Package com.nimbusds.oauth2.sdk

Class AuthorizationSuccessResponse

java.lang.Object
com.nimbusds.oauth2.sdk.AuthorizationResponse
com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse
All Implemented Interfaces:
Message, Response, SuccessResponse
Direct Known Subclasses:
AuthenticationSuccessResponse
@Immutable public class AuthorizationSuccessResponse extends AuthorizationResponse implements SuccessResponse
Authorisation success response. Used to return an authorisation code or access token at the Authorisation endpoint.

Example HTTP response with code (code flow): 

 HTTP/1.1 302 Found
 Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz

Example HTTP response with access token (implicit flow): 

 HTTP/1.1 302 Found
 Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
           &state=xyz&token_type=Bearer&expires_in=3600

Related specifications:

  • OAuth 2.0 (RFC 6749)
  • OAuth 2.0 Multiple Response Type Encoding Practices 1.0
  • OAuth 2.0 Form Post Response Mode 1.0
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
  • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)

  • Constructor Details

    • AuthorizationSuccessResponse

      public AuthorizationSuccessResponse(URI redirectURI, AuthorizationCode code, AccessToken accessToken, State state, ResponseMode rm)
      Creates a new authorisation success response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      code - The authorisation code, null if not requested.
      accessToken - The access token, null if not requested.
      state - The state, null if not specified.
      rm - The response mode, null if not specified.

    • AuthorizationSuccessResponse

      public AuthorizationSuccessResponse(URI redirectURI, AuthorizationCode code, AccessToken accessToken, State state, Issuer issuer, ResponseMode rm)
      Creates a new authorisation success response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      code - The authorisation code, null if not requested.
      accessToken - The access token, null if not requested.
      state - The state, null if not specified.
      issuer - The issuer, null if not specified.
      rm - The response mode, null if not specified.

    • AuthorizationSuccessResponse

      public AuthorizationSuccessResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)
      Creates a new JSON Web Token (JWT) secured authorisation success response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      jwtResponse - The JWT-secured response. Must not be null.
      rm - The response mode, null if not specified.

  • Method Details

    • indicatesSuccess

      public boolean indicatesSuccess()
      Description copied from interface: Response
      Checks if the response indicates success.
      Specified by:
      indicatesSuccess in interface Response
      Returns:
      true if the response indicates success, else false.

    • impliedResponseType

      public ResponseType impliedResponseType()
      Returns the implied response type.
      Returns:
      The implied response type.

    • impliedResponseMode

      public ResponseMode impliedResponseMode()
      Description copied from class: AuthorizationResponse
      Determines the implied response mode.
      Specified by:
      impliedResponseMode in class AuthorizationResponse
      Returns:
      The implied response mode.

    • getAuthorizationCode

      public AuthorizationCode getAuthorizationCode()
      Gets the authorisation code.
      Returns:
      The authorisation code, null if not requested.

    • getAccessToken

      public AccessToken getAccessToken()
      Gets the access token.
      Returns:
      The access token, null if not requested.

    • toParameters

      public Map<String,List<String>> toParameters()
      Description copied from class: AuthorizationResponse
      Returns the parameters of this authorisation response.

      Example parameters (authorisation success): 

       access_token = 2YotnFZFEjr1zCsicMWpAA
 state = xyz
 token_type = example
 expires_in = 3600
      Specified by:
      toParameters in class AuthorizationResponse
      Returns:
      The parameters as a map.

    • parse

      public static AuthorizationSuccessResponse parse(URI redirectURI, Map<String,List<String>> params) throws ParseException
      Parses an authorisation success response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      params - The response parameters to parse. Must not be null.
      Returns:
      The authorisation success response.
      Throws:
      ParseException - If the parameters couldn't be parsed to an authorisation success response.

    • parse

      public static AuthorizationSuccessResponse parse(URI uri) throws ParseException
      Parses an authorisation success response.

      Use a relative URI if the host, port and path details are not known: 

       URI relUrl = new URI("https:///?code=Qcb0Orv1...&state=af0ifjsldkj");

      Example URI: 

       https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
      Parameters:
      uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not be null.
      Returns:
      The authorisation success response.
      Throws:
      ParseException - If the redirection URI couldn't be parsed to an authorisation success response.

    • parse

      public static AuthorizationSuccessResponse parse(HTTPResponse httpResponse) throws ParseException
      Parses an authorisation success response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.

      Example HTTP response: 

       HTTP/1.1 302 Found
 Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
      Parameters:
      httpResponse - The HTTP response to parse. Must not be null.
      Returns:
      The authorisation success response.
      Throws:
      ParseException - If the HTTP response couldn't be parsed to an authorisation success response.
      See Also:

    • parse

      public static AuthorizationSuccessResponse parse(HTTPRequest httpRequest) throws ParseException
      Parses an authorisation success response from the specified HTTP request at the client redirection (callback) URI. Applies to query, fragment and form_post response modes.

      Example HTTP request (authorisation success): 

       GET /cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz HTTP/1.1
 Host: client.example.com
      Parameters:
      httpRequest - The HTTP request to parse. Must not be null.
      Returns:
      The authorisation success response.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to an authorisation success response.
      See Also: