001/*- 002 * #%L 003 * Smile CDR - CDR 004 * %% 005 * Copyright (C) 2016 - 2025 Smile CDR, Inc. 006 * %% 007 * All rights reserved. 008 * #L% 009 */ 010package org.springframework.security.oauth2.provider; 011 012import org.springframework.security.core.GrantedAuthority; 013 014import java.io.Serializable; 015import java.util.Collection; 016import java.util.Map; 017import java.util.Set; 018 019/** 020 * Client details for OAuth 2 021 * 022 * <p> 023 * 024 * @author Ryan Heaton 025 */ 026public interface ClientDetails extends Serializable { 027 028 /** 029 * The client id. 030 * 031 * @return The client id. 032 */ 033 String getClientId(); 034 035 /** 036 * The resources that this client can access. Can be ignored by callers if empty. 037 * 038 * @return The resources of this client. 039 */ 040 Set<String> getResourceIds(); 041 042 /** 043 * Whether a secret is required to authenticate this client. 044 * 045 * @return Whether a secret is required to authenticate this client. 046 */ 047 boolean isSecretRequired(); 048 049 /** 050 * The client secret. Ignored if the {@link #isSecretRequired() secret isn't required}. 051 * 052 * @return The client secret. 053 */ 054 String getClientSecret(); 055 056 /** 057 * Whether this client is limited to a specific scope. If false, the scope of the authentication request will be 058 * ignored. 059 * 060 * @return Whether this client is limited to a specific scope. 061 */ 062 boolean isScoped(); 063 064 /** 065 * The scope of this client. Empty if the client isn't scoped. 066 * 067 * @return The scope of this client. 068 */ 069 Set<String> getScope(); 070 071 /** 072 * The grant types for which this client is authorized. 073 * 074 * @return The grant types for which this client is authorized. 075 */ 076 Set<String> getAuthorizedGrantTypes(); 077 078 /** 079 * The pre-defined redirect URI for this client to use during the "authorization_code" access grant. See OAuth spec, 080 * section 4.1.1. 081 * 082 * @return The pre-defined redirect URI for this client. 083 */ 084 Set<String> getRegisteredRedirectUri(); 085 086 /** 087 * Returns the authorities that are granted to the OAuth client. Cannot return <code>null</code>. 088 * Note that these are NOT the authorities that are granted to the user with an authorized access token. 089 * Instead, these authorities are inherent to the client itself. 090 * 091 * @return the authorities (never <code>null</code>) 092 */ 093 Collection<GrantedAuthority> getAuthorities(); 094 095 /** 096 * The access token validity period for this client. Null if not set explicitly (implementations might use that fact 097 * to provide a default value for instance). 098 * 099 * @return the access token validity period 100 */ 101 Integer getAccessTokenValiditySeconds(); 102 103 /** 104 * The refresh token validity period for this client. Null for default value set by token service, and 105 * zero or negative for non-expiring tokens. 106 * 107 * @return the refresh token validity period 108 */ 109 Integer getRefreshTokenValiditySeconds(); 110 111 /** 112 * Test whether client needs user approval for a particular scope. 113 * 114 * @param scope the scope to consider 115 * @return true if this client does not need user approval 116 */ 117 boolean isAutoApprove(String scope); 118 119 /** 120 * Additional information for this client, not needed by the vanilla OAuth protocol but might be useful, for example, 121 * for storing descriptive information. 122 * 123 * @return a map of additional information 124 */ 125 Map<String, Object> getAdditionalInformation(); 126}