Package com.sap.cloud.security.token
Interface AccessToken
-
- All Superinterfaces:
Serializable,Token
public interface AccessToken extends Token
Represents an access token in the format of a JSON Web Token (not a short opaque token). In difference to a ID token the access token has no/less information about the user but has information about the authorities (scopes).
-
-
Field Summary
-
Fields inherited from interface com.sap.cloud.security.token.Token
DEFAULT_TOKEN_FACTORY, services
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default StringgetAttributeFromClaimAsString(String claimName, String attributeName)Returns the String value of a claim attribute.Set<String>getScopes()Returns the list of the claim "scope".default StringgetSubaccountId()Returns subaccount identifier.booleanhasLocalScope(String scope)Check if a local scope is available in the authentication token.booleanhasScope(String scope)Checks if a scope is available in the access token.-
Methods inherited from interface com.sap.cloud.security.token.Token
getAttributeFromClaimAsStringList, getAudiences, getClaimAsJsonObject, getClaimAsString, getClaimAsStringList, getClaims, getClientId, getExpiration, getGrantType, getHeaderParameterAsString, getHeaders, getIssuer, getNotBefore, getPrincipal, getService, getTokenValue, getZoneId, hasClaim, hasHeaderParameter, isExpired
-
-
-
-
Method Detail
-
getScopes
Set<String> getScopes()
Returns the list of the claim "scope".- Returns:
- the list of the claim scope or empty list.
-
hasScope
boolean hasScope(String scope)
Checks if a scope is available in the access token.- Parameters:
scope- name of the scope- Returns:
- true if scope is available
-
hasLocalScope
boolean hasLocalScope(@Nonnull String scope)
Check if a local scope is available in the authentication token. The exact definition of a local scope depends on the specific token implementation.- Parameters:
scope- name of local scope- Returns:
- true if local scope is available
-
getSubaccountId
@Nullable default String getSubaccountId()
Returns subaccount identifier. This reflects claimext_attr.subaccountidin xsuaa access tokens. For example, commercialized multi-tenant applications with a need for metering and billing usegetSubaccountId()method as identifier for the account to be billed.
Multi-tenant applications need to adapt using the zone ID instead of the subaccount ID as key for data isolation between tenants. For that purpose, use theToken.getZoneId()method instead.- Returns:
- subaccount identifier or
null
-
getAttributeFromClaimAsString
@Nullable default String getAttributeFromClaimAsString(String claimName, String attributeName)
Returns the String value of a claim attribute.
"claimName": { "attributeName": "attributeValueAsString" },
Example:
import static com.sap.cloud.security.token.TokenClaims.XSUAA.*; token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_SUBACCOUNTID);- Specified by:
getAttributeFromClaimAsStringin interfaceToken- Returns:
- the String value of a claim attribute or null if claim or its attribute does not exist.
-
-