Class OAuthProcess

java.lang.Object
eu.webtoolkit.jwt.WObject
eu.webtoolkit.jwt.auth.OAuthProcess
Direct Known Subclasses:
OidcProcess

public class OAuthProcess
extends WObject
An OAuth authorization (and authentication) process.

The process implements the state machine that is needed to complete an OAuth authorization cycle.

Optionally, it also provides authentication, by using the service-specific logic which uses the access token to return identity information.

A process is created for a particular scope, which represents what kind of information one wants to access, and which is used to inform the user of the kind of operations he needs to authorize for your application to make with his protected data.

See Also:
OAuthService.createProcess(String scope)
  • Constructor Details

  • Method Details

    • getScope

      public java.lang.String getScope()
      Returns the scope for which this process was created.

      The scope represents how much protected information the web application wants to access, and in what way.

      See Also:
      OAuthService.createProcess(String scope), OAuthService.getAuthenticationScope()
    • getService

      public OAuthService getService()
      Returns the OAuth service which spawned this process.

      See Also:
      OAuthService.createProcess(String scope)
    • startAuthorize

      public void startAuthorize()
      Starts an authorization process.

      This starts an authorization process to request an accesstoken to access protected information within the process scope.

      The authorization process ends with the authorized() signal which signals the obtained token.

      Note: To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.

    • startAuthenticate

      public void startAuthenticate()
      Starts an authorization and authentication process.

      This is startAuthorize() followed by getIdentity().

      This requires that the process is created with an authorization scope that includes sufficient rights for authentication (at least OAuthService.getAuthenticationScope())

      The authentication process ends with the authenticated() signal which signals the obtained identity.

      Note: To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.

    • connectStartAuthenticate

      public void connectStartAuthenticate​(AbstractEventSignal s)
      Connects an implementation to start an authentication process to a signal.

      If JavaScript is available, this method connects a JavaScript function to the signal , otherwise startAuthenticate() is connected to signal.

    • getIdentity

      public void getIdentity​(OAuthAccessToken token)
      Obtains an authenticated identity.

      The authentication process uses an access token to issue one or more protected requests for obtaining identity information. This is not part of the OAuth protocol, since OAuth does not standardize the use of the access token to obtain this information.

      The authentication process ends with the authenticated() signal which signals the obtained identity.

    • getError

      public WString getError()
      Error information, in case authentication or identification failed.

      The error message contains details when the authorized() or authenticated() signals indicate respectively an invalid token or invalid identity.

    • getToken

      public OAuthAccessToken getToken()
      Returns the access token.

      This returns the access token that was obtained in the last authorization cycle.

    • authorized

      public Signal1<OAuthAccessToken> authorized()
      Authorization signal.

      This signal indicates the end of an authorization process started with startAuthorize(). If the authorization process was successful, then the parameter carries a valid access token that was obtained. If the authorization process failed then the access token parameter is invalid, and you can get more information using getError().

      Authorization can fail because of a protocol error, aconfiguration problem, or because the user denied the authorization.

      See Also:
      startAuthorize(), OAuthAccessToken.isValid()
    • authenticated

      public Signal1<Identity> authenticated()
      Authentication signal.

      This signal indicates the end of an authentication process started with startAuthenticate() or getIdentity(). If the authentication process was successful, then the parameter is a valid and authentic identity. If the authentication process failed then the identity parameter is invalid, and you can get more information using getError().

      Authentication can fail because authorization failed (in case of startAuthenticate()), or because of a protocol error, or configuration problem.

      See Also:
      startAuthenticate(), getIdentity(OAuthAccessToken token), Identity.isValid()
    • parseTokenResponse

      protected OAuthAccessToken parseTokenResponse​(eu.webtoolkit.jwt.auth.HttpMessage response)
      Parses the response for a token request.

      Throws a OAuthProcess.TokenError when the response indicates an error, or when the response could not be properly parsed.

      Some OAuth implementations may uses a non-standard encoding of the token.

    • setError

      protected void setError​(java.lang.CharSequence error)
      Sets the error.

      This should be used in getIdentity() implementations to set the error, before emitting authenticated() with an invalid Identity.