2 files changed, 169 insertions, 0 deletions

diff --git a/lib/public/Authentication/Token/IProvider.php b/lib/public/Authentication/Token/IProvider.php
new file mode 100644
index 00000000000..ade44a3ee94
--- /dev/null
+++ b/lib/public/Authentication/Token/IProvider.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+namespace OCP\Authentication\Token;
+
+use OCP\Authentication\Exceptions\ExpiredTokenException;
+use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Exceptions\WipeTokenException;
+
+/**
+ * @since 24.0.8
+ */
+interface IProvider {
+	/**
+	 * invalidates all tokens of a specific user
+	 * if a client name is given only tokens of that client will be invalidated
+	 *
+	 * @param string $uid
+	 * @param string|null $clientName
+	 * @since 24.0.8
+	 * @return void
+	 */
+	public function invalidateTokensOfUser(string $uid, ?string $clientName);
+
+	/**
+	 * Get a token by token string id
+	 *
+	 * @since 28.0.0
+	 * @throws InvalidTokenException
+	 * @throws ExpiredTokenException
+	 * @throws WipeTokenException
+	 * @return IToken
+	 */
+	public function getToken(string $tokenId): IToken;
+}
diff --git a/lib/public/Authentication/Token/IToken.php b/lib/public/Authentication/Token/IToken.php
new file mode 100644
index 00000000000..8c047280924
--- /dev/null
+++ b/lib/public/Authentication/Token/IToken.php
@@ -0,0 +1,129 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCP\Authentication\Token;
+
+use JsonSerializable;
+
+/**
+ * @since 28.0.0
+ */
+interface IToken extends JsonSerializable {
+	/**
+	 * @since 28.0.0
+	 */
+	public const TEMPORARY_TOKEN = 0;
+	/**
+	 * @since 28.0.0
+	 */
+	public const PERMANENT_TOKEN = 1;
+	/**
+	 * @since 28.0.0
+	 */
+	public const WIPE_TOKEN = 2;
+	/**
+	 * @since 28.0.0
+	 */
+	public const DO_NOT_REMEMBER = 0;
+	/**
+	 * @since 28.0.0
+	 */
+	public const REMEMBER = 1;
+
+	/**
+	 * @since 30.0.0
+	 */
+	public const SCOPE_FILESYSTEM = 'filesystem';
+	/**
+	 * @since 30.0.0
+	 */
+	public const SCOPE_SKIP_PASSWORD_VALIDATION = 'password-unconfirmable';
+
+	/**
+	 * Get the token ID
+	 * @since 28.0.0
+	 */
+	public function getId(): int;
+
+	/**
+	 * Get the user UID
+	 * @since 28.0.0
+	 */
+	public function getUID(): string;
+
+	/**
+	 * Get the login name used when generating the token
+	 * @since 28.0.0
+	 */
+	public function getLoginName(): string;
+
+	/**
+	 * Get the (encrypted) login password
+	 * @since 28.0.0
+	 */
+	public function getPassword(): ?string;
+
+	/**
+	 * Get the timestamp of the last password check
+	 * @since 28.0.0
+	 */
+	public function getLastCheck(): int;
+
+	/**
+	 * Set the timestamp of the last password check
+	 * @since 28.0.0
+	 */
+	public function setLastCheck(int $time): void;
+
+	/**
+	 * Get the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function getScope(): string;
+
+	/**
+	 * Get the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function getScopeAsArray(): array;
+
+	/**
+	 * Set the authentication scope for this token
+	 * @since 28.0.0
+	 */
+	public function setScope(array $scope): void;
+
+	/**
+	 * Get the name of the token
+	 * @since 28.0.0
+	 */
+	public function getName(): string;
+
+	/**
+	 * Get the remember state of the token
+	 * @since 28.0.0
+	 */
+	public function getRemember(): int;
+
+	/**
+	 * Set the token
+	 * @since 28.0.0
+	 */
+	public function setToken(string $token): void;
+
+	/**
+	 * Set the password
+	 * @since 28.0.0
+	 */
+	public function setPassword(string $password): void;
+
+	/**
+	 * Set the expiration time of the token
+	 * @since 28.0.0
+	 */
+	public function setExpires(?int $expires): void;
+}