public class AuthorizationCodeFlow
Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.
This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.
The first step is to call #loadCredential(String) based on the known user ID to check
if the end-user's credentials are already known. If not, call #newAuthorizationUrl() and
direct the end-user's browser to an authorization page. The web browser will then redirect to the
redirect URL with a "code"
query parameter which can then be used to request an access
token using #newTokenRequest(String). Finally, use #createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing
protected resources.
Constructors
AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
protected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)
Parameter | |
---|---|
Name | Description |
builder |
AuthorizationCodeFlow.Builder authorization code flow builder |
AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)
public AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)
Parameters | |
---|---|
Name | Description |
method |
Credential.AccessMethod method of presenting the access token to the resource server (for example BearerToken#authorizationHeaderAccessMethod) |
transport |
com.google.api.client.http.HttpTransport HTTP transport |
jsonFactory |
com.google.api.client.json.JsonFactory JSON factory |
tokenServerUrl |
com.google.api.client.http.GenericUrl token server URL |
clientAuthentication |
com.google.api.client.http.HttpExecuteInterceptor client authentication or |
clientId |
String client identifier |
authorizationServerEncodedUrl |
String authorization server encoded URL |
Methods
createAndStoreCredential(TokenResponse response, String userId)
public Credential createAndStoreCredential(TokenResponse response, String userId)
Creates a new credential for the given user ID based on the given token response and stores it in the credential store.
Parameters | |
---|---|
Name | Description |
response |
TokenResponse token response |
userId |
String user ID or |
Returns | |
---|---|
Type | Description |
Credential |
newly created credential |
Exceptions | |
---|---|
Type | Description |
IOException |
getAuthorizationServerEncodedUrl()
public final String getAuthorizationServerEncodedUrl()
Returns the authorization server encoded URL.
Returns | |
---|---|
Type | Description |
String |
getClientAuthentication()
public final HttpExecuteInterceptor getClientAuthentication()
Returns the client authentication or null
for none (see TokenRequest#setClientAuthentication(HttpExecuteInterceptor)).
Returns | |
---|---|
Type | Description |
com.google.api.client.http.HttpExecuteInterceptor |
getClientId()
public final String getClientId()
Returns the client identifier.
Returns | |
---|---|
Type | Description |
String |
getClock()
public final Clock getClock()
Returns the clock which will be passed along to the Credential.
Returns | |
---|---|
Type | Description |
com.google.api.client.util.Clock |
getCredentialDataStore()
public final DataStore<StoredCredential> getCredentialDataStore()
Beta
Returns the stored credential data store or null
for none.
Returns | |
---|---|
Type | Description |
com.google.api.client.util.store.DataStore<StoredCredential> |
getCredentialStore() (deprecated)
public final CredentialStore getCredentialStore()
Deprecated. (to be removed in the future) Use #getCredentialDataStore() instead.
Beta
Returns the credential persistence store or null
for none.
Returns | |
---|---|
Type | Description |
CredentialStore |
getJsonFactory()
public final JsonFactory getJsonFactory()
Returns the JSON factory.
Returns | |
---|---|
Type | Description |
com.google.api.client.json.JsonFactory |
getMethod()
public final Credential.AccessMethod getMethod()
Returns the method of presenting the access token to the resource server (for example BearerToken#authorizationHeaderAccessMethod).
Returns | |
---|---|
Type | Description |
Credential.AccessMethod |
getRefreshListeners()
public final Collection<CredentialRefreshListener> getRefreshListeners()
Returns the unmodifiable list of listeners for refresh token results.
Returns | |
---|---|
Type | Description |
Collection<CredentialRefreshListener> |
getRequestInitializer()
public final HttpRequestInitializer getRequestInitializer()
Returns the HTTP request initializer or null
for none.
Returns | |
---|---|
Type | Description |
com.google.api.client.http.HttpRequestInitializer |
getScopes()
public final Collection<String> getScopes()
Returns the a collection of scopes.
Returns | |
---|---|
Type | Description |
Collection<String> |
getScopesAsString()
public final String getScopesAsString()
Returns the space-separated list of scopes.
Returns | |
---|---|
Type | Description |
String |
getTokenServerEncodedUrl()
public final String getTokenServerEncodedUrl()
Returns the token server encoded URL.
Returns | |
---|---|
Type | Description |
String |
getTransport()
public final HttpTransport getTransport()
Returns the HTTP transport.
Returns | |
---|---|
Type | Description |
com.google.api.client.http.HttpTransport |
loadCredential(String userId)
public Credential loadCredential(String userId)
Loads the credential of the given user ID from the credential store.
Parameter | |
---|---|
Name | Description |
userId |
String user ID or |
Returns | |
---|---|
Type | Description |
Credential |
credential found in the credential store of the given user ID or |
Exceptions | |
---|---|
Type | Description |
IOException |
newAuthorizationUrl()
public AuthorizationCodeRequestUrl newAuthorizationUrl()
Returns a new instance of an authorization code request URL.
This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the #getAuthorizationServerEncodedUrl(), #getClientId(), and #getScopes(). Sample usage:
private AuthorizationCodeFlow flow;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = flow.newAuthorizationUrl().setState("xyz") .setRedirectUri("https://client.example.com/rd").build(); response.sendRedirect(url); }
Returns | |
---|---|
Type | Description |
AuthorizationCodeRequestUrl |
newTokenRequest(String authorizationCode)
public AuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)
Returns a new instance of an authorization code token request based on the given authorization code.
This is used to make a request for an access token using the authorization code. It uses #getTransport(), #getJsonFactory(), #getTokenServerEncodedUrl(), #getClientAuthentication(), #getRequestInitializer(), and #getScopes().
static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code) throws IOException, TokenResponseException { return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute(); }
Parameter | |
---|---|
Name | Description |
authorizationCode |
String authorization code. |
Returns | |
---|---|
Type | Description |
AuthorizationCodeTokenRequest |