Loading...
Searching...
No Matches
tenduke.sdk.core.auth.WebAppPkceClient Class Reference
Detailed Description
Implementation of an OAuth PKCE flow client for use in web applications.
Web application means an application that will provide an implementation of HTTP requests and responses.
Note: the second phase construction method init() must be used prior to running an OAuth flow.
Inheritance diagram for tenduke.sdk.core.auth.WebAppPkceClient:
Public Member Functions | |
| WebAppPkceClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| PkceRequestInfo | authorize (final String redirectUriScheme, final String redirectUriHost, final String redirectUriContextPath) throws IOException |
| Runs the OAuth PKCE flow to authorize the user at the authorization server. | |
 Public Member Functions inherited from tenduke.sdk.core.auth.AbstractPkceClient | |
| AbstractPkceClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| VerifiedOAuthTokenResponse | requestToken (final String codeVerifier, final String code, final URI redirectUri) throws IOException |
| Makes an access token request to the authorization server. | |
| void | registerTokenResponseSubscriber (final OAuthTokenResponseSubscriber subscriber) |
| Adds a token response subscriber for receiving callbacks for each token response this client gets. | |
| boolean | unregisterTokenResponseSubscriber (final OAuthTokenResponseSubscriber subscriber) |
| Removes a token response subscriber that was previously registered. | |
| Public Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient | |
| AbstractOAuthClient (final AuthConfig config, final OkHttpProvider okHttpProvider, final JwtServiceProvider jwtServiceProvider, final ObjectMapper mapper) | |
| Class constructor. | |
| void | init () |
| Second phase construction hook provided for controlling potentially slow loading of remote OpenId configuration. | |
| VerifiedOAuthTokenResponse | refreshToken (final String refreshToken) throws IOException |
| Makes an access token refresh request to the authorization server. | |
| boolean | checkIfJwksUriIsConfigured () |
| Checks if this client instance has configuration for the JWKS endpoint. | |
| boolean | reloadJwks () |
| Requests this client instance to reload keys from the JWKS endpoint. | |
Protected Member Functions | |
| void | assertStateIsValid () |
| Analyzes state and configuration. | |
| Protected Member Functions inherited from tenduke.sdk.core.auth.AbstractPkceClient | |
| PkceRequestInfo | buildAuthorizationUrl (final URI redirectUri, final String codeVerifier, final String codeChallenge, final String state) |
| Builds the URL where the user is to be sent for authorization. | |
| String | generateCodeVerifier () |
| Generates the PKCE code verifier, which is the mechanism by which the client proves in the call to the token endpoint that it was the one that initiated the authorization request. | |
| String | generateCodeChallange (final String codeVerifier) |
| Generates the PKCE code challenge, which is derived from the code verifier that is sent in the authorization request, to be verified against later. | |
| String | generateCodeChallange (final String codeVerifier, final String messageDigestAlgorithm) |
| Generates the PKCE code challenge, which is derived from the code verifier that is sent in the authorization request, to be verified against later. | |
| String | generateState () |
| Generates the state for the PKCE flow. | |
| void | assertValidateAuthorizeCallbackWaitArgs (final boolean waitResults, final long maxWaitSeconds) |
| Validates OAuth authorization step wait settings are sane. | |
| boolean | supportsTokenRefresh () |
| Returns flag that tells if the OAuth client implementation supports token refresh. | |
| Protected Member Functions inherited from tenduke.sdk.core.auth.AbstractOAuthClient | |
| VerifiedOAuthTokenResponse | parseTokenResponse (final Response response) |
| Parses a token response received from the authorization server (Identity Provider). | |
| void | loadOpenIdConnectConfiguration () |
| Loads OpenId configuration from configured URL (only if discovery URL is available in configuration). | |
| String | formatConfigMissingMessage (final String formatValue) |
| Formats a message for a missing configuration value. | |
| String | formatRuntimeDependencyMissingMessage (final String formatValue) |
| Formats a message for a missing configuration value. | |
| boolean | updateSigningKeys (final OpenIdConfiguration effectiveOidcConfig, final JwtServiceProvider jwtSp) |
| Updates signing keys based on OpenIdConfiguration that has been loaded or changed. | |
Constructor & Destructor Documentation
◆ WebAppPkceClient()
| tenduke.sdk.core.auth.WebAppPkceClient.WebAppPkceClient | ( | final AuthConfig | config, |
| final OkHttpProvider | okHttpProvider, | ||
| final JwtServiceProvider | jwtServiceProvider, | ||
| final ObjectMapper | mapper ) |
Class constructor.
- Parameters
-
config The configuration to use for OAuth client_id and endpoints at the authorization provider, okHttpProvider Provider implementation to use when an OkHttpClient is needed. jwtServiceProvider Provides JwtService instances. mapper Jackson object mapper, needed for parsing access token response JSON.
Member Function Documentation
◆ assertStateIsValid()
|
protected |
Analyzes state and configuration.
Throws IllegalStateException if:
- runtime dependencies have not been provided
- missing or invalid configuration is encountered
Analysis regarding invalid values is a basic syntactical check to see the configured values make sense.
Reimplemented from tenduke.sdk.core.auth.AbstractPkceClient.
◆ authorize()
| PkceRequestInfo tenduke.sdk.core.auth.WebAppPkceClient.authorize | ( | final String | redirectUriScheme, |
| final String | redirectUriHost, | ||
| final String | redirectUriContextPath ) throws IOException |
Runs the OAuth PKCE flow to authorize the user at the authorization server.
- Parameters
-
redirectUriScheme The scheme (protocol) of the web application, e.g. https://.redirectUriHost The host name of web application. redirectUriContextPath The context path where the web application is deployed to, e.g. /apps. Use a null string if the web application is deployed at the root.
- Returns
- Information about the PKCE flow's authorization step: where to send the authorization request, OAuth state, etc. PKCE parameters.
- Exceptions
-
IOException for errors opening the desktop browser needed for the authorization stage.
The documentation for this class was generated from the following file:
- auth/src/main/java/tenduke/sdk/core/auth/WebAppPkceClient.java
