Class AuthorizationCodeFlow
This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.
The first step is to call loadCredential(String)
based on the known user ID to check if
the end-user's credentials are already known. If not, call newAuthorizationUrl()
and
direct the end-user's browser to an authorization page. The web browser will then redirect to the
redirect URL with a "code"
query parameter which can then be used to request an access
token using newTokenRequest(String)
. Finally, use
createAndStoreCredential(TokenResponse, String)
to store and obtain a credential for
accessing protected resources.
- Since:
- 1.7
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Authorization code flow builder.static interface
Listener for a created credential after a successful token response increateAndStoreCredential(com.google.api.client.auth.oauth2.TokenResponse, java.lang.String)
. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final String
Authorization server encoded URL.private final com.google.api.client.http.HttpExecuteInterceptor
Client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).private final String
Client identifier.private final com.google.api.client.util.Clock
Clock passed along to Credential.private final AuthorizationCodeFlow.CredentialCreatedListener
Credential created listener ornull
for none.private final com.google.api.client.util.store.DataStore
<StoredCredential> Stored credential data store ornull
for none.private final CredentialStore
Deprecated.private final com.google.api.client.json.JsonFactory
JSON factory.private final Credential.AccessMethod
Method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).private final Collection
<CredentialRefreshListener> Refresh listeners provided by the client.private final com.google.api.client.http.HttpRequestInitializer
HTTP request initializer ornull
for none.private final Collection
<String> Collection of scopes.private final String
Token server encoded URL.private final com.google.api.client.http.HttpTransport
HTTP transport. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
AuthorizationCodeFlow
(Credential.AccessMethod method, com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory, com.google.api.client.http.GenericUrl tokenServerUrl, com.google.api.client.http.HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl) -
Method Summary
Modifier and TypeMethodDescriptioncreateAndStoreCredential
(TokenResponse response, String userId) Creates a new credential for the given user ID based on the given token response and store in the credential store.final String
Returns the authorization server encoded URL.final com.google.api.client.http.HttpExecuteInterceptor
Returns the client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).final String
Returns the client identifier.final com.google.api.client.util.Clock
getClock()
Returns the clock which will be passed along to the Credential.final com.google.api.client.util.store.DataStore
<StoredCredential> Beta
Returns the stored credential data store ornull
for none.final CredentialStore
Deprecated.final com.google.api.client.json.JsonFactory
Returns the JSON factory.final Credential.AccessMethod
Returns the method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
).Returns the unmodifiable list of listeners for refresh token results.final com.google.api.client.http.HttpRequestInitializer
Returns the HTTP request initializer ornull
for none.final Collection
<String> Returns the a collection of scopes.final String
Returns the space-separated list of scopes.final String
Returns the token server encoded URL.final com.google.api.client.http.HttpTransport
Returns the HTTP transport.loadCredential
(String userId) Loads the credential of the given user ID from the credential store.Returns a new instance of an authorization code request URL.private Credential
newCredential
(String userId) Returns a new credential instance based on the given user ID.newTokenRequest
(String authorizationCode) Returns a new instance of an authorization code token request based on the given authorization code.
-
Field Details
-
method
Method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
). -
transport
private final com.google.api.client.http.HttpTransport transportHTTP transport. -
jsonFactory
private final com.google.api.client.json.JsonFactory jsonFactoryJSON factory. -
tokenServerEncodedUrl
Token server encoded URL. -
clientAuthentication
private final com.google.api.client.http.HttpExecuteInterceptor clientAuthenticationClient authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
). -
clientId
Client identifier. -
authorizationServerEncodedUrl
Authorization server encoded URL. -
credentialStore
Deprecated.Credential persistence store ornull
for none. -
credentialDataStore
@Beta private final com.google.api.client.util.store.DataStore<StoredCredential> credentialDataStoreStored credential data store ornull
for none. -
requestInitializer
private final com.google.api.client.http.HttpRequestInitializer requestInitializerHTTP request initializer ornull
for none. -
clock
private final com.google.api.client.util.Clock clockClock passed along to Credential. -
scopes
Collection of scopes. -
credentialCreatedListener
Credential created listener ornull
for none. -
refreshListeners
Refresh listeners provided by the client.
-
-
Constructor Details
-
AuthorizationCodeFlow
public AuthorizationCodeFlow(Credential.AccessMethod method, com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory, com.google.api.client.http.GenericUrl tokenServerUrl, com.google.api.client.http.HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl) - Parameters:
method
- method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
)transport
- HTTP transportjsonFactory
- JSON factorytokenServerUrl
- token server URLclientAuthentication
- client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
)clientId
- client identifierauthorizationServerEncodedUrl
- authorization server encoded URL- Since:
- 1.14
-
AuthorizationCodeFlow
- Parameters:
builder
- authorization code flow builder- Since:
- 1.14
-
-
Method Details
-
newAuthorizationUrl
Returns a new instance of an authorization code request URL.This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the
getAuthorizationServerEncodedUrl()
,getClientId()
, andgetScopes()
. Sample usage:private AuthorizationCodeFlow flow; public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = flow.newAuthorizationUrl().setState("xyz") .setRedirectUri("https://client.example.com/rd").build(); response.sendRedirect(url); }
-
newTokenRequest
Returns a new instance of an authorization code token request based on the given authorization code.This is used to make a request for an access token using the authorization code. It uses
getTransport()
,getJsonFactory()
,getTokenServerEncodedUrl()
,getClientAuthentication()
,getRequestInitializer()
, andgetScopes()
.static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code) throws IOException, TokenResponseException { return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute(); }
- Parameters:
authorizationCode
- authorization code.
-
createAndStoreCredential
public Credential createAndStoreCredential(TokenResponse response, String userId) throws IOException Creates a new credential for the given user ID based on the given token response and store in the credential store.- Parameters:
response
- token responseuserId
- user ID ornull
if not using a persisted credential store- Returns:
- newly created credential
- Throws:
IOException
-
loadCredential
Loads the credential of the given user ID from the credential store.- Parameters:
userId
- user ID ornull
if not using a persisted credential store- Returns:
- credential found in the credential store of the given user ID or
null
for none found - Throws:
IOException
-
newCredential
Returns a new credential instance based on the given user ID.- Parameters:
userId
- user ID ornull
if not using a persisted credential store
-
getMethod
Returns the method of presenting the access token to the resource server (for exampleBearerToken.authorizationHeaderAccessMethod()
). -
getTransport
public final com.google.api.client.http.HttpTransport getTransport()Returns the HTTP transport. -
getJsonFactory
public final com.google.api.client.json.JsonFactory getJsonFactory()Returns the JSON factory. -
getTokenServerEncodedUrl
Returns the token server encoded URL. -
getClientAuthentication
public final com.google.api.client.http.HttpExecuteInterceptor getClientAuthentication()Returns the client authentication ornull
for none (seeTokenRequest.setClientAuthentication(HttpExecuteInterceptor)
). -
getClientId
Returns the client identifier. -
getAuthorizationServerEncodedUrl
Returns the authorization server encoded URL. -
getCredentialStore
Deprecated.(to be removed in the future) UsegetCredentialDataStore()
instead.Beta
Returns the credential persistence store ornull
for none. -
getCredentialDataStore
@Beta public final com.google.api.client.util.store.DataStore<StoredCredential> getCredentialDataStore()Beta
Returns the stored credential data store ornull
for none.- Since:
- 1.16
-
getRequestInitializer
public final com.google.api.client.http.HttpRequestInitializer getRequestInitializer()Returns the HTTP request initializer ornull
for none. -
getScopesAsString
Returns the space-separated list of scopes.- Since:
- 1.15
-
getScopes
Returns the a collection of scopes. -
getClock
public final com.google.api.client.util.Clock getClock()Returns the clock which will be passed along to the Credential.- Since:
- 1.9
-
getRefreshListeners
Returns the unmodifiable list of listeners for refresh token results.- Since:
- 1.15
-
getCredentialDataStore()
instead.