public class OAuth2Template extends Object implements OAuth2Operations
Constructor and Description |
---|
OAuth2Template(String clientId,
String clientSecret,
String authorizeUrl,
String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials.
|
OAuth2Template(String clientId,
String clientSecret,
String authorizeUrl,
String authenticateUrl,
String accessTokenUrl)
Constructs an OAuth2Template for a given set of client credentials.
|
Modifier and Type | Method and Description |
---|---|
AccessGrant |
authenticateClient()
Retrieves the client access grant using OAuth 2 client password flow.
|
AccessGrant |
authenticateClient(String scope)
Retrieves the client access grant using OAuth 2 client password flow.
|
String |
buildAuthenticateUrl(GrantType grantType,
OAuth2Parameters parameters)
Construct the URL to redirect the user to for authentication.
|
String |
buildAuthenticateUrl(OAuth2Parameters parameters)
Construct the URL to redirect the user to for authentication via OAuth2's "Authorization Code Grant".
|
String |
buildAuthorizeUrl(GrantType grantType,
OAuth2Parameters parameters)
Construct the URL to redirect the user to for authorization.
|
String |
buildAuthorizeUrl(OAuth2Parameters parameters)
Construct the URL to redirect the user to for authorization via OAuth2's "Authorization Code Grant".
|
protected AccessGrant |
createAccessGrant(String accessToken,
String scope,
String refreshToken,
Long expiresIn,
Map<String,Object> response)
Creates an
AccessGrant given the response from the access token exchange with the provider. |
protected RestTemplate |
createRestTemplate()
Creates the
RestTemplate used to communicate with the provider's OAuth 2 API. |
AccessGrant |
exchangeCredentialsForAccess(String username,
String password,
MultiValueMap<String,String> additionalParameters)
Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).
|
AccessGrant |
exchangeForAccess(String authorizationCode,
String redirectUri,
MultiValueMap<String,String> additionalParameters)
Exchange the authorization code for an access grant.
|
protected RestTemplate |
getRestTemplate() |
protected AccessGrant |
postForAccessGrant(String accessTokenUrl,
MultiValueMap<String,String> parameters)
Posts the request for an access grant to the provider.
|
AccessGrant |
refreshAccess(String refreshToken,
MultiValueMap<String,String> additionalParameters)
Refreshes a previous access grant.
|
AccessGrant |
refreshAccess(String refreshToken,
String scope,
MultiValueMap<String,String> additionalParameters)
Deprecated.
|
void |
setRequestFactory(ClientHttpRequestFactory requestFactory)
Set the request factory on the underlying RestTemplate.
|
void |
setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication)
Set to true to pass client credentials to the provider as parameters instead of using HTTP Basic authentication.
|
public OAuth2Template(String clientId, String clientSecret, String authorizeUrl, String accessTokenUrl)
clientId
- the client IDclientSecret
- the client secretauthorizeUrl
- the base URL to redirect to when doing authorization code or implicit grant authorizationaccessTokenUrl
- the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access token.public OAuth2Template(String clientId, String clientSecret, String authorizeUrl, String authenticateUrl, String accessTokenUrl)
clientId
- the client IDclientSecret
- the client secretauthorizeUrl
- the base URL to redirect to when doing authorization code or implicit grant authorizationauthenticateUrl
- the URL to redirect to when doing authentication via authorization code grantaccessTokenUrl
- the URL at which an authorization code, refresh token, or user credentials may be exchanged for an access tokenpublic void setUseParametersForClientAuthentication(boolean useParametersForClientAuthentication)
useParametersForClientAuthentication
- true if the client credentials should be passed as parameters; false if passed via HTTP Basicpublic void setRequestFactory(ClientHttpRequestFactory requestFactory)
requestFactory
- the request factory used by the underlying RestTemplatepublic String buildAuthorizeUrl(OAuth2Parameters parameters)
OAuth2Operations
buildAuthorizeUrl
in interface OAuth2Operations
parameters
- authorization parameters needed to build the URLpublic String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters)
OAuth2Operations
OAuth2Operations.buildAuthorizeUrl(OAuth2Parameters)
instead.buildAuthorizeUrl
in interface OAuth2Operations
grantType
- specifies whether to use client-side or server-side OAuth flowparameters
- authorization parameters needed to build the URLpublic String buildAuthenticateUrl(OAuth2Parameters parameters)
OAuth2Operations
buildAuthenticateUrl
in interface OAuth2Operations
parameters
- authorization parameters needed to build the URLpublic String buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters)
OAuth2Operations
OAuth2Operations.buildAuthenticateUrl(OAuth2Parameters)
instead.buildAuthenticateUrl
in interface OAuth2Operations
grantType
- specifies whether to use client-side or server-side OAuth flowparameters
- authorization parameters needed to build the URLpublic AccessGrant exchangeForAccess(String authorizationCode, String redirectUri, MultiValueMap<String,String> additionalParameters)
OAuth2Operations
exchangeForAccess
in interface OAuth2Operations
authorizationCode
- the authorization code returned by the provider upon user authorizationredirectUri
- the authorization callback url; this value must match the redirectUri registered with the provideradditionalParameters
- any additional parameters to be sent when exchanging the authorization code for an access grant. Should not be encoded.public AccessGrant exchangeCredentialsForAccess(String username, String password, MultiValueMap<String,String> additionalParameters)
OAuth2Operations
exchangeCredentialsForAccess
in interface OAuth2Operations
username
- the user's username on the providerpassword
- the user's password on the provideradditionalParameters
- any additional parameters to be sent when exchanging the credentials for an access grant. Should not be encoded.@Deprecated public AccessGrant refreshAccess(String refreshToken, String scope, MultiValueMap<String,String> additionalParameters)
OAuth2Operations
refreshAccess
in interface OAuth2Operations
refreshToken
- the refresh token from the previous access grant.scope
- optional scope to narrow to when refreshing access; if null, the existing scope is preserved.additionalParameters
- any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.public AccessGrant refreshAccess(String refreshToken, MultiValueMap<String,String> additionalParameters)
OAuth2Operations
refreshAccess
in interface OAuth2Operations
refreshToken
- the refresh token from the previous access grant.additionalParameters
- any additional parameters to be sent when refreshing a previous access grant. Should not be encoded.public AccessGrant authenticateClient()
OAuth2Operations
authenticateClient
in interface OAuth2Operations
public AccessGrant authenticateClient(String scope)
OAuth2Operations
authenticateClient
in interface OAuth2Operations
scope
- optional scope to get for the access grantprotected RestTemplate createRestTemplate()
RestTemplate
used to communicate with the provider's OAuth 2 API.
This implementation creates a RestTemplate with a minimal set of HTTP message converters (FormHttpMessageConverter
and MappingJackson2HttpMessageConverter
).
May be overridden to customize how the RestTemplate is created.
For example, if the provider returns data in some format other than JSON for form-encoded, you might override to register an appropriate message converter.RestTemplate
used to communicate with the provider's OAuth 2 APIprotected AccessGrant postForAccessGrant(String accessTokenUrl, MultiValueMap<String,String> parameters)
AccessGrant
.
Since the OAuth 2 specification indicates that an access token response should be in JSON format, there's often no need to override this method.
If all you need to do is capture provider-specific data in the response, you should override createAccessGrant() instead.
However, in the event of a provider whose access token response is non-JSON, you may need to override this method to request that the response be bound to something other than a Map.
For example, if the access token response is given as form-encoded, this method should be overridden to call RestTemplate.postForObject() asking for the response to be bound to a MultiValueMap (whose contents can then be used to create an AccessGrant).accessTokenUrl
- the URL of the provider's access token endpoint.parameters
- the parameters to post to the access token endpoint.protected AccessGrant createAccessGrant(String accessToken, String scope, String refreshToken, Long expiresIn, Map<String,Object> response)
AccessGrant
given the response from the access token exchange with the provider.
May be overridden to create a custom AccessGrant that captures provider-specific information from the access token response.accessToken
- the access token value received from the providerscope
- the scope of the access tokenrefreshToken
- a refresh token value received from the providerexpiresIn
- the time (in seconds) remaining before the access token expires.response
- all parameters from the response received in the access token exchange.AccessGrant
protected RestTemplate getRestTemplate()