com.aspc.cms.rest.plugin.oidc

Class OidcSessionTokenCache

java.lang.Object

com.aspc.cms.rest.plugin.oidc.OidcSessionTokenCache

public final class OidcSessionTokenCache
extends java.lang.Object

Thread-safe, short-lived cache for temporarily storing access and ID tokens after an OIDC authorisation code exchange.

After the callback exchanges the authorisation code for tokens, the access and ID tokens are cached here under a random session key. The frontend then retrieves them via the /oidc/tokens endpoint using the session key from a cookie. Each entry is one-time-use and expires after a configurable time-to-live.

Author:

Claude

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OidcSessionTokenCache.CachedTokens Immutable container for cached access and ID tokens with an expiry time.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	COOKIE_SESSION_TOKEN The cookie name used to store the session token key.
static int	DEFAULT_TTL_SECONDS Default time-to-live for cached tokens: 60 seconds.

Method Summary

Modifier and Type	Method and Description
void	clear() Clears all entries from the cache.
static OidcSessionTokenCache	getInstance() Returns the singleton instance.
boolean	remove(java.lang.String sessionKey) Removes the cache entry for the given session key, if present.
OidcSessionTokenCache.CachedTokens	retrieve(java.lang.String sessionKey) Retrieves and removes the cached tokens for the given session key.
int	size() Returns the current number of entries in the cache (including expired).
java.lang.String	store(java.lang.String accessToken, java.lang.String idToken) Stores the access and ID tokens under a new random session key with the default TTL.
java.lang.String	store(java.lang.String accessToken, java.lang.String idToken, int ttlSeconds) Stores the access and ID tokens under a new random session key with a custom TTL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_TTL_SECONDS

public static final int DEFAULT_TTL_SECONDS

Default time-to-live for cached tokens: 60 seconds.

See Also:

Constant Field Values

COOKIE_SESSION_TOKEN

public static final java.lang.String COOKIE_SESSION_TOKEN

The cookie name used to store the session token key.

See Also:

Constant Field Values

Method Detail

getInstance

@CheckReturnValue
 @Nonnull
public static OidcSessionTokenCache getInstance()

Returns the singleton instance.

Returns:

the cache instance

store

@CheckReturnValue
 @Nonnull
public java.lang.String store(@Nonnull
                                                          java.lang.String accessToken,
                                                          @Nonnull
                                                          java.lang.String idToken)

Stores the access and ID tokens under a new random session key with the default TTL.

Expired entries are purged on each call to keep the cache clean.

Parameters:

accessToken - the access token from Cognito

idToken - the ID token from Cognito

Returns:

the session key (UUID) to retrieve the tokens

store

@CheckReturnValue
 @Nonnull
public java.lang.String store(@Nonnull
                                                          java.lang.String accessToken,
                                                          @Nonnull
                                                          java.lang.String idToken,
                                                          int ttlSeconds)

Stores the access and ID tokens under a new random session key with a custom TTL.

Expired entries are purged on each call to keep the cache clean.

Parameters:

accessToken - the access token from Cognito

idToken - the ID token from Cognito

ttlSeconds - the time-to-live in seconds (use 0 or negative for immediate expiry)

Returns:

the session key (UUID) to retrieve the tokens

retrieve

@CheckReturnValue
 @Nullable
public OidcSessionTokenCache.CachedTokens retrieve(@Nonnull
                                                                                java.lang.String sessionKey)

Retrieves and removes the cached tokens for the given session key.

This is a one-time-use operation — the tokens are removed from the cache after retrieval. Returns null if the key is not found or the entry has expired.

Parameters:

sessionKey - the session key from the cookie

Returns:

the cached tokens, or null if not found or expired

size

@CheckReturnValue
public int size()

Returns the current number of entries in the cache (including expired).

Returns:

the cache size

remove

public boolean remove(@Nullable
                      java.lang.String sessionKey)

Removes the cache entry for the given session key, if present.

Used on logout to invalidate the current browser’s one-time token handoff without affecting other users’ entries.

Parameters:

sessionKey - the key from COOKIE_SESSION_TOKEN; null or blank is a no-op

Returns:

true if an entry was removed

clear

public void clear()

Clears all entries from the cache. Intended for testing and administrative use only; production /oidc/logout uses remove(String) for the current session key.