public interface TokenService
Implementations are solely concern with issuing a new Token
on demand. The
issued Token
may contain user-specified extended information. The token
also contains a cryptographically strong, byte array-based key. This permits the token
to be used to identify a user session, if desired. The key can subsequently be
re-presented to the TokenService
for verification and reconstruction of a
Token
equal to the original Token
.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
Modifier and Type | Method and Description |
---|---|
Token |
allocateToken(String extendedInformation)
Forces the allocation of a new
Token . |
Token |
verifyToken(String key)
Permits verification the
Token.getKey() was issued by this
TokenService and reconstructs the corresponding Token . |
Token allocateToken(String extendedInformation)
Token
.extendedInformation
- the extended information desired in the token (cannot be
null
, but can be empty)verifyToken(String)
at any future
time.Token verifyToken(String key)
Token.getKey()
was issued by this
TokenService
and reconstructs the corresponding Token
.key
- as obtained from Token.getKey()
and created by this
implementationnull
if the token was not issued by this
TokenService