the authorities that are granted to the user with an authorized access token.
78 * Instead, these authorities are inherent to the client itself.
79 *
80 * @return the authorities (never <code>null</code>)
81 */
82 Collection<GrantedAuthority> getAuthorities();
83
84 /**
85 * The access token validity period for this client. Null if not set explicitly (implementations might use that fact
86 * to provide a default value for instance).
87 *
88 * @return the access token validity period
89 */
90 Integer getAccessTokenValiditySeconds();
91
92 /**
93 * The refresh token validity period for this client. Null for default value set by token service, and
94 * zero or negative for non-expiring tokens.
95 *
96 * @return the refresh token validity period
97 */
98 Integer getRefreshTokenValiditySeconds();
99
100 /**
101 * Test whether client needs user approval for a particular scope.
102 *
103 * @param scope the scope to consider
104 * @return true if this client does not need user approval
105 */
106 boolean isAutoApprove(String scope);
107
108 /**
109 * Additional information for this client, not needed by the vanilla OAuth protocol but might be useful, for example,
110 * for storing descriptive information.
111 *
112 * @return a map of additional information
113 */
114 Map<String, Object> getAdditionalInformation();
115
116 }