Package com.google.auth.oauth2
Class UserAuthorizer
- java.lang.Object
-
- com.google.auth.oauth2.UserAuthorizer
-
public class UserAuthorizer extends java.lang.Object
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
UserAuthorizer.Builder
static class
UserAuthorizer.ClientAuthenticationType
Represents the client authentication types as specified in RFC 7591.static class
UserAuthorizer.TokenResponseWithConfig
Represents the response from an OAuth token exchange, including configuration details used to initiate the flow.private class
UserAuthorizer.UserCredentialsListener
Implementation of listener used by monitorCredentials to rewrite the credentials when the tokens are refreshed.
-
Field Summary
Fields Modifier and Type Field Description private java.net.URI
callbackUri
private UserAuthorizer.ClientAuthenticationType
clientAuthenticationType
private ClientId
clientId
(package private) static java.net.URI
DEFAULT_CALLBACK_URI
private java.lang.String
FETCH_TOKEN_ERROR
private PKCEProvider
pkce
private java.util.Collection<java.lang.String>
scopes
private java.lang.String
TOKEN_STORE_ERROR
private java.net.URI
tokenServerUri
private TokenStore
tokenStore
private HttpTransportFactory
transportFactory
private java.net.URI
userAuthUri
-
Constructor Summary
Constructors Modifier Constructor Description private
UserAuthorizer(UserAuthorizer.Builder builder)
Internal constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description UserCredentials
getAndStoreCredentialsFromCode(java.lang.String userId, java.lang.String code, java.net.URI baseUri)
Exchanges an authorization code for tokens and stores them.java.net.URL
getAuthorizationUrl(java.lang.String userId, java.lang.String state, java.net.URI baseUri)
Return a URL that performs the authorization consent prompt web UI.java.net.URL
getAuthorizationUrl(java.lang.String userId, java.lang.String state, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters)
Return a URL that performs the authorization consent prompt web UI.java.net.URI
getCallbackUri()
Returns the URI for implementation of the OAuth2 web callback.java.net.URI
getCallbackUri(java.net.URI baseUri)
Returns the URI for implementation of the OAuth2 web callback, optionally relative to the specified URI.UserAuthorizer.ClientAuthenticationType
getClientAuthenticationType()
Returns the client authentication type as defined in RFC 7591.ClientId
getClientId()
Returns the Client ID user to identify the OAuth2 consent prompt.UserCredentials
getCredentials(java.lang.String userId)
Attempts to retrieve credentials for the approved end user consent.UserCredentials
getCredentialsFromCode(java.lang.String code, java.net.URI baseUri)
Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.UserCredentials
getCredentialsFromCode(java.lang.String code, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters)
Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.private UserAuthorizer.TokenResponseWithConfig
getCredentialsFromCodeInternal(java.lang.String code, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters)
java.util.Collection<java.lang.String>
getScopes()
Returns the scopes defining the user consent.UserAuthorizer.TokenResponseWithConfig
getTokenResponseFromAuthCodeExchange(java.lang.String code, java.net.URI callbackUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters)
Handles OAuth2 authorization code exchange and returns aUserAuthorizer.TokenResponseWithConfig
object containing the tokens and configuration details.TokenStore
getTokenStore()
Returns the implementation of a component for long term storage of tokens.protected void
monitorCredentials(java.lang.String userId, UserCredentials credentials)
Adds a listen to rewrite the credentials when the tokens are refreshed.static UserAuthorizer.Builder
newBuilder()
void
revokeAuthorization(java.lang.String userId)
Revokes the authorization for tokens stored for the user.void
storeCredentials(java.lang.String userId, UserCredentials credentials)
Puts the end user credentials in long term storage.UserAuthorizer.Builder
toBuilder()
-
-
-
Field Detail
-
DEFAULT_CALLBACK_URI
static final java.net.URI DEFAULT_CALLBACK_URI
-
TOKEN_STORE_ERROR
private final java.lang.String TOKEN_STORE_ERROR
- See Also:
- Constant Field Values
-
FETCH_TOKEN_ERROR
private final java.lang.String FETCH_TOKEN_ERROR
- See Also:
- Constant Field Values
-
clientId
private final ClientId clientId
-
scopes
private final java.util.Collection<java.lang.String> scopes
-
tokenStore
private final TokenStore tokenStore
-
callbackUri
private final java.net.URI callbackUri
-
transportFactory
private final HttpTransportFactory transportFactory
-
tokenServerUri
private final java.net.URI tokenServerUri
-
userAuthUri
private final java.net.URI userAuthUri
-
pkce
private final PKCEProvider pkce
-
clientAuthenticationType
private final UserAuthorizer.ClientAuthenticationType clientAuthenticationType
-
-
Constructor Detail
-
UserAuthorizer
private UserAuthorizer(UserAuthorizer.Builder builder)
Internal constructor. SeeUserAuthorizer.Builder
.
-
-
Method Detail
-
getClientId
public ClientId getClientId()
Returns the Client ID user to identify the OAuth2 consent prompt.- Returns:
- The Client ID.
-
getScopes
public java.util.Collection<java.lang.String> getScopes()
Returns the scopes defining the user consent.- Returns:
- The collection of scopes defining the user consent.
-
getCallbackUri
public java.net.URI getCallbackUri()
Returns the URI for implementation of the OAuth2 web callback.- Returns:
- The URI for the OAuth2 web callback.
-
getCallbackUri
public java.net.URI getCallbackUri(java.net.URI baseUri)
Returns the URI for implementation of the OAuth2 web callback, optionally relative to the specified URI.The callback URI is often relative to enable an application to be tested from more than one place so this can be used to resolve it relative to another URI.
- Parameters:
baseUri
- The URI to resolve the callback URI relative to.- Returns:
- The resolved URI.
-
getTokenStore
public TokenStore getTokenStore()
Returns the implementation of a component for long term storage of tokens.- Returns:
- The token storage implementation for long term storage of tokens.
-
getClientAuthenticationType
public UserAuthorizer.ClientAuthenticationType getClientAuthenticationType()
Returns the client authentication type as defined in RFC 7591.- Returns:
- The
UserAuthorizer.ClientAuthenticationType
-
getAuthorizationUrl
public java.net.URL getAuthorizationUrl(java.lang.String userId, java.lang.String state, java.net.URI baseUri)
Return a URL that performs the authorization consent prompt web UI.- Parameters:
userId
- Application's identifier for the end user.state
- State that is passed on to the OAuth2 callback URI after the consent.baseUri
- The URI to resolve the OAuth2 callback URI relative to.- Returns:
- The URL that can be navigated or redirected to.
-
getAuthorizationUrl
public java.net.URL getAuthorizationUrl(java.lang.String userId, java.lang.String state, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters)
Return a URL that performs the authorization consent prompt web UI.- Parameters:
userId
- Application's identifier for the end user.state
- State that is passed on to the OAuth2 callback URI after the consent.baseUri
- The URI to resolve the OAuth2 callback URI relative to.additionalParameters
- Additional query parameters to be added to the authorization URL.- Returns:
- The URL that can be navigated or redirected to.
-
getCredentials
public UserCredentials getCredentials(java.lang.String userId) throws java.io.IOException
Attempts to retrieve credentials for the approved end user consent.- Parameters:
userId
- Application's identifier for the end user.- Returns:
- The loaded credentials or null if there are no valid approved credentials.
- Throws:
java.io.IOException
- If there is error retrieving or loading the credentials.
-
getCredentialsFromCode
public UserCredentials getCredentialsFromCode(java.lang.String code, java.net.URI baseUri) throws java.io.IOException
Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.- Parameters:
code
- Code returned from OAuth2 consent prompt.baseUri
- The URI to resolve the OAuth2 callback URI relative to.- Returns:
- the UserCredentials instance created from the authorization code.
- Throws:
java.io.IOException
- An error from the server API call to get the tokens.
-
getCredentialsFromCode
public UserCredentials getCredentialsFromCode(java.lang.String code, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters) throws java.io.IOException
Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.- Parameters:
code
- Code returned from OAuth2 consent prompt.baseUri
- The URI to resolve the OAuth2 callback URI relative to.additionalParameters
- Additional parameters to be added to the post body of token endpoint request.- Returns:
- the UserCredentials instance created from the authorization code.
- Throws:
java.io.IOException
- An error from the server API call to get the tokens.
-
getTokenResponseFromAuthCodeExchange
public UserAuthorizer.TokenResponseWithConfig getTokenResponseFromAuthCodeExchange(java.lang.String code, java.net.URI callbackUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters) throws java.io.IOException
Handles OAuth2 authorization code exchange and returns aUserAuthorizer.TokenResponseWithConfig
object containing the tokens and configuration details.- Parameters:
code
- The authorization code received from the OAuth2 authorization server.callbackUri
- The URI to which the authorization server redirected the user after granting authorization.additionalParameters
- Additional parameters to include in the token exchange request.- Returns:
- A
UserAuthorizer.TokenResponseWithConfig
object containing the access token, refresh token (if granted), and configuration details used in the OAuth flow. - Throws:
java.io.IOException
- If an error occurs during the token exchange process.
-
getAndStoreCredentialsFromCode
public UserCredentials getAndStoreCredentialsFromCode(java.lang.String userId, java.lang.String code, java.net.URI baseUri) throws java.io.IOException
Exchanges an authorization code for tokens and stores them.- Parameters:
userId
- Application's identifier for the end user.code
- Code returned from OAuth2 consent prompt.baseUri
- The URI to resolve the OAuth2 callback URI relative to.- Returns:
- UserCredentials instance created from the authorization code.
- Throws:
java.io.IOException
- An error from the server API call to get the tokens or store the tokens.
-
revokeAuthorization
public void revokeAuthorization(java.lang.String userId) throws java.io.IOException
Revokes the authorization for tokens stored for the user.- Parameters:
userId
- Application's identifier for the end user.- Throws:
java.io.IOException
- An error calling the revoke API or deleting the state.
-
storeCredentials
public void storeCredentials(java.lang.String userId, UserCredentials credentials) throws java.io.IOException
Puts the end user credentials in long term storage.- Parameters:
userId
- Application's identifier for the end user.credentials
- UserCredentials instance for the authorized consent.- Throws:
java.io.IOException
- An error storing the credentials.
-
monitorCredentials
protected void monitorCredentials(java.lang.String userId, UserCredentials credentials)
Adds a listen to rewrite the credentials when the tokens are refreshed.- Parameters:
userId
- Application's identifier for the end user.credentials
- UserCredentials instance to listen to.
-
getCredentialsFromCodeInternal
private UserAuthorizer.TokenResponseWithConfig getCredentialsFromCodeInternal(java.lang.String code, java.net.URI baseUri, java.util.Map<java.lang.String,java.lang.String> additionalParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
newBuilder
public static UserAuthorizer.Builder newBuilder()
-
toBuilder
public UserAuthorizer.Builder toBuilder()
-
-