Package org.projectnessie.client.auth.oauth2

Interface TokenExchangeConfig

@Immutable
public interface TokenExchangeConfig

Configuration for OAuth2 token exchange.

STILL IN BETA. API MAY CHANGE.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	TokenExchangeConfig.Builder

Method Summary

Modifier and Type	Method	Description
static TokenExchangeConfig.Builder	builder()
static TokenExchangeConfig	fromConfigSupplier(Function<String,String> config)
default BiFunction<AccessToken,RefreshToken,TypedToken>	getActorTokenProvider()	The actor token provider.
Optional<String>	getAudience()	The logical name of the target service where the client intends to use the requested security token.
default URI	getRequestedTokenType()	The type of the requested security token.
Optional<URI>	getResource()	A URI that indicates the target service or resource where the client intends to use the requested security token.
default BiFunction<AccessToken,RefreshToken,TypedToken>	getSubjectTokenProvider()	The subject token provider.

Method Details

fromConfigSupplier

static TokenExchangeConfig fromConfigSupplier(Function<String,String> config)

getRequestedTokenType

@Default
default URI getRequestedTokenType()

The type of the requested security token. By default, TypedToken.URN_ACCESS_TOKEN.

Currently, it is not possible to request any other token type, so this property is not configurable through system properties.

getResource

Optional<URI> getResource()

A URI that indicates the target service or resource where the client intends to use the requested security token.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_RESOURCE

getAudience

Optional<String> getAudience()

The logical name of the target service where the client intends to use the requested security token. This serves a purpose similar to the resource parameter but with the client providing a logical name for the target service.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_AUDIENCE

getSubjectTokenProvider

@Default
@Auxiliary
default BiFunction<AccessToken,RefreshToken,TypedToken> getSubjectTokenProvider()

The subject token provider. The provider will be invoked with the current access token (never null) and the current refresh token, or null if none available; and should return a TypedToken representing the subject token. It must NOT return null.

By default, the provider will return the access token itself. This should be suitable for most cases.

This property cannot be set through configuration, but only programmatically. The configuration exposes two options: the subject token and its type. These options allow to pass a static subject token only.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_SUBJECT_TOKEN
• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE

getActorTokenProvider

@Default
@Auxiliary
default BiFunction<AccessToken,RefreshToken,TypedToken> getActorTokenProvider()

The actor token provider. The provider will be invoked with the current access token (never null) and the current refresh token, or null if none available; and should return a TypedToken representing the actor token. If the provider returns null, then no actor token will be used.

Actor tokens are useful in delegation scenarios. By default, no actor token is used.

This property cannot be set through configuration, but only programmatically. The configuration exposes two options: the actor token and its type. These options allow to pass a static actor token only.

See Also:

• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_ACTOR_TOKEN
• NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_ACTOR_TOKEN_TYPE

builder

static TokenExchangeConfig.Builder builder()