com.amazon.simplesignin.linktoken

Interface ILinkTokenProvider<T extends IGenerateLinkTokenRequest>

All Known Implementing Classes:

LinkTokenV1Provider

public interface ILinkTokenProvider<T extends IGenerateLinkTokenRequest>

ILinkTokenProvider defines contract for link token generation and validation APIs.

Method Summary

Modifier and Type	Method and Description
LinkTokenContainer	generateLinkToken(T request) Generates a new LinkToken.
LinkTokenSchema	getTokenSchema() Returns link token schema supported by the implementation.
LinkTokenInfo	validateLinkToken(LinkToken linkToken, IRequestContext requestContext) Validates the given LinkToken.
LinkTokenInfo	validateLinkToken(SSITokenInfo ssiTokenInfo, IRequestContext requestContext) Validates the LinkToken unwrapped from an SSI token.

Method Detail

generateLinkToken

LinkTokenContainer generateLinkToken(T request)
                              throws TokenException

Generates a new LinkToken.

Parameters:

request - IGenerateLinkTokenRequest Object holding details required for generating link token.

Returns:

LinkTokenContainer.

Throws:

TokenException - is thrown to indicate unexpected errors encountered while generating token.

validateLinkToken

LinkTokenInfo validateLinkToken(LinkToken linkToken,
                                IRequestContext requestContext)
                         throws TokenException

Validates the given LinkToken.

NOTE that for validating link token during the authentication flow, another variant of this method validateLinkToken(SSITokenInfo, IRequestContext) must be used. This method doesn't enforce that a link token being validated is obtained as part of an SSI token. SSI token is essential to verify that account linking is still valid at this moment and link token is used for authentication on intended devices. Link token obtained through any other means might represent a stale or invalid account linking and doesn't provide authorization to be used for customer authentication.

LinkToken validation entails the following:

1. Token is decrypted successfully.
2. Token signature is verified successfully to ensure the authenticity of issuer and integrity of token contents.
3. Token contains all required fields.

Parameters:

linkToken - LinkToken Link token to decode.

requestContext - IRequestContext object which holds additional contextual information about the request.

Returns:

LinkTokenInfo object containing information decoded from the link token.

Throws:

InvalidTokenException - is thrown for malformed tokens that cannot be decoded.

TokenException - is thrown to indicate other unexpected errors encountered while decoding token.

validateLinkToken

LinkTokenInfo validateLinkToken(SSITokenInfo ssiTokenInfo,
                                IRequestContext requestContext)
                         throws TokenException

Validates the LinkToken unwrapped from an SSI token.

In addition to the validation steps done in validateLinkToken(LinkToken, IRequestContext), this method verifies that the token is being used within its scope by matching Amazon user id from the enclosing SSI token (which represents the current active user on the device) with Amazon user id which link token has been scoped to.

Parameters:

ssiTokenInfo - Decoded information from an SSI token.

requestContext - IRequestContext object which holds additional contextual information about the request.

Returns:

LinkTokenInfo object containing information decoded from the link token.

Throws:

InvalidTokenException - is thrown when the token cannot be decoded when it's malformed.

InvalidTokenUsageException - is thrown when the token usage is found to be not within the approved scope.

TokenException - is thrown to indicate other unexpected errors encountered while decoding token.

getTokenSchema

LinkTokenSchema getTokenSchema()

Returns link token schema supported by the implementation.

Returns:

LinkTokenSchema