Package io.camunda.identity.sdk.authentication

Interface Authentication

All Known Implementing Classes:
AbstractAuthentication, Auth0Authentication, GenericAuthentication, KeycloakAuthentication, MicrosoftAuthentication
public interface Authentication
The Authentication class provides functionality to authenticate a user with Identity and verify access tokens.

  • Method Details

    • create

      static Authentication create(IdentityConfiguration configuration)
      Factory function to create a new authentication instance
      Parameters:
      configuration - Identity configuration
      Returns:
      Authentication instance

    • isAvailable

      boolean isAvailable()
      Returns a true/false indicating if authentication is available or not.
      Returns:
      the availability of authentication

    • authorizeUriBuilder

      AuthorizeUriBuilder authorizeUriBuilder(String redirectUri)
      Returns a new Authorize uri builder. It is used to build the authorize uri for user authentication.
      Parameters:
      redirectUri - the redirect uri
      Returns:
      the authorize uri builder

    • exchangeAuthCode

      Tokens exchangeAuthCode(AuthCodeDto authCodeDto, String redirectUri) throws CodeExchangeException
      Exchanges provided auth code with access tokens. The provided redirect uri argument must match the redirect uri that was used to build the authorize uri.
      Parameters:
      authCodeDto - the auth code dto
      redirectUri - the redirect uri
      Returns:
      the tokens
      Throws:
      CodeExchangeException - if code exchange fails

    • renewToken

      Tokens renewToken(String refreshToken)
      Exchanges provided refresh token with an access tokens.
      Parameters:
      refreshToken - refresh token used for the request
      Returns:
      the tokens
      Throws:
      IdentityException - if token renewal has failed

    • revokeToken

      void revokeToken(String refreshToken)
      Logs out from Identity backend. This will invalidate the given refresh token and refresh tokens issued for other applications during the same session. The user's session or access token still has to be deleted by the client application.
      Parameters:
      refreshToken - refresh token used for the request
      Throws:
      IdentityException - if token revocation has failed

    • requestToken

      Tokens requestToken(String audience)
      Requests a client token from the cache if available. If no token is found with the required audience, a new token will be requested from the authentication provider and stored.
      Parameters:
      audience - the audience of the resource server
      Returns:
      the tokens
      Throws:
      IdentityException - if case of a failure

    • decodeJWT

      com.auth0.jwt.interfaces.DecodedJWT decodeJWT(String token)
      Decodes a token. Can be used to access tokens data without validation
      Parameters:
      token - token in JWT format
      Returns:
      decoded token
      Throws:
      TokenDecodeException - the token can not be decoded

    • verifyToken

      AccessToken verifyToken(String token)
      Verifies the validity of the passed token. Following checks will be performed:
      • The token is correctly signed
      • The token has not expired
      • Token's audience (aud claim) matches application's audience
      Parameters:
      token - the token
      Returns:
      the decoded jwt
      Throws:
      TokenDecodeException - the token can not be decoded
      InvalidSignatureException - the token's signature is invalid
      TokenExpiredException - the token has expired
      InvalidClaimException - the provided claim is invalid
      JsonWebKeyException - the JWK needed to verify token's signature can not be retrieved

    • verifyTokenIgnoringAudience

      AccessToken verifyTokenIgnoringAudience(String token)
      Verifies the validity of the passed token. Following checks will be performed:
      • The token is correctly signed
      • The token has not expired
      Parameters:
      token - the token
      Returns:
      the decoded jwt
      Throws:
      TokenDecodeException - the token can not be decoded
      InvalidSignatureException - the token's signature is invalid
      TokenExpiredException - the token has expired
      InvalidClaimException - the provided claim is invalid
      JsonWebKeyException - the JWK needed to verify token's signature can not be retrieved

    • isM2MToken

      boolean isM2MToken(String token)
      Checks if the token passed in is considered an M2M token.
      Parameters:
      token - the token
      Returns:
      true if the token is a M2M token, else false

    • getClientId

      String getClientId(String token)
      Gets the client ID associated to the token
      Parameters:
      token - the token
      Returns:
      the clientID