OAuthConstants.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.cxf.rs.security.oauth2.utils;

/**
 * Miscellaneous constants
 */
public final class OAuthConstants {
    // Common OAuth2 constants
    public static final String CLIENT_ID = "client_id";
    public static final String CLIENT_SECRET = "client_secret";
    public static final String CLIENT_AUDIENCE = "audience";
    public static final String RESOURCE_INDICATOR = "resource";

    public static final String NONCE = "nonce";

    public static final String REDIRECT_URI = "redirect_uri";
    public static final String SCOPE = "scope";
    public static final String STATE = "state";
    public static final String ACCESS_TOKEN = "access_token";
    public static final String ACCESS_TOKEN_TYPE = "token_type";
    public static final String ACCESS_TOKEN_EXPIRES_IN = "expires_in";
    public static final String GRANT_TYPE = "grant_type";
    public static final String RESPONSE_TYPE = "response_type";
    public static final String TOKEN_RESPONSE_TYPE = "token";
    public static final String REFRESH_TOKEN = "refresh_token";
    public static final String RESPONSE_MODE = "response_mode";
    public static final String FORM_RESPONSE_MODE = "form_post";
    // CXF-Specific
    public static final String TOKEN_REQUEST_PARAMS = "token_request_params";
    public static final String ACCESS_TOKEN_ISSUED_AT = "issued_at";


    // Well-known grant types
    public static final String AUTHORIZATION_CODE_GRANT = "authorization_code";
    public static final String CLIENT_CREDENTIALS_GRANT = "client_credentials";
    public static final String IMPLICIT_GRANT = "implicit";
    public static final String RESOURCE_OWNER_GRANT = "password";
    public static final String REFRESH_TOKEN_GRANT = "refresh_token";

    // CXF-specific grant
    // The token is returned directly to a human user who copies it into a confidential client
    public static final String IMPLICIT_CONFIDENTIAL_GRANT = "urn:ietf:params:oauth:grant-type:implicit-confidential";
    public static final String DIRECT_TOKEN_GRANT = "urn:ietf:params:oauth:grant-type:direct-token-grant";

    // Well-known token types
    public static final String BEARER_TOKEN_TYPE = "Bearer";
    public static final String HAWK_TOKEN_TYPE = "hawk";

    // https://tools.ietf.org/html/rfc7636
    public static final String AUTHORIZATION_CODE_VERIFIER = "code_verifier";
    public static final String AUTHORIZATION_CODE_CHALLENGE = "code_challenge";
    public static final String AUTHORIZATION_CODE_CHALLENGE_METHOD = "code_challenge_method";

    // CXF-specific
    public static final String REFRESH_TOKEN_TYPE = "refresh";

    // Hawk token parameters
    // Set by Access Token Service
    public static final String HAWK_TOKEN_KEY = "secret";
    public static final String HAWK_TOKEN_ALGORITHM = "algorithm";

    // Set in Authorization header
    public static final String HAWK_TOKEN_ID = "id";
    public static final String HAWK_TOKEN_TIMESTAMP = "ts";
    public static final String HAWK_TOKEN_EXTENSION = "ext";
    public static final String HAWK_TOKEN_NONCE = "nonce";
    public static final String HAWK_TOKEN_SIGNATURE = "mac";

    // Mac/Hawk HMAC algorithm names
    public static final String HMAC_ALGO_SHA_1 = "hmac-sha-1";
    public static final String HMAC_ALGO_SHA_256 = "hmac-sha-256";

    // Token Authorization schemes
    public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
    public static final String HAWK_AUTHORIZATION_SCHEME = "Hawk";
    public static final String ALL_AUTH_SCHEMES = "*";


    // Default Client Authentication Scheme
    public static final String BASIC_SCHEME = "Basic";

    // Authorization Code grant constants
    public static final String AUTHORIZATION_CODE_VALUE = "code";
    public static final String CODE_RESPONSE_TYPE = "code";
    public static final String SESSION_AUTHENTICITY_TOKEN = "session_authenticity_token";
    public static final String SESSION_AUTHENTICITY_TOKEN_PARAM_NAME = "session_authenticity_token_param_name";
    public static final String AUTHORIZATION_DECISION_KEY = "oauthDecision";
    public static final String AUTHORIZATION_DECISION_ALLOW = "allow";
    public static final String AUTHORIZATION_DECISION_DENY = "deny";

    // Resource Owner grant constants
    public static final String RESOURCE_OWNER_NAME = "username";
    public static final String RESOURCE_OWNER_PASSWORD = "password";

    // Error constants
    public static final String ERROR_KEY = "error";
    public static final String ERROR_DESCRIPTION_KEY = "error_description";
    public static final String ERROR_URI_KEY = "error_uri";

    public static final String SERVER_ERROR = "server_error";
    public static final String INVALID_REQUEST = "invalid_request";
    public static final String INVALID_GRANT = "invalid_grant";
    public static final String UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type";
    public static final String UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
    public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
    public static final String INVALID_CLIENT = "invalid_client";
    public static final String INVALID_SCOPE = "invalid_scope";
    public static final String ACCESS_DENIED = "access_denied";

    // Token Revocation, Introspection
    public static final String TOKEN_ID = "token";
    public static final String TOKEN_TYPE_HINT = "token_type_hint";
    public static final String UNSUPPORTED_TOKEN_TYPE = "unsupported_token_type";

    // Token Service Authentication Methods
    public static final String TOKEN_ENDPOINT_AUTH_NONE = "none";
    public static final String TOKEN_ENDPOINT_AUTH_BASIC = "client_secret_basic";
    public static final String TOKEN_ENDPOINT_AUTH_POST = "client_secret_post";
    public static final String TOKEN_ENDPOINT_AUTH_TLS = "tls_client_auth";
    // TLS Authentication Binding Properties
    public static final String TLS_CLIENT_AUTH_SUBJECT_DN = "tls_client_auth_subject_dn";
    public static final String TLS_CLIENT_AUTH_ISSUER_DN = "tls_client_auth_issuer_dn";
    
    // Authorization scheme constants, used internally by AccessTokenValidation client and service
    public static final String AUTHORIZATION_SCHEME_TYPE = "authScheme";
    public static final String AUTHORIZATION_SCHEME_DATA = "authSchemeData";

    // Default refresh token scope value - checked by CXF utility code
    public static final String REFRESH_TOKEN_SCOPE = "refreshToken";

    // Client Secret (JWS) Signature Algorithm
    public static final String CLIENT_SECRET_SIGNATURE_ALGORITHM = "client.secret.signature.algorithm";
    // Client Secret (JWE) Content Encryption Algorithm
    public static final String CLIENT_SECRET_CONTENT_ENCRYPTION_ALGORITHM =
        "client.secret.content.encryption.algorithm";

    private OAuthConstants() {
    }

}