tenduke.sdk.core.auth.DeviceFlowClient Class Reference

Detailed Description

Implementation of an OAuth device flow client.

Note: the second phase construction method init() must be used prior to running an OAuth flow.

Inheritance diagram for tenduke.sdk.core.auth.DeviceFlowClient:

Public Member Functions
	DeviceFlowClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper)
	Class constructor.
DeviceAuthResponse	authorize () throws IOException
	Starts the device flow by running the device code request.
VerifiedOAuthTokenResponse	requestToken (final String deviceCode) throws IOException
	Makes the access token request to the authorization server.
Public Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient
	AbstractOAuthClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper)
	Class constructor.
void	init ()
	Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration.
VerifiedOAuthTokenResponse	refreshToken (final String refreshToken) throws IOException
	Makes an access token refresh request to the authorization server.
boolean	checkIfJwksUriIsConfigured ()
	Checks if this client instance has configuration for the JWKS endpoint.
boolean	reloadJwks ()
	Requests this client instance to reload keys from the JWKS endpoint.

Protected Member Functions
void	assertStateIsValid ()
	Analyzes state and configuration.
boolean	supportsTokenRefresh ()
	Returns flag that tells if the OAuth client implementation supports token refresh.
Protected Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient
VerifiedOAuthTokenResponse	parseTokenResponse (final Response response)
	Parses a token response received from the authorization server (Identity Provider).
void	loadOpenIdConnectConfiguration ()
	Loads OpenId configuration from configured URL (only if discovery URL is available in configuration).
String	formatConfigMissingMessage (final String formatValue)
	Formats a message for a missing configuration value.
String	formatRuntimeDependencyMissingMessage (final String formatValue)
	Formats a message for a missing configuration value.
boolean	updateSigningKeys (final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp)
	Updates signing keys based on OpenIdConfiguration that has been loaded or changed.

Constructor & Destructor Documentation

DeviceFlowClient()

tenduke.sdk.core.auth.DeviceFlowClient.DeviceFlowClient	(	final AuthConfig	config,
		final OkHttpProvider	okHttpProvider,
		final JwtServiceProvider	jwtServiceProvider,
		final ObjectMapper	mapper )

Class constructor.

Parameters

config	The configuration to use for OAuth client_id and endpoints at the authorization provider,
okHttpProvider	Provides OkHttpClient instance(s).
jwtServiceProvider	Provides JwtService instances.
mapper	Jackson object mapper, needed for parsing access token response JSON.

Member Function Documentation

assertStateIsValid()

void tenduke.sdk.core.auth.DeviceFlowClient.assertStateIsValid ( )

protected

Analyzes state and configuration.

Throws IllegalStateException if:

• runtime dependencies have not been provided
• missing or invalid configuration is encountered

Required values are checked to ensure they are not null and conform to expected grammar (for example URIs are formatted correctly).

Reimplemented from tenduke.sdk.core.auth.AbstractOAuthClient.

authorize()

DeviceAuthResponse tenduke.sdk.core.auth.DeviceFlowClient.authorize

(

)

throws IOException

Starts the device flow by running the device code request.

Returns

The device code response.

Exceptions

IOException

For an IO exception while making the HTTP request.

requestToken()

VerifiedOAuthTokenResponse tenduke.sdk.core.auth.DeviceFlowClient.requestToken

(

final String

deviceCode

)

throws IOException

Makes the access token request to the authorization server.

Call this method when:

• Option 1) the user has completed the authorization stage. This can be achieved by the application UI asking the user to confirm that the device authorization is complete.
• Option 2) attempt getting the token without knowing if the user has completed the device authorization step. In this case the caller must be prepared to react to errors:
• authorization_pending
• slow_down

and try the token request after waiting a while.

The use of an exponential backoff algorithm to achieve this, such as doubling the polling interval on each such connection timeout, is RECOMMENDED. Before each new request, the client MUST wait at least the number of seconds specified by the "interval" parameter of the device authorization response.

Parameters

deviceCode

The device authorization code that verifies the token request is legit and is paired with the authorization the user provided.

Returns

The token response provided by the authorization server. Note: The return value may be null, which happens if no response body is provided by the access token request to the authorization server. For not null return values you may use the OAuthTokenResponse#checkIsSuccess() and OAuthTokenResponse#checkIsError() methods of OAuthTokenResponse to determine if getting the id token or error code is the next step.

Exceptions

IOException

for IO errors while making the HTTP request.

supportsTokenRefresh()

boolean tenduke.sdk.core.auth.DeviceFlowClient.supportsTokenRefresh ( )

protected

Returns flag that tells if the OAuth client implementation supports token refresh.

Returns

true if token refresh is supported, false otherwise

Reimplemented from tenduke.sdk.core.auth.AbstractOAuthClient.

---

The documentation for this class was generated from the following file:

• auth/src/main/java/tenduke/sdk/core/auth/DeviceFlowClient.java