Authorization returns scope Order

acme4j-client/src/main/java/org/shredzone/acme4j/Authorization.java

@@ -43,6 +43,7 @@ public class Authorization extends AcmeResource {
     private String domain;
     private Status status;
     private Instant expires;
+    private Order scope;
     private List<Challenge> challenges;
     private boolean loaded = false;
 
@@ -89,6 +90,15 @@ public class Authorization extends AcmeResource {
         return expires;
     }
 
+    /**
+     * Gets the scope of the {@link Authorization}. If not {@code null}, this
+     * {@link Authorization} is only valid for the returned {@link Order}.
+     */
+    public Order getScope() {
+        load();
+        return scope;
+    }
+
     /**
      * Gets a list of all challenges offered by the server.
      */
@@ -193,6 +203,11 @@ public class Authorization extends AcmeResource {
             domain = jsonIdentifier.get("value").asString();
         }
 
+        URL scopeUrl = json.get("scope").asURL();
+        if (scopeUrl != null) {
+            scope = Order.bind(getSession(), scopeUrl);
+        }
+
         challenges = fetchChallenges(json);
 
         loaded = true;

acme4j-client/src/test/java/org/shredzone/acme4j/AuthorizationTest.java

@@ -127,6 +127,7 @@ public class AuthorizationTest {
         assertThat(auth.getStatus(), is(Status.VALID));
         assertThat(auth.getExpires(), is(parseTimestamp("2016-01-02T17:12:40Z")));
         assertThat(auth.getLocation(), is(locationUrl));
+        assertThat(auth.getScope().getLocation(), is(url("https://example.com/order/123")));
 
         assertThat(auth.getChallenges(), containsInAnyOrder(
                         (Challenge) httpChallenge, (Challenge) dnsChallenge));

acme4j-client/src/test/resources/json/updateAuthorizationResponse.json

@@ -18,5 +18,6 @@
       "uri": "https://example.com/authz/asdf/1",
       "token": "DGyRejmCefe7v4NfDGDKfA"
     }
-  ]
+  ],
+  "scope": "https://example.com/order/123"
 }