Class AuthorizationCodeFlow (1.36.0)

public class AuthorizationCodeFlow

Thread-safe OAuth 2.0 authorization code flow that manages and persists end-user credentials.

This is designed to simplify the flow in which an end-user authorizes the application to access their protected data, and then the application has access to their data based on an access token and a refresh token to refresh that access token when it expires.

The first step is to call #loadCredential(String) based on the known user ID to check if the end-user's credentials are already known. If not, call #newAuthorizationUrl() and direct the end-user's browser to an authorization page. The web browser will then redirect to the redirect URL with a "code" query parameter which can then be used to request an access token using #newTokenRequest(String). Finally, use #createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing protected resources.

Inheritance

java.lang.Object > AuthorizationCodeFlow

Inherited Members

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.toString()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Constructors

AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)

protected AuthorizationCodeFlow(AuthorizationCodeFlow.Builder builder)

Parameter
Name	Description
`builder`	`AuthorizationCodeFlow.Builder` authorization code flow builder

AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)

public AuthorizationCodeFlow(Credential.AccessMethod method, HttpTransport transport, JsonFactory jsonFactory, GenericUrl tokenServerUrl, HttpExecuteInterceptor clientAuthentication, String clientId, String authorizationServerEncodedUrl)

Parameters
Name	Description
`method`	`Credential.AccessMethod` method of presenting the access token to the resource server (for example BearerToken#authorizationHeaderAccessMethod)
`transport`	`com.google.api.client.http.HttpTransport` HTTP transport
`jsonFactory`	`com.google.api.client.json.JsonFactory` JSON factory
`tokenServerUrl`	`com.google.api.client.http.GenericUrl` token server URL
`clientAuthentication`	`com.google.api.client.http.HttpExecuteInterceptor` client authentication or `null` for none (see TokenRequest#setClientAuthentication(HttpExecuteInterceptor))
`clientId`	`String` client identifier
`authorizationServerEncodedUrl`	`String` authorization server encoded URL

Methods

createAndStoreCredential(TokenResponse response, String userId)

public Credential createAndStoreCredential(TokenResponse response, String userId)

Creates a new credential for the given user ID based on the given token response and stores it in the credential store.

Parameters
Name	Description
`response`	`TokenResponse` token response
`userId`	`String` user ID or `null` if not using a persisted credential store

Returns
Type	Description
`Credential`	newly created credential

Exceptions
Type	Description
`IOException`

getAuthorizationServerEncodedUrl()

public final String getAuthorizationServerEncodedUrl()

Returns the authorization server encoded URL.

Returns
Type	Description
`String`

getClientAuthentication()

public final HttpExecuteInterceptor getClientAuthentication()

Returns the client authentication or null for none (see TokenRequest#setClientAuthentication(HttpExecuteInterceptor)).

Returns
Type	Description
`com.google.api.client.http.HttpExecuteInterceptor`

getClientId()

public final String getClientId()

Returns the client identifier.

Returns
Type	Description
`String`

getClock()

public final Clock getClock()

Returns the clock which will be passed along to the Credential.

Returns
Type	Description
`com.google.api.client.util.Clock`

getCredentialDataStore()

public final DataStore<StoredCredential> getCredentialDataStore()

Beta
Returns the stored credential data store or null for none.

Returns
Type	Description
`com.google.api.client.util.store.DataStore<StoredCredential>`

getCredentialStore() (deprecated)

public final CredentialStore getCredentialStore()

Deprecated. (to be removed in the future) Use #getCredentialDataStore() instead.

Beta
Returns the credential persistence store or null for none.

Returns
Type	Description
`CredentialStore`

getJsonFactory()

public final JsonFactory getJsonFactory()

Returns the JSON factory.

Returns
Type	Description
`com.google.api.client.json.JsonFactory`

getMethod()

public final Credential.AccessMethod getMethod()

Returns the method of presenting the access token to the resource server (for example BearerToken#authorizationHeaderAccessMethod).

Returns
Type	Description
`Credential.AccessMethod`

getRefreshListeners()

public final Collection<CredentialRefreshListener> getRefreshListeners()

Returns the unmodifiable list of listeners for refresh token results.

Returns
Type	Description
`Collection<CredentialRefreshListener>`

getRequestInitializer()

public final HttpRequestInitializer getRequestInitializer()

Returns the HTTP request initializer or null for none.

Returns
Type	Description
`com.google.api.client.http.HttpRequestInitializer`

getScopes()

public final Collection<String> getScopes()

Returns the a collection of scopes.

Returns
Type	Description
`Collection<String>`

getScopesAsString()

public final String getScopesAsString()

Returns the space-separated list of scopes.

Returns
Type	Description
`String`

getTokenServerEncodedUrl()

public final String getTokenServerEncodedUrl()

Returns the token server encoded URL.

Returns
Type	Description
`String`

getTransport()

public final HttpTransport getTransport()

Returns the HTTP transport.

Returns
Type	Description
`com.google.api.client.http.HttpTransport`

loadCredential(String userId)

public Credential loadCredential(String userId)

Loads the credential of the given user ID from the credential store.

Parameter
Name	Description
`userId`	`String` user ID or `null` if not using a persisted credential store

Returns
Type	Description
`Credential`	credential found in the credential store of the given user ID or `null` for none found

Exceptions
Type	Description
`IOException`

newAuthorizationUrl()

public AuthorizationCodeRequestUrl newAuthorizationUrl()

Returns a new instance of an authorization code request URL.

This is a builder for an authorization web page to allow the end user to authorize the application to access their protected resources and that returns an authorization code. It uses the #getAuthorizationServerEncodedUrl(), #getClientId(), and #getScopes(). Sample usage:

private AuthorizationCodeFlow flow;

public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String url = flow.newAuthorizationUrl().setState("xyz") .setRedirectUri("https://client.example.com/rd").build(); response.sendRedirect(url); }

Returns
Type	Description
`AuthorizationCodeRequestUrl`

newTokenRequest(String authorizationCode)

public AuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)

Returns a new instance of an authorization code token request based on the given authorization code.

This is used to make a request for an access token using the authorization code. It uses #getTransport(), #getJsonFactory(), #getTokenServerEncodedUrl(), #getClientAuthentication(), #getRequestInitializer(), and #getScopes().

static TokenResponse requestAccessToken(AuthorizationCodeFlow flow, String code) throws IOException, TokenResponseException { return flow.newTokenRequest(code).setRedirectUri("https://client.example.com/rd").execute(); }

Parameter
Name	Description
`authorizationCode`	`String` authorization code.

Returns
Type	Description
`AuthorizationCodeTokenRequest`