java.lang.Object
- jetbrains.buildServer.serverSide.oauth.OAuthTokensStorage

All Implemented Interfaces:

TokenRefresher
```
public class OAuthTokensStorage
extends Object
implements TokenRefresher
```
Maintains a set of access tokens generated for an OAuth provider. Each token has information about user who provided it and a scope for which the token has been generated. All tokens are stored in the Root project custom data storage.

Constructor Summary

Constructors
Constructor	Description
`OAuthTokensStorage(ProjectManager projectManager, EncryptionManager encryptionManager, OAuthConnectionsManager oauthConnectionsManager, UserModel userModel)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`void`	`allowTokenInProject(SProject project, String fullTokenId)`	Deprecated. use `allowTokenInProjectIfNecessary(SProject, String)` instead
`void`	`allowTokenInProject(SProject project, String tokenStorageId, OAuthToken oauthToken)`
`boolean`	`allowTokenInProjectIfNecessary(SProject project, String fullTokenId)`	Adds the project to the token's project scope.
`void`	`allowTokenInProjects(Collection<SProject> projects, String tokenFullId)`
`void`	`allowTokenInProjects(Collection<SProject> projects, String tokenStorageId, OAuthToken oauthToken)`
`static String`	`buildProjectContextKey(SProject project)`
`OAuthToken`	`getAnyNonExpiredUserToken(TokenStorageUserQuery query)`	Gets any user token that matches the query and is not expired.
`TokenStorageQueryResult`	`getProjectTokens(TokenStorageQuery query, TokenStoragePageOrder pageOrder)`	Query for tokens of the respective project.
`OAuthToken`	`getToken(String vcsRootExtId, String tokenFullId, boolean checkProjectScope, boolean refreshIfExpired)`	Retrieve a token object from storage by its full id.
`OAuthToken`	`getToken(SProject project, String tokenFullId, boolean checkProjectScope, boolean refreshIfExpired)`	Retrieve a token object from storage by its full id.
`Set<OAuthToken>`	`getUserTokens(String connectionId, long userId, SProject project, TokenIntent intent, boolean refreshIfNecessary)`	Get all tokens that satisfy certain usage intent for a given user and under a specific connection id within a project context
`Set<OAuthToken>`	`getUserTokens(String connectionId, SUser user)`	Deprecated. since 2022.04, use `getUserTokens(String, SUser, SProject, boolean)` instead
`Set<OAuthToken>`	`getUserTokens(String connectionId, SUser user, SProject project, boolean refreshIfNecessary)`	Get all tokens for a given user and under a specific connection id within a project context
`Set<OAuthToken>`	`getUserTokens(String connectionId, SUser user, SProject project, TokenIntent intent, boolean refreshIfNecessary)`	Get all tokens that satisfy certain usage intent for a given user and under a specific connection id within a project context
`Set<OAuthToken>`	`getUserTokens(TokenStorageUserQuery query)`	Get all tokens that satisfy the given query.
`static boolean`	`isRefreshableTokensEnabled(SProject project)`
`boolean`	`isTokenPermittedInProject(SProject project, String tokenFullId)`
`boolean`	`isTokenRefreshSupported(SProject project, String connectionId)`
`static TokenFullIdComponents`	`parseFullTokenId(String tokenFullId)`
`OAuthToken`	`rememberPermanentToken(String tokenStorageId, SUser user, String oauthLogin, String personalToken, String scope)`	Store a new permanent token
`OAuthToken`	`rememberToken(String tokenStorageId, OAuthToken token)`	remember an existing token object
`OAuthToken`	`rememberToken(String tokenStorageId, SUser user, String oauthLogin, String personalToken, String scope, int timeToLiveSeconds)`	Store a new token
`OAuthToken`	`rememberToken(SProject project, String tokenStorageId, SUser user, String oauthLogin, String personalToken, String scope, int timeToLiveSeconds)`	Store a new token and limit its project scope
`void`	`removeSingleToken(String tokenStorageId, OAuthToken token)`	This method removes exactly the supplied token record by its ID value.
`boolean`	`removeToken(String tokenStorageId, OAuthToken token)`	Deprecated. This method can lead to unintended removal of tokens, potentially breaking any existing configuration if it references the removed token's IDs.
`static OAuthToken`	`tokenFromJson(String tokenId, String json, EncryptionManager encryptionManager)`
`static String`	`tokenToJson(RefreshableToken token, EncryptionManager encryptionManager)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuthTokensStorage

public OAuthTokensStorage(@NotNull
                          ProjectManager projectManager,
                          @NotNull
                          EncryptionManager encryptionManager,
                          @NotNull
                          OAuthConnectionsManager oauthConnectionsManager,
                          @NotNull
                          UserModel userModel)

Method Detail

tokenFromJson

@NotNull
public static OAuthToken tokenFromJson(@NotNull
                                       String tokenId,
                                       @NotNull
                                       String json,
                                       @NotNull
                                       EncryptionManager encryptionManager)

tokenToJson

@NotNull
public static String tokenToJson(@NotNull
                                 RefreshableToken token,
                                 @NotNull
                                 EncryptionManager encryptionManager)

isTokenRefreshSupported

public boolean isTokenRefreshSupported(@NotNull
                                       SProject project,
                                       @NotNull
                                       String connectionId)

Parameters:: project -; connectionId -
Returns:: true if the connection supports the refreshable tokens

rememberPermanentToken

@NotNull
public OAuthToken rememberPermanentToken(@NotNull
                                         String tokenStorageId,
                                         @NotNull
                                         SUser user,
                                         @NotNull
                                         String oauthLogin,
                                         @NotNull
                                         String personalToken,
                                         @NotNull
                                         String scope)

Store a new permanent token

Parameters:: tokenStorageId - token storage id, can be based on the client id of an OAuth connection, or on a connection id in other cases; user - TeamCity user who to whom the token is issued; oauthLogin - a third party system username that was used to issue the token by that system; personalToken - actual access token; scope - token scope (depends on the third party system API)
Returns:: a token object

rememberToken

@NotNull
public OAuthToken rememberToken(@NotNull
                                String tokenStorageId,
                                @NotNull
                                SUser user,
                                @NotNull
                                String oauthLogin,
                                @NotNull
                                String personalToken,
                                @NotNull
                                String scope,
                                int timeToLiveSeconds)

Store a new token

Parameters:: tokenStorageId - token storage id, can be based on the client id of an OAuth connection, or on a connection id in other cases; user - TeamCity user who to whom the token is issued; oauthLogin - a third party system username that was used to issue the token by that system; personalToken - actual access token; scope - token scope (depends on the third party system API); timeToLiveSeconds - a TTL of the token, <=0 for a permanent token
Returns:: a token object

rememberToken

@NotNull
public OAuthToken rememberToken(@NotNull
                                SProject project,
                                @NotNull
                                String tokenStorageId,
                                @NotNull
                                SUser user,
                                @NotNull
                                String oauthLogin,
                                @NotNull
                                String personalToken,
                                @NotNull
                                String scope,
                                int timeToLiveSeconds)

Store a new token and limit its project scope

Parameters:: project - a project where the token can be referred to by id; tokenStorageId - token storage id, can be based on the client id of an OAuth connection, or on a connection id in other cases; user - TeamCity user who to whom the token is issued; oauthLogin - a third party system username that was used to issue the token by that system; personalToken - actual access token; scope - token scope (depends on the third party system API); timeToLiveSeconds - a TTL of the token, <=0 for a permanent token
Returns:: a token object

rememberToken

@NotNull
public OAuthToken rememberToken(@NotNull
                                String tokenStorageId,
                                @NotNull
                                OAuthToken token)

remember an existing token object

Parameters:: tokenStorageId - token storage id, can be based on the client id of an OAuth connection, or on a connection id in other cases; token - token
Returns:: the same token object

getUserTokens
```
@Deprecated
@NotNull
public Set<OAuthToken> getUserTokens(@NotNull
                                     String connectionId,
                                     @NotNull
                                     SUser user)
```
Deprecated.
since 2022.04, use getUserTokens(String, SUser, SProject, boolean) instead

Get all tokens issued for a given user and under specific connection id

Parameters:

connectionId - connection id, it is used as token storage id by this method

user - TeamCity user who to whom the token is issued

Returns:

a set of tokens

getUserTokens

@NotNull
public Set<OAuthToken> getUserTokens(@NotNull
                                     String connectionId,
                                     @NotNull
                                     SUser user,
                                     @NotNull
                                     SProject project,
                                     boolean refreshIfNecessary)

Get all tokens for a given user and under a specific connection id within a project context

Parameters:: connectionId - connection id, it will not be used directly as token storage id, but the token storage id will be returned by the connection itself; user - TeamCity user who to whom the token is issued; project - a project to determine the context of the connection; refreshIfNecessary - if true the method will attempt to refresh each expired token
Returns:: a set of tokens

getUserTokens

@NotNull
public Set<OAuthToken> getUserTokens(@NotNull
                                     String connectionId,
                                     @NotNull
                                     SUser user,
                                     @NotNull
                                     SProject project,
                                     @NotNull
                                     TokenIntent intent,
                                     boolean refreshIfNecessary)

Get all tokens that satisfy certain usage intent for a given user and under a specific connection id within a project context

Parameters:: connectionId - connection id, it will not be used directly as token storage id, but the token storage id will be returned by the connection itself; user - TeamCity user who to whom the token is issued; project - a project to determine the context of the connection; tokenIntent - used to select a token by scope; refreshIfNecessary - if true the method will attempt to refresh each expired token
Returns:: a set of tokens

getUserTokens

@NotNull
public Set<OAuthToken> getUserTokens(@NotNull
                                     String connectionId,
                                     long userId,
                                     @NotNull
                                     SProject project,
                                     @NotNull
                                     TokenIntent intent,
                                     boolean refreshIfNecessary)

Get all tokens that satisfy certain usage intent for a given user and under a specific connection id within a project context

Parameters:: connectionId - connection id, it will not be used directly as token storage id, but the token storage id will be returned by the connection itself; userId - TeamCity user ID who to whom the token is issued; project - a project to determine the context of the connection; tokenIntent - used to select a token by scope; refreshIfNecessary - if true the method will attempt to refresh each expired token
Returns:: a set of tokens

getUserTokens

public Set<OAuthToken> getUserTokens(@NotNull
                                     TokenStorageUserQuery query)

Get all tokens that satisfy the given query. See TokenStorageUserQuery.

Parameters:: query - query conditions
Returns:: a set of tokens
Since:: 2024.03

getAnyNonExpiredUserToken
```
@Nullable
public OAuthToken getAnyNonExpiredUserToken(@NotNull
                                            TokenStorageUserQuery query)
```
Gets any user token that matches the query and is not expired. Encountered matching tokens will potentially be refreshed. It is not guaranteed that all matching tokens will be encountered. The first matching and non-expired token will be returned immediately.

Parameters:

query - query conditions

Returns:

any mathing and non-expired token, or null if nothing matches

getProjectTokens

public TokenStorageQueryResult getProjectTokens(@NotNull
                                                TokenStorageQuery query,
                                                @Nullable
                                                TokenStoragePageOrder pageOrder)

Query for tokens of the respective project.

Parameters:: query - query conditions; pageOrder - optional order and pagination parameters
Returns:: the result of the query
Since:: 2024.07
See Also:: TokenStorageQuery, TokenStorageQueryResult

isTokenPermittedInProject

public boolean isTokenPermittedInProject(@NotNull
                                         SProject project,
                                         @NotNull
                                         String tokenFullId)

getToken
```
@Nullable
public OAuthToken getToken(@Nullable
                           SProject project,
                           @NotNull
                           String tokenFullId,
                           boolean checkProjectScope,
                           boolean refreshIfExpired)
```
Description copied from interface: TokenRefresher

Retrieve a token object from storage by its full id. If the token is expired, the method may attempt to refresh it, store and return a new token.

Specified by:

getToken in interface TokenRefresher

Parameters:

project - a project used as a context to locate a relevant connection and check project scope

tokenFullId - a token full id in the form of oauth2:CONNECTION_ID:USER_ID:UUID_OF_TOKEN

checkProjectScope - if true the method checks the project scope before returning the tocken

refreshIfExpired - if the token is expired, attempt to refresh it

Returns:

access token object, null if such a token is not found in the storage or failed to get refreshed

getToken
```
@Nullable
public OAuthToken getToken(@NotNull
                           String vcsRootExtId,
                           @NotNull
                           String tokenFullId,
                           boolean checkProjectScope,
                           boolean refreshIfExpired)
```
Description copied from interface: TokenRefresher

Retrieve a token object from storage by its full id. If the token is expired, the method may attempt to refresh it, store and return a new token.

Specified by:

getToken in interface TokenRefresher

Parameters:

vcsRootExtId - an external id of the relevant VCS root

tokenFullId - a token full id in the form of oauth2:CONNECTION_ID:USER_ID:UUID_OF_TOKEN

checkProjectScope - if true the method checks the project scope before returning the tocken

refreshIfExpired - if the token is expired, attempt to refresh it

Returns:

access token object, null if such a token is not found in the storage or failed to get refreshed

buildProjectContextKey

public static String buildProjectContextKey(@NotNull
                                            SProject project)

parseFullTokenId

@Nullable
public static TokenFullIdComponents parseFullTokenId(String tokenFullId)

removeToken
```
@Deprecated
public boolean removeToken(@NotNull
                           String tokenStorageId,
                           @NotNull
                           OAuthToken token)
```
Deprecated.
This method can lead to unintended removal of tokens, potentially breaking any existing configuration if it references the removed token's IDs. See the ticket TW-87758 for more information. Use removeSingleToken(String, OAuthToken) instead. Deprecated since 2024.07

This method removes all tokens which have the same TeamCity user id and the same access token value.

Parameters:

tokenStorageId - an id of the token storage where to search for tokens

token - token instance from where user id and access token will be taken

Returns:

true if at least one token was removed

removeSingleToken

public void removeSingleToken(@NotNull
                              String tokenStorageId,
                              @NotNull
                              OAuthToken token)

This method removes exactly the supplied token record by its ID value.

Parameters:: tokenStorageId - an ID of the token storage where to search for the token; token - token instance from where the token ID will be taken

isRefreshableTokensEnabled

public static boolean isRefreshableTokensEnabled(SProject project)

allowTokenInProject

@Deprecated
public void allowTokenInProject(@NotNull
                                SProject project,
                                @NotNull
                                String fullTokenId)

Deprecated.

use allowTokenInProjectIfNecessary(SProject, String) instead

Adds the project to the token's project scope. The token is only modified if necessary.

Parameters:: project - the project; fullTokenId - full token ID of the token to modify

allowTokenInProjectIfNecessary

public boolean allowTokenInProjectIfNecessary(@NotNull
                                              SProject project,
                                              @NotNull
                                              String fullTokenId)

Adds the project to the token's project scope. The token is only modified if necessary.

Parameters:: project - the project; fullTokenId - full token ID of the token to modify
Returns:: true if the token was modified
Since:: 2024.12

allowTokenInProject

public void allowTokenInProject(@NotNull
                                SProject project,
                                @NotNull
                                String tokenStorageId,
                                @NotNull
                                OAuthToken oauthToken)

allowTokenInProjects

public void allowTokenInProjects(@NotNull
                                 Collection<SProject> projects,
                                 @NotNull
                                 String tokenStorageId,
                                 @NotNull
                                 OAuthToken oauthToken)

allowTokenInProjects

public void allowTokenInProjects(@NotNull
                                 Collection<SProject> projects,
                                 @NotNull
                                 String tokenFullId)

Class OAuthTokensStorage

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

OAuthTokensStorage

Method Detail

tokenFromJson

tokenToJson

isTokenRefreshSupported

rememberPermanentToken

rememberToken

rememberToken

rememberToken

getUserTokens

getUserTokens

getUserTokens

getUserTokens

getUserTokens

getAnyNonExpiredUserToken

getProjectTokens

isTokenPermittedInProject

getToken

getToken

buildProjectContextKey

parseFullTokenId

removeToken

removeSingleToken

isRefreshableTokensEnabled

allowTokenInProject

allowTokenInProjectIfNecessary

allowTokenInProject

allowTokenInProjects

allowTokenInProjects