Detailed Description
Implementation of an OAuth PKCE flow client for use in applications that are not web servers.
Note: creating an instance of this class will not reserve any system resources. Only a call to authorize(tenduke.sdk.core.service.WebBrowser, tenduke.sdk.core.auth.OAuthAuthzResultSubscriber, boolean, long) will allocate resources that require a call to close() in order to be freed up.
Note: the second phase construction method init() must be used prior to running an OAuth flow.
This implementation uses an internal HTTP server, which may be configured to listen to a certain port. The port number configuration is optional. If the HTTP server port is not specified a random port will be chosen. Using a random port means the authorization server must support a less strict redirect_uri verification logic: must ignore the port part of the redirect_uri when checking the registered URI vs. the one specified in at runtime by the client application.
Public Member Functions | |
| DesktopPkceClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| void | init () |
Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration.Calling this method will induce an HTTP request if the AuthConfig#idpOidcDiscoveryUrl() is configured. Otherwise the provided AuthConfig is used as such. . | |
| PkceRequestInfo | authorize (final WebBrowser browser, final OAuthAuthzResultSubscriber codeSubscriber, final boolean waitResults, final long maxWaitSeconds) throws IOException |
| Runs the OAuth PKCE flow to authorize the user at the authorization server. | |
| void | close () |
| Closes the flow and frees temporary system resources used while the PKCE flow is running. | |
 Public Member Functions inherited from tenduke.sdk.core.auth.AbstractPkceClient | |
| AbstractPkceClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| VerifiedOAuthTokenResponse | requestToken (final String codeVerifier, final String code, final URI redirectUri) throws IOException |
| Makes an access token request to the authorization server. | |
| void | registerTokenResponseSubscriber (final OAuthTokenResponseSubscriber subscriber) |
| Adds a token response subscriber for receiving callbacks for each token response this client gets. | |
| boolean | unregisterTokenResponseSubscriber (final OAuthTokenResponseSubscriber subscriber) |
| Removes a token response subscriber that was previously registered. | |
| Public Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient | |
| AbstractOAuthClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| VerifiedOAuthTokenResponse | refreshToken (final String refreshToken) throws IOException |
| Makes an access token refresh request to the authorization server. | |
| boolean | checkIfJwksUriIsConfigured () |
| Checks if this client instance has configuration for the JWKS endpoint. | |
| boolean | reloadJwks () |
| Requests this client instance to reload keys from the JWKS endpoint. | |
Additional Inherited Members | |
| Protected Member Functions inherited from tenduke.sdk.core.auth.AbstractPkceClient | |
| PkceRequestInfo | buildAuthorizationUrl (final URI redirectUri, final String codeVerifier, final String codeChallenge, final String state) |
| Builds the URL where the user is to be sent for authorization. | |
| String | generateCodeVerifier () |
| Generates the PKCE code verifier, which is the mechanism by which the client proves in the call to the token endpoint that it was the one that initiated the authorization request. | |
| String | generateCodeChallange (final String codeVerifier) |
| Generates the PKCE code challenge, which is derived from the code verifier that is sent in the authorization request, to be verified against later. | |
| String | generateCodeChallange (final String codeVerifier, final String messageDigestAlgorithm) |
| Generates the PKCE code challenge, which is derived from the code verifier that is sent in the authorization request, to be verified against later. | |
| String | generateState () |
| Generates the state for the PKCE flow. | |
| void | assertStateIsValid () |
| Analyzes state and configuration. | |
| void | assertValidateAuthorizeCallbackWaitArgs (final boolean waitResults, final long maxWaitSeconds) |
| Validates OAuth authorization step wait settings are sane. | |
| boolean | supportsTokenRefresh () |
| Returns flag that tells if the OAuth client implementation supports token refresh. | |
| Protected Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient | |
| VerifiedOAuthTokenResponse | parseTokenResponse (final Response response) |
| Parses a token response received from the authorization server (Identity Provider). | |
| void | loadOpenIdConnectConfiguration () |
| Loads OpenId configuration from configured URL (only if discovery URL is available in configuration). | |
| String | formatConfigMissingMessage (final String formatValue) |
| Formats a message for a missing configuration value. | |
| String | formatRuntimeDependencyMissingMessage (final String formatValue) |
| Formats a message for a missing configuration value. | |
| boolean | updateSigningKeys (final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp) |
| Updates signing keys based on OpenIdConfiguration that has been loaded or changed. | |
Constructor & Destructor Documentation
◆ DesktopPkceClient()
| tenduke.sdk.core.auth.DesktopPkceClient.DesktopPkceClient | ( | final AuthConfig | config, |
| final OkHttpProvider | okHttpProvider, | ||
| final JwtServiceProvider | jwtServiceProvider, | ||
| final ObjectMapper | mapper ) |
Class constructor.
- Parameters
-
config The configuration to use for OAuth client_id and endpoints at the authorization provider, okHttpProvider Provides OkHttpClient instance(s). jwtServiceProvider Provides JwtService instances. mapper Jackson object mapper, needed for parsing access token response JSON.
Member Function Documentation
◆ authorize()
| PkceRequestInfo tenduke.sdk.core.auth.DesktopPkceClient.authorize | ( | final WebBrowser | browser, |
| final OAuthAuthzResultSubscriber | codeSubscriber, | ||
| final boolean | waitResults, | ||
| final long | maxWaitSeconds ) throws IOException |
Runs the OAuth PKCE flow to authorize the user at the authorization server.
Calling this method will start a local HTTP server for listening to the login callback. Calling close() on this instance can be done after the login flow has completed or when the application using this class exists.
- Parameters
-
browser The browser service to use for navigating to the authorization server's authorization URL. codeSubscriber Listener that will be given the authorization code when it is available. waitResults Block and wait for the OAuth callback to arrive. Use with care in UI application as value true makes the call block for potentially a long time. maxWaitSeconds Maximum time in seconds to wait for the OAuth callback to arrive. Applied if waitResults flag is set to true. If wait is specified then the duration value must be greater than 0.
- Returns
- Information about the PKCE flow's authorization step.
- Exceptions
-
IOException for errors opening the desktop browser needed for the authorization stage.
◆ init()
| void tenduke.sdk.core.auth.DesktopPkceClient.init | ( | ) |
Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration.Calling this method will induce an HTTP request if the AuthConfig#idpOidcDiscoveryUrl() is configured. Otherwise the provided AuthConfig is used as such. .
NOTE: init() cannot be called after the client's local callback server has been started. The server starts when calling authorize(tenduke.sdk.core.service.WebBrowser, tenduke.sdk.core.auth.OAuthAuthzResultSubscriber, boolean, long).
Reimplemented from tenduke.sdk.core.auth.AbstractOAuthClient.
The documentation for this class was generated from the following file:
- auth/src/main/java/tenduke/sdk/core/auth/DesktopPkceClient.java
