Class OAuthProcess
- Direct Known Subclasses:
OidcProcess
The process implements the state machine that is needed to complete an OAuth authorization cycle.
Optionally, it also provides authentication, by using the service-specific logic which uses the access token to return identity information.
A process is created for a particular scope, which represents what kind of information one wants to access, and which is used to inform the user of the kind of operations he needs to authorize for your application to make with his protected data.
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static class
Exception thrown while parsing a token response.Nested classes/interfaces inherited from class eu.webtoolkit.jwt.WObject
WObject.FormData
-
Constructor Summary
ModifierConstructorDescriptionprotected
OAuthProcess
(OAuthService service, String scope) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionAuthentication signal.Authorization signal.void
Connects an implementation to start an authentication process to a signal.getError()
Error information, in case authentication or identification failed.void
getIdentity
(OAuthAccessToken token) Obtains an authenticated identity.getScope()
Returns the scope for which this process was created.Returns the OAuth service which spawned this process.getToken()
Returns the access token.protected OAuthAccessToken
parseTokenResponse
(eu.webtoolkit.jwt.auth.HttpMessage response) Parses the response for a token request.protected void
setError
(CharSequence error) Sets the error.void
Starts an authorization and authentication process.void
Starts an authorization process.Methods inherited from class eu.webtoolkit.jwt.WObject
getId, getObjectName, remove, setFormData, setObjectName, tr
-
Constructor Details
-
OAuthProcess
Constructor.- See Also:
-
-
Method Details
-
getScope
Returns the scope for which this process was created.The scope represents how much protected information the web application wants to access, and in what way.
-
getService
Returns the OAuth service which spawned this process.- See Also:
-
startAuthorize
public void startAuthorize()Starts an authorization process.This starts an authorization process to request an accesstoken to access protected information within the process scope.
The authorization process ends with the
authorized()
signal which signals the obtained token.Note: To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.
-
startAuthenticate
public void startAuthenticate()Starts an authorization and authentication process.This is
startAuthorize()
followed bygetIdentity()
.This requires that the process is created with an authorization scope that includes sufficient rights for authentication (at least
OAuthService.getAuthenticationScope()
)The authentication process ends with the
authenticated()
signal which signals the obtained identity.Note: To be able to use a popup (instead of a page redirect), you should connect this method directly to an, since popup windows are blocked in most web browsers unless they are the direct consequence of an event.
-
connectStartAuthenticate
Connects an implementation to start an authentication process to a signal.If JavaScript is available, this method connects a JavaScript function to the
signal
, otherwisestartAuthenticate()
is connected tosignal
. -
getIdentity
Obtains an authenticated identity.The authentication process uses an access token to issue one or more protected requests for obtaining identity information. This is not part of the OAuth protocol, since OAuth does not standardize the use of the access token to obtain this information.
The authentication process ends with the
authenticated()
signal which signals the obtained identity. -
getError
Error information, in case authentication or identification failed.The error message contains details when the
authorized()
orauthenticated()
signals indicate respectively an invalid token or invalid identity. -
getToken
Returns the access token.This returns the access token that was obtained in the last authorization cycle.
-
authorized
Authorization signal.This signal indicates the end of an authorization process started with
startAuthorize()
. If the authorization process was successful, then the parameter carries a valid access token that was obtained. If the authorization process failed then the access token parameter is invalid, and you can get more information usinggetError()
.Authorization can fail because of a protocol error, aconfiguration problem, or because the user denied the authorization.
- See Also:
-
authenticated
Authentication signal.This signal indicates the end of an authentication process started with
startAuthenticate()
orgetIdentity()
. If the authentication process was successful, then the parameter is a valid and authentic identity. If the authentication process failed then the identity parameter is invalid, and you can get more information usinggetError()
.Authentication can fail because authorization failed (in case of
startAuthenticate()
), or because of a protocol error, or configuration problem. -
parseTokenResponse
Parses the response for a token request.Throws a
OAuthProcess.TokenError
when the response indicates an error, or when the response could not be properly parsed.Some OAuth implementations may uses a non-standard encoding of the token.
-
setError
Sets the error.This should be used in
getIdentity()
implementations to set the error, before emittingauthenticated()
with an invalidIdentity
.
-