com.auth0

Class AuthenticationController

java.lang.Object

com.auth0.AuthenticationController

public class AuthenticationController
extends java.lang.Object

Base Auth0 Authenticator class. Allows to easily authenticate using the Auth0 Hosted Login Page.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthenticationController.Builder

Method Summary

Modifier and Type	Method and Description
AuthorizeUrl	buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String redirectUri) Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.
AuthorizeUrl	buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, java.lang.String redirectUri) Deprecated. This method stores data in the HttpSession, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) instead.
void	doNotSendTelemetry() Disable sending the Telemetry header on every request to the Auth0 API
Tokens	handle(javax.servlet.http.HttpServletRequest request) Deprecated. This method uses the HttpSession for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use handle(HttpServletRequest, HttpServletResponse) instead.
Tokens	handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Process a request to obtain a set of Tokens that represent successful authentication or authorization.
static AuthenticationController.Builder	newBuilder(java.lang.String domain, java.lang.String clientId, java.lang.String clientSecret) Create a new AuthenticationController.Builder instance to configure the AuthenticationController response type and algorithm used on the verification.
void	setLoggingEnabled(boolean enabled) Whether to enable or not the HTTP Logger for every Request and Response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newBuilder

public static AuthenticationController.Builder newBuilder(java.lang.String domain,
                                                          java.lang.String clientId,
                                                          java.lang.String clientSecret)

Create a new AuthenticationController.Builder instance to configure the AuthenticationController response type and algorithm used on the verification. By default it will request response type 'code' and later perform the Code Exchange, but if the response type is changed to 'token' it will handle the Implicit Grant using the HS256 algorithm with the Client Secret as secret.

Parameters:

domain - the Auth0 domain

clientId - the Auth0 application's client id

clientSecret - the Auth0 application's client secret

Returns:

a new Builder instance ready to configure

setLoggingEnabled

public void setLoggingEnabled(boolean enabled)

Whether to enable or not the HTTP Logger for every Request and Response. Enabling this can expose sensitive information.

Parameters:

enabled - whether to enable the HTTP logger or not.

doNotSendTelemetry

public void doNotSendTelemetry()

Disable sending the Telemetry header on every request to the Auth0 API

handle

public Tokens handle(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)
              throws IdentityVerificationException

Process a request to obtain a set of Tokens that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).

Important: When using this API, you must also use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) when building the AuthorizeUrl that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.

Parameters:

request - the received request to process.

response - the received response to process.

Returns:

the Tokens obtained after the user authentication.

Throws:

InvalidRequestException - if the error is result of making an invalid authentication request.

IdentityVerificationException - if an error occurred while verifying the request tokens.

handle

@Deprecated
public Tokens handle(javax.servlet.http.HttpServletRequest request)
                          throws IdentityVerificationException

Deprecated. This method uses the HttpSession for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use handle(HttpServletRequest, HttpServletResponse) instead.

Process a request to obtain a set of Tokens that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).

Important: When using this API, you must also use the buildAuthorizeUrl(HttpServletRequest, String) when building the AuthorizeUrl that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.

Parameters:

request - the received request to process.

Returns:

the Tokens obtained after the user authentication.

Throws:

InvalidRequestException - if the error is result of making an invalid authentication request.

IdentityVerificationException - if an error occurred while verifying the request tokens.

buildAuthorizeUrl

@Deprecated
public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request,
                                                  java.lang.String redirectUri)

Deprecated. This method stores data in the HttpSession, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) instead.

Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.

Important: When using this API, you must also obtain the tokens using the handle(HttpServletRequest) method. Failure to do so may result in a broken login experience for users.

Parameters:

request - the caller request. Used to keep the session context.

redirectUri - the url to call back with the authentication result.

Returns:

the authorize url builder to continue any further parameter customization.

buildAuthorizeUrl

public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response,
                                      java.lang.String redirectUri)

Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.

Important: When using this API, you must also obtain the tokens using the handle(HttpServletRequest, HttpServletResponse) method. Failure to do so will result in a broken login experience for users.

Parameters:

request - the HTTP request

response - the HTTP response. Used to store auth-based cookies.

redirectUri - the url to call back with the authentication result.

Returns:

the authorize url builder to continue any further parameter customization.