public class AuthorizationCodeFlow extends Object
This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.
The first step is to call loadCredential(String)
based on the known user ID to check
if the end-user's credentials are already known. If not, call newAuthorizationUrl()
and
direct the end-user's browser to an authorization page. The web browser will then redirect to the
redirect URL with a "code"
query parameter which can then be used to request an access
token using newTokenRequest(String)
. Finally, use createAndStoreCredential(TokenResponse, String)
to store and obtain a credential for accessing
protected resources.
Modifier and Type | Class and Description |
---|---|
static class |
AuthorizationCodeFlow.Builder
Authorization code flow builder.
|
static interface |
AuthorizationCodeFlow.CredentialCreatedListener
Listener for a created credential after a successful token response in
createAndStoreCredential(com.google.api.client.auth.oauth2.TokenResponse, java.lang.String) . |
Modifier | Constructor and Description |
---|---|
protected |
AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder) |
|
AuthorizationCodeFlow(Credential.AccessMethod method,
HttpTransport transport,
JsonFactory jsonFactory,
GenericUrl tokenServerUrl,
HttpExecuteInterceptor clientAuthentication,
String clientId,
String authorizationServerEncodedUrl) |
Modifier and Type | Method and Description |
---|---|
Credential |
createAndStoreCredential(TokenResponse response,
String userId)
Creates a new credential for the given user ID based on the given token response and stores it
in the credential store.
|
String |
getAuthorizationServerEncodedUrl()
Returns the authorization server encoded URL.
|
HttpExecuteInterceptor |
getClientAuthentication()
Returns the client authentication or
null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor) ). |
String |
getClientId()
Returns the client identifier.
|
Clock |
getClock()
Returns the clock which will be passed along to the Credential.
|
DataStore<StoredCredential> |
getCredentialDataStore()
|
CredentialStore |
getCredentialStore()
Deprecated.
(to be removed in the future) Use
getCredentialDataStore() instead. |
JsonFactory |
getJsonFactory()
Returns the JSON factory.
|
Credential.AccessMethod |
getMethod()
Returns the method of presenting the access token to the resource server (for example
BearerToken.authorizationHeaderAccessMethod() ). |
Collection<CredentialRefreshListener> |
getRefreshListeners()
Returns the unmodifiable list of listeners for refresh token results.
|
HttpRequestInitializer |
getRequestInitializer()
Returns the HTTP request initializer or
null for none. |
Collection<String> |
getScopes()
Returns the a collection of scopes.
|
String |
getScopesAsString()
Returns the space-separated list of scopes.
|
String |
getTokenServerEncodedUrl()
Returns the token server encoded URL.
|
HttpTransport |
getTransport()
Returns the HTTP transport.
|
Credential |
loadCredential(String userId)
Loads the credential of the given user ID from the credential store.
|
AuthorizationCodeRequestUrl |
newAuthorizationUrl()
Returns a new instance of an authorization code request URL.
|
AuthorizationCodeTokenRequest |
newTokenRequest(String authorizationCode)
Returns a new instance of an authorization code token request based on the given authorization
code.
|
public AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)
method
- method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod()
)transport
- HTTP transportjsonFactory
- JSON factorytokenServerUrl
- token server URLclientAuthentication
- client authentication or null
for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)
)clientId
- client identifierauthorizationServerEncodedUrl
- authorization server encoded URLprotected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
builder
- authorization code flow builderpublic AuthorizationCodeRequestUrl newAuthorizationUrl()
This is a builder for an authorization web page to allow the end user to authorize the
application to access their protected resources and that returns an authorization code. It uses
the getAuthorizationServerEncodedUrl()
, getClientId()
, and getScopes()
. Sample usage:
private AuthorizationCodeFlow flow; public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = flow.newAuthorizationUrl().setState("xyz") .setRedirectUri("https://client.example.com/rd").build(); response.sendRedirect(url); }
public AuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)
This is used to make a request for an access token using the authorization code. It uses
getTransport()
, getJsonFactory()
, getTokenServerEncodedUrl()
, getClientAuthentication()
, getRequestInitializer()
, and getScopes()
.
static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code) throws IOException, TokenResponseException { return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute(); }
authorizationCode
- authorization code.public Credential createAndStoreCredential(TokenResponse response, String userId) throws IOException
response
- token responseuserId
- user ID or null
if not using a persisted credential storeIOException
public Credential loadCredential(String userId) throws IOException
userId
- user ID or null
if not using a persisted credential storenull
for none
foundIOException
public final Credential.AccessMethod getMethod()
BearerToken.authorizationHeaderAccessMethod()
).public final HttpTransport getTransport()
public final JsonFactory getJsonFactory()
public final String getTokenServerEncodedUrl()
public final HttpExecuteInterceptor getClientAuthentication()
null
for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)
).public final String getClientId()
public final String getAuthorizationServerEncodedUrl()
@Beta @Deprecated public final CredentialStore getCredentialStore()
getCredentialDataStore()
instead.@Beta public final DataStore<StoredCredential> getCredentialDataStore()
public final HttpRequestInitializer getRequestInitializer()
null
for none.public final String getScopesAsString()
public final Collection<String> getScopes()
public final Clock getClock()
public final Collection<CredentialRefreshListener> getRefreshListeners()
Copyright © 2011–2021 Google. All rights reserved.