com.google.api.client.auth.oauth2

Class AuthorizationCodeFlow

java.lang.Object

com.google.api.client.auth.oauth2.AuthorizationCodeFlow

public class AuthorizationCodeFlow
extends Object

Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.

This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.

The first step is to call loadCredential(String) based on the known user ID to check if the end-user's credentials are already known. If not, call newAuthorizationUrl() and direct the end-user's browser to an authorization page. The web browser will then redirect to the redirect URL with a "code" query parameter which can then be used to request an access token using newTokenRequest(String). Finally, use createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing protected resources.

Since:

1.7

Author:

Yaniv Inbar

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthorizationCodeFlow.Builder Authorization code flow builder.
static interface	AuthorizationCodeFlow.CredentialCreatedListener Listener for a created credential after a successful token response in createAndStoreCredential(com.google.api.client.auth.oauth2.TokenResponse, java.lang.String).

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
	AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)

Method Summary

Modifier and Type	Method and Description
Credential	createAndStoreCredential(TokenResponse response, String userId) Creates a new credential for the given user ID based on the given token response and stores it in the credential store.
String	getAuthorizationServerEncodedUrl() Returns the authorization server encoded URL.
HttpExecuteInterceptor	getClientAuthentication() Returns the client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)).
String	getClientId() Returns the client identifier.
Clock	getClock() Returns the clock which will be passed along to the Credential.
DataStore<StoredCredential>	getCredentialDataStore() Beta Returns the stored credential data store or null for none.
CredentialStore	getCredentialStore() Deprecated. (to be removed in the future) Use getCredentialDataStore() instead.
JsonFactory	getJsonFactory() Returns the JSON factory.
Credential.AccessMethod	getMethod() Returns the method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod()).
Collection<CredentialRefreshListener>	getRefreshListeners() Returns the unmodifiable list of listeners for refresh token results.
HttpRequestInitializer	getRequestInitializer() Returns the HTTP request initializer or null for none.
Collection<String>	getScopes() Returns the a collection of scopes.
String	getScopesAsString() Returns the space-separated list of scopes.
String	getTokenServerEncodedUrl() Returns the token server encoded URL.
HttpTransport	getTransport() Returns the HTTP transport.
Credential	loadCredential(String userId) Loads the credential of the given user ID from the credential store.
AuthorizationCodeRequestUrl	newAuthorizationUrl() Returns a new instance of an authorization code request URL.
AuthorizationCodeTokenRequest	newTokenRequest(String authorizationCode) Returns a new instance of an authorization code token request based on the given authorization code.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationCodeFlow

public AuthorizationCodeFlow(Credential.AccessMethod method,
                             HttpTransport transport,
                             JsonFactory jsonFactory,
                             GenericUrl tokenServerUrl,
                             HttpExecuteInterceptor clientAuthentication,
                             String clientId,
                             String authorizationServerEncodedUrl)

Parameters:

method - method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod())

transport - HTTP transport

jsonFactory - JSON factory

tokenServerUrl - token server URL

clientAuthentication - client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor))

clientId - client identifier

authorizationServerEncodedUrl - authorization server encoded URL

Since:

1.14

AuthorizationCodeFlow

protected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)

Parameters:

builder - authorization code flow builder

Since:

1.14

Method Detail

newAuthorizationUrl

public AuthorizationCodeRequestUrl newAuthorizationUrl()

Returns a new instance of an authorization code request URL.

This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the getAuthorizationServerEncodedUrl(), getClientId(), and getScopes(). Sample usage:

 private AuthorizationCodeFlow flow;

 public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
 String url = flow.newAuthorizationUrl().setState("xyz")
 .setRedirectUri("https://client.example.com/rd").build();
 response.sendRedirect(url);
 }
 

newTokenRequest

public AuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)

Returns a new instance of an authorization code token request based on the given authorization code.

This is used to make a request for an access token using the authorization code. It uses getTransport(), getJsonFactory(), getTokenServerEncodedUrl(), getClientAuthentication(), getRequestInitializer(), and getScopes().

 static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code)
 throws IOException, TokenResponseException {
 return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute();
 }
 

Parameters:

authorizationCode - authorization code.

createAndStoreCredential

public Credential createAndStoreCredential(TokenResponse response,
                                           String userId)
                                    throws IOException

Creates a new credential for the given user ID based on the given token response and stores it in the credential store.

Parameters:

response - token response

userId - user ID or null if not using a persisted credential store

Returns:

newly created credential

Throws:

IOException

loadCredential

public Credential loadCredential(String userId)
                          throws IOException

Loads the credential of the given user ID from the credential store.

Parameters:

userId - user ID or null if not using a persisted credential store

Returns:

credential found in the credential store of the given user ID or null for none found

Throws:

IOException

getMethod

public final Credential.AccessMethod getMethod()

Returns the method of presenting the access token to the resource server (for example BearerToken.authorizationHeaderAccessMethod()).

getTransport

public final HttpTransport getTransport()

Returns the HTTP transport.

getJsonFactory

public final JsonFactory getJsonFactory()

Returns the JSON factory.

getTokenServerEncodedUrl

public final String getTokenServerEncodedUrl()

Returns the token server encoded URL.

getClientAuthentication

public final HttpExecuteInterceptor getClientAuthentication()

Returns the client authentication or null for none (see TokenRequest.setClientAuthentication(HttpExecuteInterceptor)).

getClientId

public final String getClientId()

Returns the client identifier.

getAuthorizationServerEncodedUrl

public final String getAuthorizationServerEncodedUrl()

Returns the authorization server encoded URL.

getCredentialStore

@Beta
 @Deprecated
public final CredentialStore getCredentialStore()

Deprecated. (to be removed in the future) Use getCredentialDataStore() instead.

Beta
Returns the credential persistence store or null for none.

getCredentialDataStore

@Beta
public final DataStore<StoredCredential> getCredentialDataStore()

Beta
Returns the stored credential data store or null for none.

Since:

1.16

getRequestInitializer

public final HttpRequestInitializer getRequestInitializer()

Returns the HTTP request initializer or null for none.

getScopesAsString

public final String getScopesAsString()

Returns the space-separated list of scopes.

Since:

1.15

getScopes

public final Collection<String> getScopes()

Returns the a collection of scopes.

getClock

public final Clock getClock()

Returns the clock which will be passed along to the Credential.

Since:

1.9

getRefreshListeners

public final Collection<CredentialRefreshListener> getRefreshListeners()

Returns the unmodifiable list of listeners for refresh token results.

Since:

1.15