Package com.sap.cloud.security.token

Class XsuaaToken

java.lang.Object

com.sap.cloud.security.token.AbstractToken

com.sap.cloud.security.token.XsuaaToken

All Implemented Interfaces:

AccessToken, Token, Serializable

public class XsuaaToken
extends AbstractToken
implements AccessToken

Decodes and parses encoded access token (JWT) for the Xsuaa identity service and provides access to token header parameters and claims.

See Also:

• Serialized Form

Field Summary

Fields inherited from class com.sap.cloud.security.token.AbstractToken

tokenBody, tokenHeader

Fields inherited from interface com.sap.cloud.security.token.Token

DEFAULT_TOKEN_FACTORY, services

Constructor Summary

Constructors

Constructor	Description
XsuaaToken(DecodedJwt decodedJwt)	Creates an instance.
XsuaaToken(String accessToken)	Creates an instance.

Method Summary

Modifier and Type	Method	Description
String	getAppTid()
String	getClientId()
GrantType	getGrantType()
Principal	getPrincipal()
Set<String>	getScopes()
Service	getService()
String	getSubaccountId()
String	getSubdomain()	Returns the value of the subdomain (zdn) from the external attribute ext_attr (ext_attr) claim.
String	getZoneId()
boolean	hasLocalScope(String scope)	Check if a local scope is available in the authentication token.
boolean	hasScope(String scope)
XsuaaToken	withScopeConverter(ScopeConverter converter)	Configures a scope converter, e.g.

Methods inherited from class com.sap.cloud.security.token.AbstractToken

createPrincipalByName, equals, getClaimAsJsonObject, getClaimAsString, getClaimAsStringList, getClaims, getExpiration, getHeaderParameterAsString, getHeaders, getNotBefore, getTokenValue, hasClaim, hashCode, hasHeaderParameter, isExpired, isXsuaaToken, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.sap.cloud.security.token.AccessToken

getAttributeFromClaimAsString

Methods inherited from interface com.sap.cloud.security.token.Token

getAttributeFromClaimAsStringList, getAudiences, getClaimAsJsonObject, getClaimAsString, getClaimAsStringList, getClaims, getExpiration, getHeaderParameterAsString, getHeaders, getIssuer, getNotBefore, getTokenValue, hasClaim, hasHeaderParameter, isExpired

Constructor Details

XsuaaToken

public XsuaaToken(@Nonnull
 DecodedJwt decodedJwt)

Creates an instance.

Parameters:

decodedJwt - the decoded jwt

XsuaaToken

public XsuaaToken(@Nonnull
 String accessToken)

Creates an instance.

Parameters:

accessToken - the encoded access token, e.g. from the Authorization header.

Method Details

withScopeConverter

public XsuaaToken withScopeConverter(@Nullable
 ScopeConverter converter)

Configures a scope converter, e.g. required for the hasLocalScope(String)

Parameters:

converter - the scope converter, e.g. XsuaaScopeConverter

Returns:

the token itself

getScopes

public Set<String> getScopes()

Specified by:

getScopes in interface AccessToken

getPrincipal

public Principal getPrincipal()

Specified by:

getPrincipal in interface Token

getService

public Service getService()

Specified by:

getService in interface Token

hasScope

public boolean hasScope(String scope)

Specified by:

hasScope in interface AccessToken

hasLocalScope

public boolean hasLocalScope(@Nonnull
 String scope)

Check if a local scope is available in the authentication token.
Requires a ScopeConverter to be configured with withScopeConverter(ScopeConverter).

Specified by:

hasLocalScope in interface AccessToken

Parameters:

scope - name of local scope (without the appId)

Returns:

true if local scope is available

getGrantType

public GrantType getGrantType()

Specified by:

getGrantType in interface Token

getSubdomain

@Nullable
public String getSubdomain()

Returns the value of the subdomain (zdn) from the external attribute ext_attr (ext_attr) claim. If the external attribute or the subdomain is missing, it returns null.

Returns:

the subdomain or null

getSubaccountId

public String getSubaccountId()

Specified by:

getSubaccountId in interface AccessToken

getZoneId

public String getZoneId()

Specified by:

getZoneId in interface Token

getAppTid

public String getAppTid()

Specified by:

getAppTid in interface Token

getClientId

public String getClientId()

Specified by:

getClientId in interface Token