Class AuthorizationCodeFlow
- java.lang.Object
-
- com.google.api.client.auth.oauth2.AuthorizationCodeFlow
-
public class AuthorizationCodeFlow extends java.lang.Object
Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.
The first step is to call
loadCredential(String)
based on the known user ID to check if the end-user's credentials are already known. If not, callnewAuthorizationUrl()
and direct the end-user's browser to an authorization page. The web browser will then redirect to the redirect URL with a"code"
query parameter which can then be used to request an access token usingnewTokenRequest(String)
. Finally, usecreateAndStoreCredential(TokenResponse, String)
to store and obtain a credential for accessing protected resources.- Since:
- 1.7
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AuthorizationCodeFlow.Builder
Authorization code flow builder.static interface
AuthorizationCodeFlow.CredentialCreatedListener
Listener for a created credential after a successful token response increateAndStoreCredential(com.google.api.client.auth.oauth2.TokenResponse, java.lang.String)
.
-
Field Summary
Fields Modifier and Type Field Description private java.lang.String
authorizationServerEncodedUrl
Authorization server encoded URL.private com.google.api.client.http.HttpExecuteInterceptor
clientAuthentication
Client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).private java.lang.String
clientId
Client identifier.private com.google.api.client.util.Clock
clock
Clock passed along to Credential.private AuthorizationCodeFlow.CredentialCreatedListener
credentialCreatedListener
Credential created listener ornull
for none.private com.google.api.client.util.store.DataStore<StoredCredential>
credentialDataStore
Stored credential data store ornull
for none.private CredentialStore
credentialStore
Deprecated.private com.google.api.client.json.JsonFactory
jsonFactory
JSON factory.private Credential.AccessMethod
method
Method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).private java.util.Collection<CredentialRefreshListener>
refreshListeners
Refresh listeners provided by the client.private com.google.api.client.http.HttpRequestInitializer
requestInitializer
HTTP request initializer ornull
for none.private java.util.Collection<java.lang.String>
scopes
Collection of scopes.private java.lang.String
tokenServerEncodedUrl
Token server encoded URL.private com.google.api.client.http.HttpTransport
transport
HTTP transport.
-
Constructor Summary
Constructors Modifier Constructor Description protected
AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
AuthorizationCodeFlow(Credential.AccessMethod method, com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory, com.google.api.client.http.GenericUrl tokenServerUrl, com.google.api.client.http.HttpExecuteInterceptor clientAuthentication, java.lang.String clientId, java.lang.String authorizationServerEncodedUrl)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Credential
createAndStoreCredential(TokenResponse response, java.lang.String userId)
Creates a new credential for the given user ID based on the given token response and store in the credential store.java.lang.String
getAuthorizationServerEncodedUrl()
Returns the authorization server encoded URL.com.google.api.client.http.HttpExecuteInterceptor
getClientAuthentication()
Returns the client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).java.lang.String
getClientId()
Returns the client identifier.com.google.api.client.util.Clock
getClock()
Returns the clock which will be passed along to the Credential.com.google.api.client.util.store.DataStore<StoredCredential>
getCredentialDataStore()
Beta
Returns the stored credential data store ornull
for none.CredentialStore
getCredentialStore()
Deprecated.(to be removed in the future) UsegetCredentialDataStore()
instead.com.google.api.client.json.JsonFactory
getJsonFactory()
Returns the JSON factory.Credential.AccessMethod
getMethod()
Returns the method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).java.util.Collection<CredentialRefreshListener>
getRefreshListeners()
Returns the unmodifiable list of listeners for refresh token results.com.google.api.client.http.HttpRequestInitializer
getRequestInitializer()
Returns the HTTP request initializer ornull
for none.java.util.Collection<java.lang.String>
getScopes()
Returns the a collection of scopes.java.lang.String
getScopesAsString()
Returns the space-separated list of scopes.java.lang.String
getTokenServerEncodedUrl()
Returns the token server encoded URL.com.google.api.client.http.HttpTransport
getTransport()
Returns the HTTP transport.Credential
loadCredential(java.lang.String userId)
Loads the credential of the given user ID from the credential store.AuthorizationCodeRequestUrl
newAuthorizationUrl()
Returns a new instance of an authorization code request URL.private Credential
newCredential(java.lang.String userId)
Returns a new credential instance based on the given user ID.AuthorizationCodeTokenRequest
newTokenRequest(java.lang.String authorizationCode)
Returns a new instance of an authorization code token request based on the given authorization code.
-
-
-
Field Detail
-
method
private final Credential.AccessMethod method
Method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).
-
transport
private final com.google.api.client.http.HttpTransport transport
HTTP transport.
-
jsonFactory
private final com.google.api.client.json.JsonFactory jsonFactory
JSON factory.
-
tokenServerEncodedUrl
private final java.lang.String tokenServerEncodedUrl
Token server encoded URL.
-
clientAuthentication
private final com.google.api.client.http.HttpExecuteInterceptor clientAuthentication
Client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).
-
clientId
private final java.lang.String clientId
Client identifier.
-
authorizationServerEncodedUrl
private final java.lang.String authorizationServerEncodedUrl
Authorization server encoded URL.
-
credentialStore
@Beta @Deprecated private final CredentialStore credentialStore
Deprecated.Credential persistence store ornull
for none.
-
credentialDataStore
@Beta private final com.google.api.client.util.store.DataStore<StoredCredential> credentialDataStore
Stored credential data store ornull
for none.
-
requestInitializer
private final com.google.api.client.http.HttpRequestInitializer requestInitializer
HTTP request initializer ornull
for none.
-
clock
private final com.google.api.client.util.Clock clock
Clock passed along to Credential.
-
scopes
private final java.util.Collection<java.lang.String> scopes
Collection of scopes.
-
credentialCreatedListener
private final AuthorizationCodeFlow.CredentialCreatedListener credentialCreatedListener
Credential created listener ornull
for none.
-
refreshListeners
private final java.util.Collection<CredentialRefreshListener> refreshListeners
Refresh listeners provided by the client.
-
-
Constructor Detail
-
AuthorizationCodeFlow
public AuthorizationCodeFlow(Credential.AccessMethod method, com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory, com.google.api.client.http.GenericUrl tokenServerUrl, com.google.api.client.http.HttpExecuteInterceptor clientAuthentication, java.lang.String clientId, java.lang.String authorizationServerEncodedUrl)
- Parameters:
method
- method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
)transport
- HTTP transportjsonFactory
- JSON factorytokenServerUrl
- token server URLclientAuthentication
- client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
)clientId
- client identifierauthorizationServerEncodedUrl
- authorization server encoded URL- Since:
- 1.14
-
AuthorizationCodeFlow
protected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
- Parameters:
builder
- authorization code flow builder- Since:
- 1.14
-
-
Method Detail
-
newAuthorizationUrl
public AuthorizationCodeRequestUrl newAuthorizationUrl()
Returns a new instance of an authorization code request URL.This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the
getAuthorizationServerEncodedUrl()
,getClientId()
, andgetScopes()
. Sample usage:private AuthorizationCodeFlow flow; public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = flow.newAuthorizationUrl().setState("xyz") .setRedirectUri("https://client.example.com/rd").build(); response.sendRedirect(url); }
-
newTokenRequest
public AuthorizationCodeTokenRequest newTokenRequest(java.lang.String authorizationCode)
Returns a new instance of an authorization code token request based on the given authorization code.This is used to make a request for an access token using the authorization code. It uses
getTransport()
,getJsonFactory()
,getTokenServerEncodedUrl()
,getClientAuthentication()
,getRequestInitializer()
, andgetScopes()
.static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code) throws IOException, TokenResponseException { return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute(); }
- Parameters:
authorizationCode
- authorization code.
-
createAndStoreCredential
public Credential createAndStoreCredential(TokenResponse response, java.lang.String userId) throws java.io.IOException
Creates a new credential for the given user ID based on the given token response and store in the credential store.- Parameters:
response
- token responseuserId
- user ID ornull
if not using a persisted credential store- Returns:
- newly created credential
- Throws:
java.io.IOException
-
loadCredential
public Credential loadCredential(java.lang.String userId) throws java.io.IOException
Loads the credential of the given user ID from the credential store.- Parameters:
userId
- user ID ornull
if not using a persisted credential store- Returns:
- credential found in the credential store of the given user ID or
null
for none found - Throws:
java.io.IOException
-
newCredential
private Credential newCredential(java.lang.String userId)
Returns a new credential instance based on the given user ID.- Parameters:
userId
- user ID ornull
if not using a persisted credential store
-
getMethod
public final Credential.AccessMethod getMethod()
Returns the method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).
-
getTransport
public final com.google.api.client.http.HttpTransport getTransport()
Returns the HTTP transport.
-
getJsonFactory
public final com.google.api.client.json.JsonFactory getJsonFactory()
Returns the JSON factory.
-
getTokenServerEncodedUrl
public final java.lang.String getTokenServerEncodedUrl()
Returns the token server encoded URL.
-
getClientAuthentication
public final com.google.api.client.http.HttpExecuteInterceptor getClientAuthentication()
Returns the client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).
-
getClientId
public final java.lang.String getClientId()
Returns the client identifier.
-
getAuthorizationServerEncodedUrl
public final java.lang.String getAuthorizationServerEncodedUrl()
Returns the authorization server encoded URL.
-
getCredentialStore
@Beta @Deprecated public final CredentialStore getCredentialStore()
Deprecated.(to be removed in the future) UsegetCredentialDataStore()
instead.Beta
Returns the credential persistence store ornull
for none.
-
getCredentialDataStore
@Beta public final com.google.api.client.util.store.DataStore<StoredCredential> getCredentialDataStore()
Beta
Returns the stored credential data store ornull
for none.- Since:
- 1.16
-
getRequestInitializer
public final com.google.api.client.http.HttpRequestInitializer getRequestInitializer()
Returns the HTTP request initializer ornull
for none.
-
getScopesAsString
public final java.lang.String getScopesAsString()
Returns the space-separated list of scopes.- Since:
- 1.15
-
getScopes
public final java.util.Collection<java.lang.String> getScopes()
Returns the a collection of scopes.
-
getClock
public final com.google.api.client.util.Clock getClock()
Returns the clock which will be passed along to the Credential.- Since:
- 1.9
-
getRefreshListeners
public final java.util.Collection<CredentialRefreshListener> getRefreshListeners()
Returns the unmodifiable list of listeners for refresh token results.- Since:
- 1.15
-
-