/*
* oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
*
* Copyright (c) 2014, Gluu
*/
package org.xdi.oxauth.model.common;
import java.util.Date;
/**
* <p>
* Authorization servers MAY issue refresh tokens to web application clients and
* native application clients.
* </p>
* <p>
* Refresh tokens MUST be kept confidential in transit and storage, and shared
* only among the authorization server and the client to whom the refresh tokens
* were issued.
* </p>
* <p>
* The authorization server MUST maintain the binding between a refresh token
* and the client to whom it was issued. The authorization server MUST verify
* the binding between the refresh token and client identity whenever the client
* identity can be authenticated. When client authentication is not possible,
* the authorization server SHOULD deploy other means to detect refresh token
* abuse.
* </p>
* <p>
* For example, the authorization server could employ refresh token rotation in
* which a new refresh token is issued with every access token refresh response.
* The previous refresh token is invalidated but retained by the authorization
* server. If a refresh token is compromised and subsequently used by both the
* attacker and the legitimate client, one of them will present an invalidated
* refresh token which will inform the authorization server of the breach.
* </p>
* <p>
* The authorization server MUST ensure that refresh tokens cannot be generated,
* modified, or guessed to produce valid refresh tokens by unauthorized parties.
* </p>
*
* @author Javier Rojas Date: 09.29.2011
*
*/
public class RefreshToken extends AbstractToken {
/**
* <p>
* Constructs a refresh token.
* </p>
* <p>
* When created, a token is valid for a given lifetime, and after this
* period of time, it will be marked as expired automatically by a
* background process.
* </p>
* <p>
* When required, the token can be marked as revoked.
* </p>
*
* @param lifeTime
* The life time of the token.
*/
public RefreshToken(int lifeTime) {
super(lifeTime);
}
public RefreshToken(String code, Date creationDate, Date expirationDate) {
super(code, creationDate, expirationDate);
}
}