1 /* 2 * Copyright 2008 Web Cohesion 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.springframework.security.oauth2.provider.token; 18 19 import org.springframework.security.core.AuthenticationException; 20 import org.springframework.security.oauth2.common.OAuth2AccessToken; 21 import org.springframework.security.oauth2.provider.OAuth2Authentication; 22 import org.springframework.security.oauth2.provider.TokenRequest; 23 24 /** 25 * @author Ryan Heaton 26 * @author Dave Syer 27 */ 28 public interface AuthorizationServerTokenServices { 29 30 /** 31 * Create an access token associated with the specified credentials. 32 * @param authentication The credentials associated with the access token. 33 * @return The access token. 34 * @throws AuthenticationException If the credentials are inadequate. 35 */ 36 OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) throws AuthenticationException; 37 38 /** 39 * Refresh an access token. The authorization request should be used for 2 things (at least): to validate that the 40 * client id of the original access token is the same as the one requesting the refresh, and to narrow the scopes 41 * (if provided). 42 * 43 * @param refreshToken The details about the refresh token. 44 * @param tokenRequest The incoming token request. 45 * @return The (new) access token. 46 * @throws AuthenticationException If the refresh token is invalid or expired. 47 */ 48 OAuth2AccessToken refreshAccessToken(String refreshToken, TokenRequest tokenRequest) 49 throws AuthenticationException; 50 51 /** 52 * Retrieve an access token stored against the provided authentication key, if it exists. 53 * 54 * @param authentication the authentication key for the access token 55 * 56 * @return the access token or null if there was none 57 */ 58 OAuth2AccessToken getAccessToken(OAuth2Authentication authentication); 59 60 }