Class UserSession


  • @NonNullByDefault
    public class UserSession
    extends Object
    A persistent session for a ManagedUser, which holds a refresh token used by a client to get short-lived access tokens for API requests authorization.
    Author:
    Yannick Schaus - initial contribution
    • Constructor Detail

      • UserSession

        public UserSession​(String sessionId,
                           String refreshToken,
                           String clientId,
                           String redirectUri,
                           String scope)
        Constructs a new session.
        Parameters:
        sessionId - an unique ID for the session
        refreshToken - the refresh token associated to the session
        clientId - the client ID associated to the session
        redirectUri - the callback URI provided when the client was authorized by the user
        scope - the granted scope provided when the client was authorized by the user
    • Method Detail

      • getSessionId

        public String getSessionId()
        Gets the ID of the session.
        Returns:
        the session ID
      • getRefreshToken

        public String getRefreshToken()
        Gets the refresh token for the session.
        Returns:
        the refresh token
      • getCreatedTime

        public Date getCreatedTime()
        Gets the creation time of the session.
        Returns:
        the creation time
      • getLastRefreshTime

        public Date getLastRefreshTime()
        Gets the time when the refresh token was last used to get a new access token.
        Returns:
        the last refresh time
      • setLastRefreshTime

        public void setLastRefreshTime​(Date lastRefreshTime)
        Sets the time when the refresh token was last used to get a new access token.
        Parameters:
        lastRefreshTime - the last refresh time
      • getScope

        public String getScope()
        Gets the scope requested when authorizing this session.
        Returns:
        the session scope
      • getClientId

        public String getClientId()
        Gets the ID of the client this session was created for
        Returns:
        the client ID
      • getRedirectUri

        public String getRedirectUri()
        Gets the redirect URI which was used to perform the authorization flow.
        Returns:
        the redirect URI
      • hasSessionCookie

        public boolean hasSessionCookie()
        Specifies whether this session is supported by a session cookie, to mitigate the impact of refresh token leakage.
        Returns:
        whether or not a cookie has been set
      • setSessionCookie

        public void setSessionCookie​(boolean sessionCookie)
        Sets the session cookie flag for this session.
        Parameters:
        sessionCookie - the cookie flag