public class AuthenticationController
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
AuthenticationController.Builder |
Modifier and Type | Method and Description |
---|---|
AuthorizeUrl |
buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String redirectUri)
Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.
|
AuthorizeUrl |
buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request,
java.lang.String redirectUri)
Deprecated.
This method stores data in the
HttpSession , and is incompatible with clients
that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
This method will be removed in version 2.0.0. Use
buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) instead. |
void |
doNotSendTelemetry()
Disable sending the Telemetry header on every request to the Auth0 API
|
Tokens |
handle(javax.servlet.http.HttpServletRequest request)
Deprecated.
This method uses the
HttpSession for auth-based data, and is incompatible
with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie
restrictions. This method will be removed in version 2.0.0. Use
handle(HttpServletRequest, HttpServletResponse) instead. |
Tokens |
handle(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Process a request to obtain a set of
Tokens that represent successful authentication or authorization. |
static AuthenticationController.Builder |
newBuilder(java.lang.String domain,
java.lang.String clientId,
java.lang.String clientSecret)
Create a new
AuthenticationController.Builder instance to configure the AuthenticationController response type and algorithm used on the verification. |
void |
setLoggingEnabled(boolean enabled)
Whether to enable or not the HTTP Logger for every Request and Response.
|
public static AuthenticationController.Builder newBuilder(java.lang.String domain, java.lang.String clientId, java.lang.String clientSecret)
AuthenticationController.Builder
instance to configure the AuthenticationController
response type and algorithm used on the verification.
By default it will request response type 'code' and later perform the Code Exchange, but if the response type is changed to 'token' it will handle
the Implicit Grant using the HS256 algorithm with the Client Secret as secret.domain
- the Auth0 domainclientId
- the Auth0 application's client idclientSecret
- the Auth0 application's client secretpublic void setLoggingEnabled(boolean enabled)
enabled
- whether to enable the HTTP logger or not.public void doNotSendTelemetry()
public Tokens handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IdentityVerificationException
Tokens
that represent successful authentication or authorization.
This method should be called when processing the callback request to your application. It will validate
authentication-related request parameters, handle performing a Code Exchange request if using
the "code" response type, and verify the integrity of the ID token (if present).
Important: When using this API, you must also use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)
when building the AuthorizeUrl
that the user will be redirected to to login. Failure to do so may result
in a broken login experience for the user.
request
- the received request to process.response
- the received response to process.InvalidRequestException
- if the error is result of making an invalid authentication request.IdentityVerificationException
- if an error occurred while verifying the request tokens.@Deprecated public Tokens handle(javax.servlet.http.HttpServletRequest request) throws IdentityVerificationException
HttpSession
for auth-based data, and is incompatible
with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie
restrictions. This method will be removed in version 2.0.0. Use
handle(HttpServletRequest, HttpServletResponse)
instead.Tokens
that represent successful authentication or authorization.
This method should be called when processing the callback request to your application. It will validate
authentication-related request parameters, handle performing a Code Exchange request if using
the "code" response type, and verify the integrity of the ID token (if present).
Important: When using this API, you must also use the buildAuthorizeUrl(HttpServletRequest, String)
when building the AuthorizeUrl
that the user will be redirected to to login. Failure to do so may result
in a broken login experience for the user.
request
- the received request to process.InvalidRequestException
- if the error is result of making an invalid authentication request.IdentityVerificationException
- if an error occurred while verifying the request tokens.@Deprecated public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, java.lang.String redirectUri)
HttpSession
, and is incompatible with clients
that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
This method will be removed in version 2.0.0. Use
buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)
instead.Important: When using this API, you must also obtain the tokens using the
handle(HttpServletRequest)
method. Failure to do so may result in a broken login
experience for users.
request
- the caller request. Used to keep the session context.redirectUri
- the url to call back with the authentication result.public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String redirectUri)
Important: When using this API, you must also obtain the tokens using the
handle(HttpServletRequest, HttpServletResponse)
method. Failure to do so will result in a broken login
experience for users.
request
- the HTTP requestresponse
- the HTTP response. Used to store auth-based cookies.redirectUri
- the url to call back with the authentication result.