First steps for JWT refresh

2025-11-14 09:25:43 +01:00 · 2018-11-29 08:01:25 +01:00
parent 0664303854
commit c85c0229c1
8 changed files with 241 additions and 48 deletions
--- a/scm-core/src/main/java/sonia/scm/security/AccessToken.java
+++ b/scm-core/src/main/java/sonia/scm/security/AccessToken.java
@@ -31,6 +31,7 @@
 package sonia.scm.security;

 import java.util.Date;
+import java.util.Map;
 import java.util.Optional;

 /**
@@ -38,70 +39,77 @@ import java.util.Optional;
 * be issued from a restful webservice endpoint by providing credentials. After the token was issued, the token must be
 * send along with every request. The token should be send in its compact representation as bearer authorization header
 * or as cookie.
- * 
+ *
 * @author Sebastian Sdorra
 * @since 2.0.0
 */
 public interface AccessToken {
-  
+
  /**
   * Returns unique id of the access token.
-   * 
+   *
   * @return unique id
   */
  String getId();
-  
+
  /**
   * Returns name of subject which identifies the principal.
-   * 
+   *
   * @return name of subject
   */
  String getSubject();
-  
+
  /**
   * Returns optional issuer. The issuer identifies the principal that issued the token.
-   * 
+   *
   * @return optional issuer
   */
  Optional<String> getIssuer();
-  
+
  /**
   * Returns time at which the token was issued.
-   * 
+   *
   * @return time at which the token was issued
   */
  Date getIssuedAt();
-  
+
  /**
   * Returns the expiration time of token.
-   * 
+   *
   * @return expiration time
   */
  Date getExpiration();
-  
+
+  Date getRefreshExpiration();
+
  /**
-   * Returns the scope of the token. The scope is able to reduce the permissions of the subject in the context of this 
+   * Returns the scope of the token. The scope is able to reduce the permissions of the subject in the context of this
   * token. For example we could issue a token which can only be used to read a single repository. for more informations
   * please have a look at {@link Scope}.
-   * 
+   *
   * @return scope of token.
   */
  Scope getScope();
-  
+
  /**
   * Returns an optional value of a custom token field.
-   * 
+   *
   * @param <T> type of field
   * @param key key of token field
-   * 
+   *
   * @return optional value of custom field
   */
  <T> Optional<T> getCustom(String key);
-  
+
  /**
   * Returns compact representation of token.
-   * 
+   *
   * @return compact representation
   */
  String compact();
+
+  /**
+   * Returns read only map of all claim keys with their values.
+   */
+  Map<String, Object> getClaims();
 }
--- a/scm-core/src/main/java/sonia/scm/security/AccessTokenBuilder.java
+++ b/scm-core/src/main/java/sonia/scm/security/AccessTokenBuilder.java
@@ -74,11 +74,21 @@ public interface AccessTokenBuilder {
   * Sets the expiration for the token.
   * 
   * @param count expiration count
-   * @param unit expirtation unit
+   * @param unit expiration unit
   * 
   * @return {@code this}
   */
  AccessTokenBuilder expiresIn(long count, TimeUnit unit);
+
+  /**
+   * Sets the time how long this token may be refreshed. Set this to 0 (zero) to disable automatic refresh.
+   *
+   * @param count Time unit count. If set to 0, automatic refresh is disabled.
+   * @param unit time unit
+   *
+   * @return {@code this}
+   */
+  AccessTokenBuilder refreshableFor(long count, TimeUnit unit);
  
  /**
   * Reduces the permissions of the token by providing a scope.