Spring Social

org.springframework.social.oauth2
Class OAuth2Template

java.lang.Object
  extended by org.springframework.social.oauth2.OAuth2Template
All Implemented Interfaces:
OAuth2Operations

public class OAuth2Template
extends java.lang.Object
implements OAuth2Operations

OAuth2Operations implementation that uses REST-template to make the OAuth calls.

Author:
Keith Donald, Roy Clarkson

Constructor Summary
OAuth2Template(java.lang.String clientId, java.lang.String clientSecret, java.lang.String authorizeUrl, java.lang.String accessTokenUrl)
          Constructs an OAuth2Template for a given set of client credentials.
OAuth2Template(java.lang.String clientId, java.lang.String clientSecret, java.lang.String authorizeUrl, java.lang.String authenticateUrl, java.lang.String accessTokenUrl)
          Constructs an OAuth2Template for a given set of client credentials.
 
Method Summary
 AccessGrant authenticateClient()
          Retrieves the client access grant using OAuth 2 client password flow.
 AccessGrant authenticateClient(java.lang.String scope)
          Retrieves the client access grant using OAuth 2 client password flow.
 java.lang.String buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters)
          Construct the URL to redirect the user to for authentication.
 java.lang.String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters)
          Construct the URL to redirect the user to for authorization.
protected  AccessGrant createAccessGrant(java.lang.String accessToken, java.lang.String scope, java.lang.String refreshToken, java.lang.Integer expiresIn, java.util.Map<java.lang.String,java.lang.Object> response)
          Creates an AccessGrant given the response from the access token exchange with the provider.
protected  org.springframework.web.client.RestTemplate createRestTemplate()
          Creates the RestTemplate used to communicate with the provider's OAuth 2 API.
 AccessGrant exchangeCredentialsForAccess(java.lang.String username, java.lang.String password, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
          Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).
 AccessGrant exchangeForAccess(java.lang.String authorizationCode, java.lang.String redirectUri, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
          Exchange the authorization code for an access grant.
protected  org.springframework.web.client.RestTemplate getRestTemplate()
           
protected  AccessGrant postForAccessGrant(java.lang.String accessTokenUrl, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> parameters)
          Posts the request for an access grant to the provider.
 AccessGrant refreshAccess(java.lang.String refreshToken, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
          Refreshes a previous access grant.
 AccessGrant refreshAccess(java.lang.String refreshToken, java.lang.String scope, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
          Refreshes a previous access grant.
 void setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory requestFactory)
          Set the request factory on the underlying RestTemplate.
 void setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication)
          Set to true to pass client credentials to the provider as parameters instead of using HTTP Basic authentication.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

OAuth2Template

public OAuth2Template(java.lang.String clientId,
                      java.lang.String clientSecret,
                      java.lang.String authorizeUrl,
                      java.lang.String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials. Assumes that the authorization URL is the same as the authentication URL.

Parameters:
clientId - the client ID
clientSecret - the client secret
authorizeUrl - the base URL to redirect to when doing authorization code or implicit grant authorization
accessTokenUrl - the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access token.

OAuth2Template

public OAuth2Template(java.lang.String clientId,
                      java.lang.String clientSecret,
                      java.lang.String authorizeUrl,
                      java.lang.String authenticateUrl,
                      java.lang.String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials.

Parameters:
clientId - the client ID
clientSecret - the client secret
authorizeUrl - the base URL to redirect to when doing authorization code or implicit grant authorization
authenticateUrl - the URL to redirect to when doing authentication via authorization code grant
accessTokenUrl - the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access token
Method Detail

setUseParametersForClientAuthentication

public void setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication)
Set to true to pass client credentials to the provider as parameters instead of using HTTP Basic authentication. NOTE: For Spring Social v1.0.3, this will default to "true", as most OAuth2 providers do not yet support HTTP Basic for client authorization. This default will change to false for Spring Social v1.1.0.

Parameters:
useParametersForClientAuthentication -

setRequestFactory

public void setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory requestFactory)
Set the request factory on the underlying RestTemplate. This can be used to plug in a different HttpClient to do things like configure custom SSL settings.


buildAuthorizeUrl

public java.lang.String buildAuthorizeUrl(GrantType grantType,
                                          OAuth2Parameters parameters)
Description copied from interface: OAuth2Operations
Construct the URL to redirect the user to for authorization.

Specified by:
buildAuthorizeUrl in interface OAuth2Operations
Parameters:
grantType - specifies whether to use client-side or server-side OAuth flow
parameters - authorization parameters needed to build the URL
Returns:
the absolute authorize URL to redirect the user to for authorization

buildAuthenticateUrl

public java.lang.String buildAuthenticateUrl(GrantType grantType,
                                             OAuth2Parameters parameters)
Description copied from interface: OAuth2Operations
Construct the URL to redirect the user to for authentication. The authenticate URL differs from the authorizationUrl slightly in that it does not require the user to authorize the app multiple times. This provides a better user experience for "Sign in with Provider" scenarios.

Specified by:
buildAuthenticateUrl in interface OAuth2Operations
Parameters:
grantType - specifies whether to use client-side or server-side OAuth flow
parameters - authorization parameters needed to build the URL
Returns:
the absolute authenticate URL to redirect the user to for authorization

exchangeForAccess

public AccessGrant exchangeForAccess(java.lang.String authorizationCode,
                                     java.lang.String redirectUri,
                                     org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
Description copied from interface: OAuth2Operations
Exchange the authorization code for an access grant.

Specified by:
exchangeForAccess in interface OAuth2Operations
Parameters:
authorizationCode - the authorization code returned by the provider upon user authorization
redirectUri - the authorization callback url; this value must match the redirectUri registered with the provider
additionalParameters - any additional parameters to be sent when exchanging the authorization code for an access grant. Should not be encoded.
Returns:
the access grant.

exchangeCredentialsForAccess

public AccessGrant exchangeCredentialsForAccess(java.lang.String username,
                                                java.lang.String password,
                                                org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
Description copied from interface: OAuth2Operations
Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).

Specified by:
exchangeCredentialsForAccess in interface OAuth2Operations
Parameters:
username - the user's username on the provider
password - the user's password on the provider
additionalParameters - any additional parameters to be sent when exchanging the credentials for an access grant. Should not be encoded.
Returns:
the access grant.

refreshAccess

public AccessGrant refreshAccess(java.lang.String refreshToken,
                                 java.lang.String scope,
                                 org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
Description copied from interface: OAuth2Operations
Refreshes a previous access grant.

Specified by:
refreshAccess in interface OAuth2Operations
Parameters:
refreshToken - the refresh token from the previous access grant.
scope - optional scope to narrow to when refreshing access; if null, the existing scope is preserved.
additionalParameters - any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.
Returns:
the access grant.

refreshAccess

public AccessGrant refreshAccess(java.lang.String refreshToken,
                                 org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)
Description copied from interface: OAuth2Operations
Refreshes a previous access grant.

Specified by:
refreshAccess in interface OAuth2Operations
Parameters:
refreshToken - the refresh token from the previous access grant.
additionalParameters - any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.
Returns:
the access grant.

authenticateClient

public AccessGrant authenticateClient()
Description copied from interface: OAuth2Operations
Retrieves the client access grant using OAuth 2 client password flow. This is an access grant that is based on the client id and password (a.k.a. client secret).

Specified by:
authenticateClient in interface OAuth2Operations
Returns:
the access grant of the client only (not user related)

authenticateClient

public AccessGrant authenticateClient(java.lang.String scope)
Description copied from interface: OAuth2Operations
Retrieves the client access grant using OAuth 2 client password flow. This is an access grant that is based on the client id and password (a.k.a. client secret).

Specified by:
authenticateClient in interface OAuth2Operations
Parameters:
scope - optional scope to get for the access grant
Returns:
the access grant of the client only (not user related)

createRestTemplate

protected org.springframework.web.client.RestTemplate createRestTemplate()
Creates the RestTemplate used to communicate with the provider's OAuth 2 API. This implementation creates a RestTemplate with a minimal set of HTTP message converters (FormHttpMessageConverter and MappingJacksonHttpMessageConverter). May be overridden to customize how the RestTemplate is created. For example, if the provider returns data in some format other than JSON for form-encoded, you might override to register an appropriate message converter.


postForAccessGrant

protected AccessGrant postForAccessGrant(java.lang.String accessTokenUrl,
                                         org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> parameters)
Posts the request for an access grant to the provider. The default implementation uses RestTemplate to request the access token and expects a JSON response to be bound to a Map. The information in the Map will be used to create an AccessGrant. Since the OAuth 2 specification indicates that an access token response should be in JSON format, there's often no need to override this method. If all you need to do is capture provider-specific data in the response, you should override createAccessGrant() instead. However, in the event of a provider whose access token response is non-JSON, you may need to override this method to request that the response be bound to something other than a Map. For example, if the access token response is given as form-encoded, this method should be overridden to call RestTemplate.postForObject() asking for the response to be bound to a MultiValueMap (whose contents can then be used to create an AccessGrant).

Parameters:
accessTokenUrl - the URL of the provider's access token endpoint.
parameters - the parameters to post to the access token endpoint.
Returns:
the access grant.

createAccessGrant

protected AccessGrant createAccessGrant(java.lang.String accessToken,
                                        java.lang.String scope,
                                        java.lang.String refreshToken,
                                        java.lang.Integer expiresIn,
                                        java.util.Map<java.lang.String,java.lang.Object> response)
Creates an AccessGrant given the response from the access token exchange with the provider. May be overridden to create a custom AccessGrant that captures provider-specific information from the access token response.

Parameters:
accessToken - the access token value received from the provider
scope - the scope of the access token
refreshToken - a refresh token value received from the provider
expiresIn - the time (in seconds) remaining before the access token expires.
response - all parameters from the response received in the access token exchange.
Returns:
an AccessGrant

getRestTemplate

protected org.springframework.web.client.RestTemplate getRestTemplate()

Spring Social