001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyrighted [year] [name of copyright owner]".
013 *
014 * Copyright 2015-2016 ForgeRock AS.
015 */
016
017package org.forgerock.openam.sts.rest.token.provider;
018
019import org.forgerock.json.JsonValue;
020import org.forgerock.openam.sts.TokenTypeId;
021
022/**
023 * Parameter state passed to JsonTokenProvider instances. Generic type corresponds to the token state necessary to
024 * produce the token produced by the RestTokenProvider. The token creation state necessary to create a SAML2 assertion includes
025 * the SubjectConfirmation and the ProofTokenState (for HolderOfKey assertions). The token creation state necessary to
026 * create a OIDC token includes a nonce and the authentication time. This state is too heterogeneous to subsume in anything
027 * other than a marker interface. Note also that this type is reflected in the RestTokenProvider interface, and it
028 * should be as generic as possible, as to support user-defined RestTokenProvider implementations.
029 *
030 * @supported.all.api
031 */
032public interface RestTokenProviderParameters<T> {
033    /**
034     * Gets the token state necessary to produce the token - e.g. the SubjectConfirmation
035     * or proof token state for a SAML2 assertion.
036     *
037     * @return the token creation state.
038     */
039    T getTokenCreationState();
040
041    /**
042     * Gets the type of the input token. Necessary to generate the authentication context class ref for
043     * a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated
044     * in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper
045     * implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes
046     * the TokenTypeId as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping
047     * implementations which produce the amr and acr claims.
048     *
049     * @return the type of the input token.
050     */
051    TokenTypeId getInputTokenType();
052
053    /**
054     * Gets the json representation of the input token. Necessary to generate the authentication context class ref for
055     * a SAML2 assertion - in general, produced tokens may have to have a representation of how the subject encapsulated
056     * in the generated token was authenticated. Published sts instances allow for the specification of a Saml2JsonTokenAuthnContextMapper
057     * implementation which will generate this SAML2 authentication context class ref, a plug-in interface which takes the json representation
058     * of the token as input. Published rest-sts instances which produce OpenIdConnect tokens have similar mapping
059     * implementations which produce the amr and acr claims.
060     *
061     * @return the json representation of the input token.
062     */
063    JsonValue getInputToken();
064}