com.google.auth.oauth2

Class UserAuthorizer

java.lang.Object

com.google.auth.oauth2.UserAuthorizer

public class UserAuthorizer
extends Object

Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.

Constructor Summary

Constructors

Constructor and Description
UserAuthorizer(ClientId clientId, Collection<String> scopes, TokenStore tokenStore) Constructor with minimal parameters.
UserAuthorizer(ClientId clientId, Collection<String> scopes, TokenStore tokenStore, URI callbackUri) Constructor with common parameters.
UserAuthorizer(ClientId clientId, Collection<String> scopes, TokenStore tokenStore, URI callbackUri, com.google.api.client.http.HttpTransport transport, URI tokenServerUri, URI userAuthUri) Constructor with all parameters.

Method Summary

Modifier and Type	Method and Description
UserCredentials	getAndStoreCredentialsFromCode(String userId, String code, URI baseUri) Exchanges an authorization code for tokens and stores them.
URL	getAuthorizationUrl(String userId, String state, URI baseUri) Return an URL that performs the authorization consent prompt web UI.
URI	getCallbackUri() Returns the URI for implementation of the OAuth2 web callback.
URI	getCallbackUri(URI baseUri) Returns the URI for implementation of the OAuth2 web callback, optionally relative to the specified URI.
ClientId	getClientId() Returns the Client ID user to identify the OAuth2 consent prompt.
UserCredentials	getCredentials(String userId) Attempts to retrieve credentials for the approved end user consent.
UserCredentials	getCredentialsFromCode(String code, URI baseUri) Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.
Collection<String>	getScopes() Returns the scopes defining the user consent.
TokenStore	getTokenStore() Returns the implementation of a component for long term storage of tokens.
protected void	monitorCredentials(String userId, UserCredentials credentials) Adds a listen to rewrite the credentials when the tokens are refreshed.
void	revokeAuthorization(String userId) Revokes the authorization for tokens stored for the user.
void	storeCredentials(String userId, UserCredentials credentials) Puts the end user credentials in long term storage.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserAuthorizer

public UserAuthorizer(ClientId clientId,
                      Collection<String> scopes,
                      TokenStore tokenStore)

Constructor with minimal parameters.

Parameters:

clientId - Client ID to identify the OAuth2 consent prompt.

scopes - OAUth2 scopes defining the user consent.

tokenStore - Implementation of component for long term storage of tokens.

UserAuthorizer

public UserAuthorizer(ClientId clientId,
                      Collection<String> scopes,
                      TokenStore tokenStore,
                      URI callbackUri)

Constructor with common parameters.

Parameters:

clientId - Client ID to identify the OAuth2 consent prompt.

scopes - OAUth2 scopes defining the user consent.

tokenStore - Implementation of component for long term storage of tokens.

callbackUri - URI for implementation of the OAuth2 web callback.

UserAuthorizer

public UserAuthorizer(ClientId clientId,
                      Collection<String> scopes,
                      TokenStore tokenStore,
                      URI callbackUri,
                      com.google.api.client.http.HttpTransport transport,
                      URI tokenServerUri,
                      URI userAuthUri)

Constructor with all parameters.

Parameters:

clientId - Client ID to identify the OAuth2 consent prompt.

scopes - OAUth2 scopes defining the user consent.

tokenStore - Implementation of a component for long term storage of tokens.

callbackUri - URI for implementation of the OAuth2 web callback.

transport - HTTP transport implementation for OAuth2 API calls.

tokenServerUri - URI of the end point that provides tokens.

userAuthUri - URI of the Web UI for user consent.

Method Detail

getClientId

public ClientId getClientId()

Returns the Client ID user to identify the OAuth2 consent prompt.

getScopes

public Collection<String> getScopes()

Returns the scopes defining the user consent.

getCallbackUri

public URI getCallbackUri()

Returns the URI for implementation of the OAuth2 web callback.

getCallbackUri

public URI getCallbackUri(URI baseUri)

Returns the URI for implementation of the OAuth2 web callback, optionally relative to the specified URI.

The callback URI is often relative to enable an application to be tested from more than one place so this can be used to resolve it relative to another URI.

Parameters:

baseUri - The URI to resolve the callback URI relative to.

Returns:

The resolved URI.

getTokenStore

public TokenStore getTokenStore()

Returns the implementation of a component for long term storage of tokens.

getAuthorizationUrl

public URL getAuthorizationUrl(String userId,
                               String state,
                               URI baseUri)

Return an URL that performs the authorization consent prompt web UI.

Parameters:

userId - Application's identifier for the end user.

state - State that is passed on to the OAuth2 callback URI after the consent.

baseUri - The URI to resolve the OAuth2 callback URI relative to.

Returns:

The URL that can be navigated or redirected to.

getCredentials

public UserCredentials getCredentials(String userId)
                               throws IOException

Attempts to retrieve credentials for the approved end user consent.

Parameters:

userId - Application's identifier for the end user.

Returns:

The loaded credentials or null if there are no valid approved credentials.

Throws:

IOException - If there is error retrieving or loading the credentials.

getCredentialsFromCode

public UserCredentials getCredentialsFromCode(String code,
                                              URI baseUri)
                                       throws IOException

Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.

Parameters:

code - Code returned from OAuth2 consent prompt.

baseUri - The URI to resolve the OAuth2 callback URI relative to.

Returns:

the UserCredentials instance created from the authorization code.

Throws:

IOException - An error from the server API call to get the tokens.

getAndStoreCredentialsFromCode

public UserCredentials getAndStoreCredentialsFromCode(String userId,
                                                      String code,
                                                      URI baseUri)
                                               throws IOException

Exchanges an authorization code for tokens and stores them.

Parameters:

userId - Application's identifier for the end user.

code - Code returned from OAuth2 consent prompt.

baseUri - The URI to resolve the OAuth2 callback URI relative to.

Returns:

UserCredentials instance created from the authorization code.

Throws:

IOException - An error from the server API call to get the tokens or store the tokens.

revokeAuthorization

public void revokeAuthorization(String userId)
                         throws IOException

Revokes the authorization for tokens stored for the user.

Parameters:

userId - Application's identifier for the end user.

Throws:

IOException - An error calling the revoke API or deleting the state.

storeCredentials

public void storeCredentials(String userId,
                             UserCredentials credentials)
                      throws IOException

Puts the end user credentials in long term storage.

Parameters:

userId - Application's identifier for the end user.

credentials - UserCredentials instance for the authorized consent.

Throws:

IOException - An error storing the credentials.

monitorCredentials

protected void monitorCredentials(String userId,
                                  UserCredentials credentials)

Adds a listen to rewrite the credentials when the tokens are refreshed.

Parameters:

userId - Application's identifier for the end user.

credentials - UserCredentials instance to listen to.