public interface OAuth2CodeGrantFlow
The implementation of this interface is capable of performing of the user
authorization defined in the OAuth2 specification as "Authorization Code Grant Flow" (OAuth 2 spec defines more
Authorization Flows). The result of the authorization
TokenResult. The implementation starts the authorization process by construction of a redirect URI
to which the user should
be redirected (the URI points to authorization consent page hosted by Service Provider). The user
grants an access using this page. Service Provider redirects the user back to the
our server and the authorization process is finished using the same instance of the interface implementation.
To perform the authorization follow these steps:
start() method. The method returns redirection uri as a String.
start method. If your application deployment
does not allow redirection (for example the app is a console application), then provide the redirection URI
to the user in other ways.
OAuth2CodeGrantFlow.Builder.redirectUri(String) and provide the
a request query parameter. Extract these parameter from the request. If your deployment does not support
redirection (your app is not a web server) then Authorization Server will provide the user with
code in other ways (for example display on the html page). You need to get
this code from the user. The
state parameter is added to the redirect URI in the
start method and
and the same parameter should be returned from the authorization response as a protection against CSRF attacks.
state to finish the authorization process by calling the method
finish(String, String) supplying the
code and the
state parameter. The method will internally request
the access token from the Authorization Server and return it.
TokenResult together with
perform the authenticated requests to the Service Provider. You can also call
getAuthorizedClient() to get
client already configured with support
for authentication from consumer credentials and access token received during authorization process.
Important note: one instance of the interface can be used only for one authorization process. The methods must be called exactly in the order specified by the list above. Therefore the instance is also not thread safe and no concurrent access is expected.
Instance must be stored between method calls (between
for one user authorization process as the instance keeps
internal state of the authorization process.
|Modifier and Type||Interface and Description|
The builder of
Phase of the Authorization Code Grant Flow.
|Modifier and Type||Method and Description|
Finish the authorization process and return the
Return the client configured for performing authorized requests to the Service Provider.
Refresh the access token using a refresh token.
Start the authorization process and return redirection URI on which the user should give a consent for our application to access resources.
TokenResult finish(String code, String state)
TokenResult. The method must be called on the same instance after the
start()method was called and user granted access to this application.
The method makes a request to the Authorization Server in order to exchange
code for access token.
code- Code received from the user authorization process.
state- State received from the user authorization response.
TokenResult refreshAccessToken(String refreshToken)
refreshToken- Refresh token.
Authorizationheader to requests.
oauth filter featurethat can be used to configure
clientinstances to perform authenticated requests to the Service Provider.
authorization process must be successfully finished by instance by calling methods
Copyright © 2007-2015, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.