org.springframework.social.oauth2
Class OAuth2Template

java.lang.Object
  org.springframework.social.oauth2.OAuth2Template

All Implemented Interfaces:

OAuth2Operations

public class OAuth2Template
extends java.lang.Object
implements OAuth2Operations

OAuth2Operations implementation that uses REST-template to make the OAuth calls.

Author:

Keith Donald, Roy Clarkson

Constructor Summary

OAuth2Template(java.lang.String clientId, java.lang.String clientSecret, java.lang.String authorizeUrl, java.lang.String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials.

OAuth2Template(java.lang.String clientId, java.lang.String clientSecret, java.lang.String authorizeUrl, java.lang.String authenticateUrl, java.lang.String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials.

Method Summary

AccessGrant	authenticateClient() Retrieves the client access grant using OAuth 2 client password flow.
AccessGrant	authenticateClient(java.lang.String scope) Retrieves the client access grant using OAuth 2 client password flow.
java.lang.String	buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters) Construct the URL to redirect the user to for authentication.
java.lang.String	buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters) Construct the URL to redirect the user to for authorization.
protected AccessGrant	createAccessGrant(java.lang.String accessToken, java.lang.String scope, java.lang.String refreshToken, java.lang.Integer expiresIn, java.util.Map<java.lang.String,java.lang.Object> response) Creates an AccessGrant given the response from the access token exchange with the provider.
protected org.springframework.web.client.RestTemplate	createRestTemplate() Creates the RestTemplate used to communicate with the provider's OAuth 2 API.
AccessGrant	exchangeCredentialsForAccess(java.lang.String username, java.lang.String password, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters) Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).
AccessGrant	exchangeForAccess(java.lang.String authorizationCode, java.lang.String redirectUri, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters) Exchange the authorization code for an access grant.
protected org.springframework.web.client.RestTemplate	getRestTemplate()
protected AccessGrant	postForAccessGrant(java.lang.String accessTokenUrl, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> parameters) Posts the request for an access grant to the provider.
AccessGrant	refreshAccess(java.lang.String refreshToken, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters) Refreshes a previous access grant.
AccessGrant	refreshAccess(java.lang.String refreshToken, java.lang.String scope, org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters) Refreshes a previous access grant.
void	setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory requestFactory) Set the request factory on the underlying RestTemplate.
void	setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication) Set to true to pass client credentials to the provider as parameters instead of using HTTP Basic authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuth2Template

public OAuth2Template(java.lang.String clientId,
                      java.lang.String clientSecret,
                      java.lang.String authorizeUrl,
                      java.lang.String accessTokenUrl)

Constructs an OAuth2Template for a given set of client credentials. Assumes that the authorization URL is the same as the authentication URL.

Parameters:

clientId - the client ID

clientSecret - the client secret

authorizeUrl - the base URL to redirect to when doing authorization code or implicit grant authorization

accessTokenUrl - the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access token.

OAuth2Template

public OAuth2Template(java.lang.String clientId,
                      java.lang.String clientSecret,
                      java.lang.String authorizeUrl,
                      java.lang.String authenticateUrl,
                      java.lang.String accessTokenUrl)

Constructs an OAuth2Template for a given set of client credentials.

Parameters:

clientId - the client ID

clientSecret - the client secret

authorizeUrl - the base URL to redirect to when doing authorization code or implicit grant authorization

authenticateUrl - the URL to redirect to when doing authentication via authorization code grant

accessTokenUrl - the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access token

Method Detail

setUseParametersForClientAuthentication

public void setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication)

Set to true to pass client credentials to the provider as parameters instead of using HTTP Basic authentication. NOTE: For Spring Social v1.0.3, this will default to "true", as most OAuth2 providers do not yet support HTTP Basic for client authorization. This default will change to false for Spring Social v1.1.0.

Parameters:

useParametersForClientAuthentication -

setRequestFactory

public void setRequestFactory(org.springframework.http.client.ClientHttpRequestFactory requestFactory)

Set the request factory on the underlying RestTemplate. This can be used to plug in a different HttpClient to do things like configure custom SSL settings.

buildAuthorizeUrl

public java.lang.String buildAuthorizeUrl(GrantType grantType,
                                          OAuth2Parameters parameters)

Description copied from interface: OAuth2Operations

Construct the URL to redirect the user to for authorization.

Specified by:

buildAuthorizeUrl in interface OAuth2Operations

Parameters:

grantType - specifies whether to use client-side or server-side OAuth flow

parameters - authorization parameters needed to build the URL

Returns:

the absolute authorize URL to redirect the user to for authorization

buildAuthenticateUrl

public java.lang.String buildAuthenticateUrl(GrantType grantType,
                                             OAuth2Parameters parameters)

Description copied from interface: OAuth2Operations

Construct the URL to redirect the user to for authentication. The authenticate URL differs from the authorizationUrl slightly in that it does not require the user to authorize the app multiple times. This provides a better user experience for "Sign in with Provider" scenarios.

Specified by:

buildAuthenticateUrl in interface OAuth2Operations

Parameters:

grantType - specifies whether to use client-side or server-side OAuth flow

parameters - authorization parameters needed to build the URL

Returns:

the absolute authenticate URL to redirect the user to for authorization

exchangeForAccess

public AccessGrant exchangeForAccess(java.lang.String authorizationCode,
                                     java.lang.String redirectUri,
                                     org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)

Description copied from interface: OAuth2Operations

Exchange the authorization code for an access grant.

Specified by:

exchangeForAccess in interface OAuth2Operations

Parameters:

authorizationCode - the authorization code returned by the provider upon user authorization

redirectUri - the authorization callback url; this value must match the redirectUri registered with the provider

additionalParameters - any additional parameters to be sent when exchanging the authorization code for an access grant. Should not be encoded.

Returns:

the access grant.

exchangeCredentialsForAccess

public AccessGrant exchangeCredentialsForAccess(java.lang.String username,
                                                java.lang.String password,
                                                org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)

Description copied from interface: OAuth2Operations

Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).

Specified by:

exchangeCredentialsForAccess in interface OAuth2Operations

Parameters:

username - the user's username on the provider

password - the user's password on the provider

additionalParameters - any additional parameters to be sent when exchanging the credentials for an access grant. Should not be encoded.

Returns:

the access grant.

refreshAccess

public AccessGrant refreshAccess(java.lang.String refreshToken,
                                 java.lang.String scope,
                                 org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)

Description copied from interface: OAuth2Operations

Refreshes a previous access grant.

Specified by:

refreshAccess in interface OAuth2Operations

Parameters:

refreshToken - the refresh token from the previous access grant.

scope - optional scope to narrow to when refreshing access; if null, the existing scope is preserved.

additionalParameters - any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.

Returns:

the access grant.

refreshAccess

public AccessGrant refreshAccess(java.lang.String refreshToken,
                                 org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> additionalParameters)

Description copied from interface: OAuth2Operations

Refreshes a previous access grant.

Specified by:

refreshAccess in interface OAuth2Operations

Parameters:

refreshToken - the refresh token from the previous access grant.

additionalParameters - any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.

Returns:

the access grant.

authenticateClient

public AccessGrant authenticateClient()

Description copied from interface: OAuth2Operations

Retrieves the client access grant using OAuth 2 client password flow. This is an access grant that is based on the client id and password (a.k.a. client secret).

Specified by:

authenticateClient in interface OAuth2Operations

Returns:

the access grant of the client only (not user related)

authenticateClient

public AccessGrant authenticateClient(java.lang.String scope)

Description copied from interface: OAuth2Operations

Retrieves the client access grant using OAuth 2 client password flow. This is an access grant that is based on the client id and password (a.k.a. client secret).

Specified by:

authenticateClient in interface OAuth2Operations

Parameters:

scope - optional scope to get for the access grant

Returns:

the access grant of the client only (not user related)

createRestTemplate

protected org.springframework.web.client.RestTemplate createRestTemplate()

Creates the RestTemplate used to communicate with the provider's OAuth 2 API. This implementation creates a RestTemplate with a minimal set of HTTP message converters (FormHttpMessageConverter and MappingJacksonHttpMessageConverter). May be overridden to customize how the RestTemplate is created. For example, if the provider returns data in some format other than JSON for form-encoded, you might override to register an appropriate message converter.

postForAccessGrant

protected AccessGrant postForAccessGrant(java.lang.String accessTokenUrl,
                                         org.springframework.util.MultiValueMap<java.lang.String,java.lang.String> parameters)

Posts the request for an access grant to the provider. The default implementation uses RestTemplate to request the access token and expects a JSON response to be bound to a Map. The information in the Map will be used to create an AccessGrant. Since the OAuth 2 specification indicates that an access token response should be in JSON format, there's often no need to override this method. If all you need to do is capture provider-specific data in the response, you should override createAccessGrant() instead. However, in the event of a provider whose access token response is non-JSON, you may need to override this method to request that the response be bound to something other than a Map. For example, if the access token response is given as form-encoded, this method should be overridden to call RestTemplate.postForObject() asking for the response to be bound to a MultiValueMap (whose contents can then be used to create an AccessGrant).

Parameters:

accessTokenUrl - the URL of the provider's access token endpoint.

parameters - the parameters to post to the access token endpoint.

Returns:

the access grant.

createAccessGrant

protected AccessGrant createAccessGrant(java.lang.String accessToken,
                                        java.lang.String scope,
                                        java.lang.String refreshToken,
                                        java.lang.Integer expiresIn,
                                        java.util.Map<java.lang.String,java.lang.Object> response)

Creates an AccessGrant given the response from the access token exchange with the provider. May be overridden to create a custom AccessGrant that captures provider-specific information from the access token response.

Parameters:

accessToken - the access token value received from the provider

scope - the scope of the access token

refreshToken - a refresh token value received from the provider

expiresIn - the time (in seconds) remaining before the access token expires.

response - all parameters from the response received in the access token exchange.

Returns:

an AccessGrant

getRestTemplate

protected org.springframework.web.client.RestTemplate getRestTemplate()