io.strimzi.kafka.oauth.common

Class OAuthAuthenticator

java.lang.Object

io.strimzi.kafka.oauth.common.OAuthAuthenticator

public class OAuthAuthenticator
extends java.lang.Object

A class with methods to authenticate a user or a client to the authorization server's token endpoint, and obtain an access token in the form of a TokenInfo object.

Constructor Summary

Constructors

Constructor and Description
OAuthAuthenticator()

Method Summary

Modifier and Type	Method and Description
static java.lang.String	base64decode(java.lang.String value) A helper method to decode a base64 encoded string
static java.lang.String	base64encode(java.lang.String value) A helper method to base64 encode a given string
static TokenInfo	loginWithAccessToken(java.lang.String token, boolean isJwt, PrincipalExtractor principalExtractor) Wrap an access token into TokenInfo extracting information from the token if it is a JWT token.
static TokenInfo	loginWithClientAssertion(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String clientId, java.lang.String clientAssertion, java.lang.String clientAssertionType, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant with client assertion (clientId + assertion + assertion type), and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithClientAssertion(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String clientId, java.lang.String clientAssertion, java.lang.String clientAssertionType, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, MetricsHandler metrics, int retries, long retryPauseMillis, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant with client assertion (clientId + assertion + assertion type).
static TokenInfo	loginWithClientSecret(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret), and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithClientSecret(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret), and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithClientSecret(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, MetricsHandler metrics, int retries, long retryPauseMillis, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret).
static TokenInfo	loginWithPassword(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String username, java.lang.String password, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password), and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithPassword(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String username, java.lang.String password, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, int retries, long retryPauseMillis, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password).
static TokenInfo	loginWithPassword(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String username, java.lang.String password, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, MetricsHandler metrics, int retries, long retryPauseMillis, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password).
static TokenInfo	loginWithRefreshToken(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String refreshToken, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using a refresh token, and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithRefreshToken(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String refreshToken, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, boolean includeAcceptHeader) Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using a refresh token, and connect and read timeouts of 60 seconds.
static TokenInfo	loginWithRefreshToken(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String refreshToken, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, int retries, long retryPauseMillis, boolean includeAcceptHeader)
static TokenInfo	loginWithRefreshToken(java.net.URI tokenEndpointUrl, javax.net.ssl.SSLSocketFactory socketFactory, javax.net.ssl.HostnameVerifier hostnameVerifier, java.lang.String refreshToken, java.lang.String clientId, java.lang.String clientSecret, boolean isJwt, PrincipalExtractor principalExtractor, java.lang.String scope, java.lang.String audience, int connectTimeout, int readTimeout, MetricsHandler metrics, int retries, long retryPauseMillis, boolean includeAcceptHeader)
static java.lang.String	urlencode(java.lang.String value) A helper method to urlencode a given value

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuthAuthenticator

public OAuthAuthenticator()

Method Detail

loginWithAccessToken

public static TokenInfo loginWithAccessToken(java.lang.String token,
                                             boolean isJwt,
                                             PrincipalExtractor principalExtractor)

Wrap an access token into TokenInfo extracting information from the token if it is a JWT token. If not a JWT token the principal is set to 'undefined', token creation time to current time, and expiry to 1 year.

Parameters:

token - A raw access token

isJwt - If the access token is a JWT token

principalExtractor - A PrincipalExtractor used to extract the principal (user id)

Returns:

A TokenInfo with access token and information extracted from it or set to default values

loginWithClientSecret

public static TokenInfo loginWithClientSecret(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret), and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithClientSecret

public static TokenInfo loginWithClientSecret(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              java.lang.String audience,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret), and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithClientSecret

public static TokenInfo loginWithClientSecret(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              java.lang.String audience,
                                              int connectTimeout,
                                              int readTimeout,
                                              MetricsHandler metrics,
                                              int retries,
                                              long retryPauseMillis,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant (clientId + secret).

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

metrics - A MetricsHandler object to receive metrics collection callbacks

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithClientAssertion

public static TokenInfo loginWithClientAssertion(java.net.URI tokenEndpointUrl,
                                                 javax.net.ssl.SSLSocketFactory socketFactory,
                                                 javax.net.ssl.HostnameVerifier hostnameVerifier,
                                                 java.lang.String clientId,
                                                 java.lang.String clientAssertion,
                                                 java.lang.String clientAssertionType,
                                                 boolean isJwt,
                                                 PrincipalExtractor principalExtractor,
                                                 java.lang.String scope,
                                                 java.lang.String audience)
                                          throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant with client assertion (clientId + assertion + assertion type), and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

clientId - A client id

clientAssertion - A client assertion

clientAssertionType - A client assertion type

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithClientAssertion

public static TokenInfo loginWithClientAssertion(java.net.URI tokenEndpointUrl,
                                                 javax.net.ssl.SSLSocketFactory socketFactory,
                                                 javax.net.ssl.HostnameVerifier hostnameVerifier,
                                                 java.lang.String clientId,
                                                 java.lang.String clientAssertion,
                                                 java.lang.String clientAssertionType,
                                                 boolean isJwt,
                                                 PrincipalExtractor principalExtractor,
                                                 java.lang.String scope,
                                                 java.lang.String audience,
                                                 int connectTimeout,
                                                 int readTimeout,
                                                 MetricsHandler metrics,
                                                 int retries,
                                                 long retryPauseMillis,
                                                 boolean includeAcceptHeader)
                                          throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using client_credentials grant with client assertion (clientId + assertion + assertion type).

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

clientId - A client id

clientAssertion - A client assertion

clientAssertionType - A client assertion type

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

metrics - A MetricsHandler object to receive metrics collection callbacks

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithPassword

public static TokenInfo loginWithPassword(java.net.URI tokenEndpointUrl,
                                          javax.net.ssl.SSLSocketFactory socketFactory,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier,
                                          java.lang.String username,
                                          java.lang.String password,
                                          java.lang.String clientId,
                                          java.lang.String clientSecret,
                                          boolean isJwt,
                                          PrincipalExtractor principalExtractor,
                                          java.lang.String scope,
                                          java.lang.String audience,
                                          boolean includeAcceptHeader)
                                   throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password), and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

username - A username

password - A password

clientId - A client id

clientSecret - A (optional) client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithPassword

public static TokenInfo loginWithPassword(java.net.URI tokenEndpointUrl,
                                          javax.net.ssl.SSLSocketFactory socketFactory,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier,
                                          java.lang.String username,
                                          java.lang.String password,
                                          java.lang.String clientId,
                                          java.lang.String clientSecret,
                                          boolean isJwt,
                                          PrincipalExtractor principalExtractor,
                                          java.lang.String scope,
                                          java.lang.String audience,
                                          int connectTimeout,
                                          int readTimeout,
                                          int retries,
                                          long retryPauseMillis,
                                          boolean includeAcceptHeader)
                                   throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password).

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

username - A username

password - A password

clientId - A client id

clientSecret - A (optional) client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithPassword

public static TokenInfo loginWithPassword(java.net.URI tokenEndpointUrl,
                                          javax.net.ssl.SSLSocketFactory socketFactory,
                                          javax.net.ssl.HostnameVerifier hostnameVerifier,
                                          java.lang.String username,
                                          java.lang.String password,
                                          java.lang.String clientId,
                                          java.lang.String clientSecret,
                                          boolean isJwt,
                                          PrincipalExtractor principalExtractor,
                                          java.lang.String scope,
                                          java.lang.String audience,
                                          int connectTimeout,
                                          int readTimeout,
                                          MetricsHandler metrics,
                                          int retries,
                                          long retryPauseMillis,
                                          boolean includeAcceptHeader)
                                   throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using password grant (username + password).

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

username - A username

password - A password

clientId - A client id

clientSecret - A (optional) client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

metrics - A MetricsHandler object to receive metrics collection callbacks

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithRefreshToken

public static TokenInfo loginWithRefreshToken(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String refreshToken,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using a refresh token, and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

refreshToken - A refresh token

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithRefreshToken

public static TokenInfo loginWithRefreshToken(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String refreshToken,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              java.lang.String audience,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Obtain an access token wrapped into TokenInfo by authenticating to the authorization server's token endpoint using a refresh token, and connect and read timeouts of 60 seconds.

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

refreshToken - A refresh token

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithRefreshToken

public static TokenInfo loginWithRefreshToken(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String refreshToken,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              java.lang.String audience,
                                              int connectTimeout,
                                              int readTimeout,
                                              int retries,
                                              long retryPauseMillis,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

refreshToken - A refresh token

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

loginWithRefreshToken

public static TokenInfo loginWithRefreshToken(java.net.URI tokenEndpointUrl,
                                              javax.net.ssl.SSLSocketFactory socketFactory,
                                              javax.net.ssl.HostnameVerifier hostnameVerifier,
                                              java.lang.String refreshToken,
                                              java.lang.String clientId,
                                              java.lang.String clientSecret,
                                              boolean isJwt,
                                              PrincipalExtractor principalExtractor,
                                              java.lang.String scope,
                                              java.lang.String audience,
                                              int connectTimeout,
                                              int readTimeout,
                                              MetricsHandler metrics,
                                              int retries,
                                              long retryPauseMillis,
                                              boolean includeAcceptHeader)
                                       throws java.io.IOException

Parameters:

tokenEndpointUrl - A token endpoint url

socketFactory - A socket factory to use with 'https'

hostnameVerifier - A hostname verifier to use with 'https'

refreshToken - A refresh token

clientId - A client id

clientSecret - A client secret

isJwt - If the returned token is expected to be a JWT token

principalExtractor - A PrincipalExtractor to use to determine the principal (user id)

scope - A scope to request when authenticating

audience - An 'audience' attribute to set on the request when authenticating

connectTimeout - A connect timeout in seconds

readTimeout - A read timeout in seconds

metrics - A MetricsHandler object to receive metrics collection callbacks

retries - A maximum number of retries if the request fails due to network, or unexpected response status

retryPauseMillis - A pause between consecutive requests

includeAcceptHeader - Should we skip sending the Accept header when making outbound http requests

Returns:

A TokenInfo with access token and information extracted from it

Throws:

java.io.IOException - If the request to the authorization server has failed

java.lang.IllegalStateException - If the response from the authorization server could not be handled

base64encode

public static java.lang.String base64encode(java.lang.String value)

A helper method to base64 encode a given string

Parameters:

value - A string to encode as base64

Returns:

Base64 encoded string

base64decode

public static java.lang.String base64decode(java.lang.String value)

A helper method to decode a base64 encoded string

Parameters:

value - A string to decode from base64

Returns:

A decoded string

urlencode

public static java.lang.String urlencode(java.lang.String value)

A helper method to urlencode a given value

Parameters:

value - A string to urlencode

Returns:

Urlencoded string