Class AuthorizationCodeFlow

java.lang.Object
com.google.api.client.auth.oauth2.AuthorizationCodeFlow

public class AuthorizationCodeFlow extends Object
Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.

This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.

The first step is to call loadCredential(String) based on the known user ID to check if the end-user's credentials are already known. If not, call newAuthorizationUrl() and direct the end-user's browser to an authorization page. The web browser will then redirect to the redirect URL with a "code" query parameter which can then be used to request an access token using newTokenRequest(String). Finally, use createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing protected resources.

Since:
1.7
  • Field Details

    • method

      private final Credential.AccessMethod method
      Method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod()).
    • transport

      private final com.google.api.client.http.HttpTransport transport
      HTTP transport.
    • jsonFactory

      private final com.google.api.client.json.JsonFactory jsonFactory
      JSON factory.
    • tokenServerEncodedUrl

      private final String tokenServerEncodedUrl
      Token server encoded URL.
    • clientAuthentication

      private final com.google.api.client.http.HttpExecuteInterceptor clientAuthentication
      Client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)).
    • clientId

      private final String clientId
      Client identifier.
    • authorizationServerEncodedUrl

      private final String authorizationServerEncodedUrl
      Authorization server encoded URL.
    • credentialStore

      @Beta @Deprecated private final CredentialStore credentialStore
      Deprecated.
      Credential persistence store or null for none.
    • credentialDataStore

      @Beta private final com.google.api.client.util.store.DataStore<StoredCredential> credentialDataStore
      Stored credential data store or null for none.
    • requestInitializer

      private final com.google.api.client.http.HttpRequestInitializer requestInitializer
      HTTP request initializer or null for none.
    • clock

      private final com.google.api.client.util.Clock clock
      Clock passed along to Credential.
    • scopes

      private final Collection<String> scopes
      Collection of scopes.
    • credentialCreatedListener

      private final AuthorizationCodeFlow.CredentialCreatedListener credentialCreatedListener
      Credential created listener or null for none.
    • refreshListeners

      private final Collection<CredentialRefreshListener> refreshListeners
      Refresh listeners provided by the client.
  • Constructor Details

    • AuthorizationCodeFlow

      public AuthorizationCodeFlow(Credential.AccessMethod method, com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory, com.google.api.client.http.GenericUrl tokenServerUrl, com.google.api.client.http.HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)
      Parameters:
      method - method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod())
      transport - HTTP transport
      jsonFactory - JSON factory
      tokenServerUrl - token server URL
      clientAuthentication - client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor))
      clientId - client identifier
      authorizationServerEncodedUrl - authorization server encoded URL
      Since:
      1.14
    • AuthorizationCodeFlow

      protected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
      Parameters:
      builder - authorization code flow builder
      Since:
      1.14
  • Method Details

    • newAuthorizationUrl

      public AuthorizationCodeRequestUrl newAuthorizationUrl()
      Returns a new instance of an authorization code request URL.

      This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the getAuthorizationServerEncodedUrl(), getClientId(), and getScopes(). Sample usage:

        private AuthorizationCodeFlow flow;
      
        public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
          String url = flow.newAuthorizationUrl().setState("xyz")
              .setRedirectUri("https://client.example.com/rd").build();
          response.sendRedirect(url);
        }
       
    • newTokenRequest

      public AuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)
      Returns a new instance of an authorization code token request based on the given authorization code.

      This is used to make a request for an access token using the authorization code. It uses getTransport(), getJsonFactory(), getTokenServerEncodedUrl(), getClientAuthentication(), getRequestInitializer(), and getScopes().

        static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code)
            throws IOException, TokenResponseException {
          return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute();
        }
       
      Parameters:
      authorizationCode - authorization code.
    • createAndStoreCredential

      public Credential createAndStoreCredential(TokenResponse response, String userId) throws IOException
      Creates a new credential for the given user ID based on the given token response and store in the credential store.
      Parameters:
      response - token response
      userId - user ID or null if not using a persisted credential store
      Returns:
      newly created credential
      Throws:
      IOException
    • loadCredential

      public Credential loadCredential(String userId) throws IOException
      Loads the credential of the given user ID from the credential store.
      Parameters:
      userId - user ID or null if not using a persisted credential store
      Returns:
      credential found in the credential store of the given user ID or null for none found
      Throws:
      IOException
    • newCredential

      private Credential newCredential(String userId)
      Returns a new credential instance based on the given user ID.
      Parameters:
      userId - user ID or null if not using a persisted credential store
    • getMethod

      public final Credential.AccessMethod getMethod()
      Returns the method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod()).
    • getTransport

      public final com.google.api.client.http.HttpTransport getTransport()
      Returns the HTTP transport.
    • getJsonFactory

      public final com.google.api.client.json.JsonFactory getJsonFactory()
      Returns the JSON factory.
    • getTokenServerEncodedUrl

      public final String getTokenServerEncodedUrl()
      Returns the token server encoded URL.
    • getClientAuthentication

      public final com.google.api.client.http.HttpExecuteInterceptor getClientAuthentication()
      Returns the client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)).
    • getClientId

      public final String getClientId()
      Returns the client identifier.
    • getAuthorizationServerEncodedUrl

      public final String getAuthorizationServerEncodedUrl()
      Returns the authorization server encoded URL.
    • getCredentialStore

      @Beta @Deprecated public final CredentialStore getCredentialStore()
      Deprecated.
      (to be removed in the future) Use getCredentialDataStore() instead.
      Beta
      Returns the credential persistence store or null for none.
    • getCredentialDataStore

      @Beta public final com.google.api.client.util.store.DataStore<StoredCredential> getCredentialDataStore()
      Beta
      Returns the stored credential data store or null for none.
      Since:
      1.16
    • getRequestInitializer

      public final com.google.api.client.http.HttpRequestInitializer getRequestInitializer()
      Returns the HTTP request initializer or null for none.
    • getScopesAsString

      public final String getScopesAsString()
      Returns the space-separated list of scopes.
      Since:
      1.15
    • getScopes

      public final Collection<String> getScopes()
      Returns the a collection of scopes.
    • getClock

      public final com.google.api.client.util.Clock getClock()
      Returns the clock which will be passed along to the Credential.
      Since:
      1.9
    • getRefreshListeners

      public final Collection<CredentialRefreshListener> getRefreshListeners()
      Returns the unmodifiable list of listeners for refresh token results.
      Since:
      1.15