Interface OAuth2CodeGrantFlow
-
- All Known Implementing Classes:
AuthCodeGrantImpl
public interface OAuth2CodeGrantFlow
The interface that defines OAuth 2 Authorization Code Grant Flow.The implementation of this interface is capable of performing of the user authorization defined in the OAuth2 specification as "Authorization Code Grant Flow" (OAuth 2 spec defines more Authorization Flows). The result of the authorization is the
TokenResult
. The implementation starts the authorization process by construction of a redirect URI to which the user should be redirected (the URI points to authorization consent page hosted by Service Provider). The user grants an access using this page. Service Provider redirects the user back to the our server and the authorization process is finished using the same instance of the interface implementation.To perform the authorization follow these steps:
- Get the instance of this interface using
OAuth2ClientSupport
. - Call
start()
method. The method returns redirection uri as a String. - Redirect the user to the redirect URI returned from the
start
method. If your application deployment does not allow redirection (for example the app is a console application), then provide the redirection URI to the user in other ways. - User should authorize your application on the redirect URI.
- After authorization the Authorization Server redirects the user back to the URI specified
by
OAuth2CodeGrantFlow.Builder.redirectUri(String)
and provide thecode
andstate
as a request query parameter. Extract these parameter from the request. If your deployment does not support redirection (your app is not a web server) then Authorization Server will provide the user withcode
in other ways (for example display on the html page). You need to get this code from the user. Thestate
parameter is added to the redirect URI in thestart
method and and the same parameter should be returned from the authorization response as a protection against CSRF attacks. - Use the
code
andstate
to finish the authorization process by calling the methodfinish(String, String)
supplying thecode
and thestate
parameter. The method will internally request the access token from the Authorization Server and return it. - You can use access token from
TokenResult
together withClientIdentifier
to perform the authenticated requests to the Service Provider. You can also call methodsgetAuthorizedClient()
to getclient
already configured with support for authentication from consumer credentials and access token received during authorization process.
Important note: one instance of the interface can be used only for one authorization process. The methods must be called exactly in the order specified by the list above. Therefore the instance is also not thread safe and no concurrent access is expected.
Instance must be stored between method calls (between
start
andfinish
) for one user authorization process as the instance keeps internal state of the authorization process.- Since:
- 2.3
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
OAuth2CodeGrantFlow.Builder<T extends OAuth2CodeGrantFlow.Builder>
The builder ofOAuth2CodeGrantFlow
.static class
OAuth2CodeGrantFlow.Phase
Phase of the Authorization Code Grant Flow.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description TokenResult
finish(java.lang.String code, java.lang.String state)
Finish the authorization process and return theTokenResult
.javax.ws.rs.client.Client
getAuthorizedClient()
Return the client configured for performing authorized requests to the Service Provider.javax.ws.rs.core.Feature
getOAuth2Feature()
Return theoauth filter feature
that can be used to configureclient
instances to perform authenticated requests to the Service Provider.TokenResult
refreshAccessToken(java.lang.String refreshToken)
Refresh the access token using a refresh token.java.lang.String
start()
Start the authorization process and return redirection URI on which the user should give a consent for our application to access resources.
-
-
-
Method Detail
-
start
java.lang.String start()
Start the authorization process and return redirection URI on which the user should give a consent for our application to access resources.- Returns:
- URI to which user should be redirected.
-
finish
TokenResult finish(java.lang.String code, java.lang.String state)
Finish the authorization process and return theTokenResult
. The method must be called on the same instance after thestart()
method was called and user granted access to this application.The method makes a request to the Authorization Server in order to exchange
code
for access token.- Parameters:
code
- Code received from the user authorization process.state
- State received from the user authorization response.- Returns:
- Token result.
-
refreshAccessToken
TokenResult refreshAccessToken(java.lang.String refreshToken)
Refresh the access token using a refresh token. This method can be called on newly created instance or on instance on which the authorization flow was already performed.- Parameters:
refreshToken
- Refresh token.- Returns:
- Token result.
-
getAuthorizedClient
javax.ws.rs.client.Client getAuthorizedClient()
Return the client configured for performing authorized requests to the Service Provider. The authorization process must be successfully finished by instance by calling methodsstart()
andfinish(String, String)
.- Returns:
- Client configured to add correct
Authorization
header to requests.
-
getOAuth2Feature
javax.ws.rs.core.Feature getOAuth2Feature()
Return theoauth filter feature
that can be used to configureclient
instances to perform authenticated requests to the Service Provider.The authorization process must be successfully finished by instance by calling methods
start()
andfinish(String, String)
.- Returns:
- oauth filter feature configured with received
AccessToken
.
-
-