Class AuthorizationCodeFlow


  • public class AuthorizationCodeFlow
    extends java.lang.Object
    Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.

    This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.

    The first step is to call loadCredential(String) based on the known user ID to check if the end-user's credentials are already known. If not, call newAuthorizationUrl() and direct the end-user's browser to an authorization page. The web browser will then redirect to the redirect URL with a "code" query parameter which can then be used to request an access token using newTokenRequest(String). Finally, use createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing protected resources.

    Since:
    1.7
    • Field Detail

      • transport

        private final com.google.api.client.http.HttpTransport transport
        HTTP transport.
      • jsonFactory

        private final com.google.api.client.json.JsonFactory jsonFactory
        JSON factory.
      • tokenServerEncodedUrl

        private final java.lang.String tokenServerEncodedUrl
        Token server encoded URL.
      • clientId

        private final java.lang.String clientId
        Client identifier.
      • authorizationServerEncodedUrl

        private final java.lang.String authorizationServerEncodedUrl
        Authorization server encoded URL.
      • credentialStore

        @Beta
        @Deprecated
        private final CredentialStore credentialStore
        Deprecated.
        Credential persistence store or null for none.
      • credentialDataStore

        @Beta
        private final com.google.api.client.util.store.DataStore<StoredCredential> credentialDataStore
        Stored credential data store or null for none.
      • requestInitializer

        private final com.google.api.client.http.HttpRequestInitializer requestInitializer
        HTTP request initializer or null for none.
      • clock

        private final com.google.api.client.util.Clock clock
        Clock passed along to Credential.
      • scopes

        private final java.util.Collection<java.lang.String> scopes
        Collection of scopes.
      • refreshListeners

        private final java.util.Collection<CredentialRefreshListener> refreshListeners
        Refresh listeners provided by the client.
    • Constructor Detail

      • AuthorizationCodeFlow

        public AuthorizationCodeFlow​(Credential.AccessMethod method,
                                     com.google.api.client.http.HttpTransport transport,
                                     com.google.api.client.json.JsonFactory jsonFactory,
                                     com.google.api.client.http.GenericUrl tokenServerUrl,
                                     com.google.api.client.http.HttpExecuteInterceptor clientAuthentication,
                                     java.lang.String clientId,
                                     java.lang.String authorizationServerEncodedUrl)
        Parameters:
        method - method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod())
        transport - HTTP transport
        jsonFactory - JSON factory
        tokenServerUrl - token server URL
        clientAuthentication - client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor))
        clientId - client identifier
        authorizationServerEncodedUrl - authorization server encoded URL
        Since:
        1.14
      • AuthorizationCodeFlow

        protected AuthorizationCodeFlow​(AuthorizationCodeFlow.Builder builder)
        Parameters:
        builder - authorization code flow builder
        Since:
        1.14
    • Method Detail

      • newAuthorizationUrl

        public AuthorizationCodeRequestUrl newAuthorizationUrl()
        Returns a new instance of an authorization code request URL.

        This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the getAuthorizationServerEncodedUrl(), getClientId(), and getScopes(). Sample usage:

          private AuthorizationCodeFlow flow;
        
          public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
            String url = flow.newAuthorizationUrl().setState("xyz")
                .setRedirectUri("https://client.example.com/rd").build();
            response.sendRedirect(url);
          }
         
      • createAndStoreCredential

        public Credential createAndStoreCredential​(TokenResponse response,
                                                   java.lang.String userId)
                                            throws java.io.IOException
        Creates a new credential for the given user ID based on the given token response and store in the credential store.
        Parameters:
        response - token response
        userId - user ID or null if not using a persisted credential store
        Returns:
        newly created credential
        Throws:
        java.io.IOException
      • loadCredential

        public Credential loadCredential​(java.lang.String userId)
                                  throws java.io.IOException
        Loads the credential of the given user ID from the credential store.
        Parameters:
        userId - user ID or null if not using a persisted credential store
        Returns:
        credential found in the credential store of the given user ID or null for none found
        Throws:
        java.io.IOException
      • newCredential

        private Credential newCredential​(java.lang.String userId)
        Returns a new credential instance based on the given user ID.
        Parameters:
        userId - user ID or null if not using a persisted credential store
      • getTransport

        public final com.google.api.client.http.HttpTransport getTransport()
        Returns the HTTP transport.
      • getJsonFactory

        public final com.google.api.client.json.JsonFactory getJsonFactory()
        Returns the JSON factory.
      • getTokenServerEncodedUrl

        public final java.lang.String getTokenServerEncodedUrl()
        Returns the token server encoded URL.
      • getClientId

        public final java.lang.String getClientId()
        Returns the client identifier.
      • getAuthorizationServerEncodedUrl

        public final java.lang.String getAuthorizationServerEncodedUrl()
        Returns the authorization server encoded URL.
      • getCredentialStore

        @Beta
        @Deprecated
        public final CredentialStore getCredentialStore()
        Deprecated.
        (to be removed in the future) Use getCredentialDataStore() instead.
        Beta
        Returns the credential persistence store or null for none.
      • getCredentialDataStore

        @Beta
        public final com.google.api.client.util.store.DataStore<StoredCredential> getCredentialDataStore()
        Beta
        Returns the stored credential data store or null for none.
        Since:
        1.16
      • getRequestInitializer

        public final com.google.api.client.http.HttpRequestInitializer getRequestInitializer()
        Returns the HTTP request initializer or null for none.
      • getScopesAsString

        public final java.lang.String getScopesAsString()
        Returns the space-separated list of scopes.
        Since:
        1.15
      • getScopes

        public final java.util.Collection<java.lang.String> getScopes()
        Returns the a collection of scopes.
      • getClock

        public final com.google.api.client.util.Clock getClock()
        Returns the clock which will be passed along to the Credential.
        Since:
        1.9
      • getRefreshListeners

        public final java.util.Collection<CredentialRefreshListener> getRefreshListeners()
        Returns the unmodifiable list of listeners for refresh token results.
        Since:
        1.15