Class AuthenticationController
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionbuildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, String redirectUri)
Deprecated.buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String redirectUri)
Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.void
Disable sending the Telemetry header on every request to the Auth0 APIhandle(javax.servlet.http.HttpServletRequest request)
Deprecated.This method uses theHttpSession
for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Process a request to obtain a set ofTokens
that represent successful authentication or authorization.newBuilder(String domain, String clientId, String clientSecret)
Create a newAuthenticationController.Builder
instance to configure theAuthenticationController
response type and algorithm used on the verification.void
setLoggingEnabled(boolean enabled)
Whether to enable or not the HTTP Logger for every Request and Response.
-
Method Details
-
newBuilder
public static AuthenticationController.Builder newBuilder(String domain, String clientId, String clientSecret)Create a newAuthenticationController.Builder
instance to configure theAuthenticationController
response type and algorithm used on the verification. By default it will request response type 'code' and later perform the Code Exchange, but if the response type is changed to 'token' it will handle the Implicit Grant using the HS256 algorithm with the Client Secret as secret.- Parameters:
domain
- the Auth0 domainclientId
- the Auth0 application's client idclientSecret
- the Auth0 application's client secret- Returns:
- a new Builder instance ready to configure
-
setLoggingEnabled
public void setLoggingEnabled(boolean enabled)Whether to enable or not the HTTP Logger for every Request and Response. Enabling this can expose sensitive information.- Parameters:
enabled
- whether to enable the HTTP logger or not.
-
doNotSendTelemetry
public void doNotSendTelemetry()Disable sending the Telemetry header on every request to the Auth0 API -
handle
public Tokens handle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IdentityVerificationExceptionProcess a request to obtain a set ofTokens
that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).Important: When using this API, you must also use
buildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)
when building theAuthorizeUrl
that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.- Parameters:
request
- the received request to process.response
- the received response to process.- Returns:
- the Tokens obtained after the user authentication.
- Throws:
InvalidRequestException
- if the error is result of making an invalid authentication request.IdentityVerificationException
- if an error occurred while verifying the request tokens.
-
handle
@Deprecated public Tokens handle(javax.servlet.http.HttpServletRequest request) throws IdentityVerificationExceptionDeprecated.This method uses theHttpSession
for auth-based data, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. Usehandle(HttpServletRequest, HttpServletResponse)
instead.Process a request to obtain a set ofTokens
that represent successful authentication or authorization. This method should be called when processing the callback request to your application. It will validate authentication-related request parameters, handle performing a Code Exchange request if using the "code" response type, and verify the integrity of the ID token (if present).Important: When using this API, you must also use the
buildAuthorizeUrl(HttpServletRequest, String)
when building theAuthorizeUrl
that the user will be redirected to to login. Failure to do so may result in a broken login experience for the user.- Parameters:
request
- the received request to process.- Returns:
- the Tokens obtained after the user authentication.
- Throws:
InvalidRequestException
- if the error is result of making an invalid authentication request.IdentityVerificationException
- if an error occurred while verifying the request tokens.
-
buildAuthorizeUrl
@Deprecated public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, String redirectUri)Deprecated.This method stores data in theHttpSession
, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions. This method will be removed in version 2.0.0. UsebuildAuthorizeUrl(HttpServletRequest, HttpServletResponse, String)
instead.Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.Important: When using this API, you must also obtain the tokens using the
handle(HttpServletRequest)
method. Failure to do so may result in a broken login experience for users.- Parameters:
request
- the caller request. Used to keep the session context.redirectUri
- the url to call back with the authentication result.- Returns:
- the authorize url builder to continue any further parameter customization.
-
buildAuthorizeUrl
public AuthorizeUrl buildAuthorizeUrl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String redirectUri)Pre builds an Auth0 Authorize Url with the given redirect URI using a random state and a random nonce if applicable.Important: When using this API, you must also obtain the tokens using the
handle(HttpServletRequest, HttpServletResponse)
method. Failure to do so will result in a broken login experience for users.- Parameters:
request
- the HTTP requestresponse
- the HTTP response. Used to store auth-based cookies.redirectUri
- the url to call back with the authentication result.- Returns:
- the authorize url builder to continue any further parameter customization.
-
HttpSession
, and is incompatible with clients that are using the "id_token" or "token" responseType with browsers that enforce SameSite cookie restrictions.