Package com.auth0

Class AuthenticationController

java.lang.Object
com.auth0.AuthenticationController
public class AuthenticationController extends Object
Base Auth0 Authenticator class. Allows to easily authenticate using the Auth0 Hosted Login Page.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    AuthenticationController.Builder
     

  • Method Summary

    Modifier and Type
    Method
    Description
    AuthorizeUrl
    buildAuthorizeUrl​(javax.servlet.http.HttpServletRequest request, String redirectUri)
    Deprecated.
    This method stores data in the HttpSession, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
    AuthorizeUrl
    buildAuthorizeUrl​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String redirectUri)
    Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.
    void
    doNotSendTelemetry()
    Disable sending the Telemetry header on every request to the Auth0 API
    Tokens
    handle​(javax.servlet.http.HttpServletRequest request)
    Deprecated.
    This method uses the HttpSession for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.
    Tokens
    handle​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Process a request to obtain a set of Tokens that represent successful authentication or authorization.
    static AuthenticationController.Builder
    newBuilder​(String domain, String clientId, String clientSecret)
    Create a new AuthenticationController.Builder instance to configure the AuthenticationController response type and algorithm used on the verification.
    void
    setLoggingEnabled​(boolean enabled)
    Whether to enable or not the HTTP Logger for every Request and Response.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • newBuilder

      public static AuthenticationController.Builder newBuilder(String domain, String clientId, String clientSecret)
      Create a new AuthenticationController.Builder instance to configure the AuthenticationController response type and algorithm used on the verification. By default it will request response type 'code' and later perform the Code Exchange, but if the response type is changed to 'token' it will handle the Implicit Grant using the HS256 algorithm with the Client Secret as secret.
      Parameters:
      domain - the Auth0 domain
      clientId - the Auth0 application's client id
      clientSecret - the Auth0 application's client secret
      Returns:
      a new Builder instance ready to configure

    • setLoggingEnabled

      public void setLoggingEnabled(boolean enabled)
      Whether to enable or not the HTTP Logger for every Request and Response. Enabling this can expose sensitive information.
      Parameters:
      enabled - whether to enable the HTTP logger or not.

    • doNotSendTelemetry

      public void doNotSendTelemetry()
      Disable sending the Telemetry header on every request to the Auth0 API

    • handle

      public Tokens handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IdentityVerificationException
      Process a request to obtain a set of Tokens that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).

      Important: When using this API, you must also use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) when building the AuthorizeUrl that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.

      Parameters:
      request - the received request to process.
      response - the received response to process.
      Returns:
      the Tokens obtained after the user authentication.
      Throws:
      InvalidRequestException - if the error is result of making an invalid authentication request.
      IdentityVerificationException - if an error occurred while verifying the request tokens.

    • handle

      @Deprecated public Tokens handle(javax.servlet.http.HttpServletRequest request) throws IdentityVerificationException
      Deprecated.
      This method uses the HttpSession for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use handle(HttpServletRequest, HttpServletResponse) instead.
      Process a request to obtain a set of Tokens that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).

      Important: When using this API, you must also use the buildAuthorizeUrl(HttpServletRequest, String) when building the AuthorizeUrl that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.

      Parameters:
      request - the received request to process.
      Returns:
      the Tokens obtained after the user authentication.
      Throws:
      InvalidRequestException - if the error is result of making an invalid authentication request.
      IdentityVerificationException - if an error occurred while verifying the request tokens.

    • buildAuthorizeUrl

      @Deprecated public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, String redirectUri)
      Deprecated.
      This method stores data in the HttpSession, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Use buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String) instead.
      Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.

      Important: When using this API, you must also obtain the tokens using the handle(HttpServletRequest) method. Failure to do so may result in a broken login experience for users.

      Parameters:
      request - the caller request. Used to keep the session context.
      redirectUri - the url to call back with the authentication result.
      Returns:
      the authorize url builder to continue any further parameter customization.

    • buildAuthorizeUrl

      public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String redirectUri)
      Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.

      Important: When using this API, you must also obtain the tokens using the handle(HttpServletRequest, HttpServletResponse) method. Failure to do so will result in a broken login experience for users.

      Parameters:
      request - the HTTP request
      response - the HTTP response. Used to store auth-based cookies.
      redirectUri - the url to call back with the authentication result.
      Returns:
      the authorize url builder to continue any further parameter customization.