com.nimbusds.oauth2.sdk

Class AuthorizationRequest

java.lang.Object

com.nimbusds.oauth2.sdk.AbstractRequest

com.nimbusds.oauth2.sdk.AuthorizationRequest

All Implemented Interfaces:

Message, Request

Direct Known Subclasses:

AuthenticationRequest

@Immutable
public class AuthorizationRequest
extends AbstractRequest

Authorisation request. Used to authenticate an end-user and request the end-user's consent to grant the client access to a protected resource.

Extending classes may define additional request parameters as well as enforce tighter requirements on the base parameters.

Example HTTP request:

 https://server.example.com/authorize?
 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Related specifications:

• OAuth 2.0 (RFC 6749), sections 4.1.1 and 4.2.1.
• OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
• OAuth 2.0 Form Post Response Mode 1.0.
• Proof Key for Code Exchange by OAuth Public Clients (RFC 7636).

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthorizationRequest.Builder Builder for constructing authorisation requests.

Constructor Summary

Constructors

Constructor and Description
AuthorizationRequest(URI uri, ResponseType rt, ClientID clientID) Creates a new minimal authorisation request.
AuthorizationRequest(URI uri, ResponseType rt, ResponseMode rm, ClientID clientID, URI redirectURI, Scope scope, State state) Creates a new authorisation request.
AuthorizationRequest(URI uri, ResponseType rt, ResponseMode rm, ClientID clientID, URI redirectURI, Scope scope, State state, CodeChallenge codeChallenge, CodeChallengeMethod codeChallengeMethod) Creates a new authorisation request with PKCE support.

Method Summary

Methods

Modifier and Type	Method and Description
ClientID	getClientID() Gets the client identifier.
CodeChallenge	getCodeChallenge() Returns the code challenge for PKCE.
CodeChallengeMethod	getCodeChallengeMethod() Returns the code challenge method for PKCE.
URI	getRedirectionURI() Gets the redirection URI.
ResponseMode	getResponseMode() Gets the optional response mode.
ResponseType	getResponseType() Gets the response type.
Scope	getScope() Gets the scope.
State	getState() Gets the state.
ResponseMode	impliedResponseMode() Returns the implied response mode, determined by the optional response_mode parameter, and if that isn't specified, by the response_type.
static AuthorizationRequest	parse(HTTPRequest httpRequest) Parses an authorisation request from the specified HTTP request.
static AuthorizationRequest	parse(Map<String,String> params) Parses an authorisation request from the specified parameters.
static AuthorizationRequest	parse(String query) Parses an authorisation request from the specified URI query string.
static AuthorizationRequest	parse(URI uri) Parses an authorisation request from the specified URI.
static AuthorizationRequest	parse(URI uri, Map<String,String> params) Parses an authorisation request from the specified parameters.
static AuthorizationRequest	parse(URI uri, String query) Parses an authorisation request from the specified URI query string.
HTTPRequest	toHTTPRequest() Returns the matching HTTP request.
HTTPRequest	toHTTPRequest(HTTPRequest.Method method) Returns the matching HTTP request.
Map<String,String>	toParameters() Returns the parameters for this authorisation request.
String	toQueryString() Returns the URI query string for this authorisation request.
URI	toURI() Returns the complete URI representation for this authorisation request, consisting of the authorization endpoint URI with the query string appended.

Methods inherited from class com.nimbusds.oauth2.sdk.AbstractRequest

getEndpointURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationRequest

public AuthorizationRequest(URI uri,
                    ResponseType rt,
                    ClientID clientID)

Creates a new minimal authorisation request.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must not be null.

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

AuthorizationRequest

public AuthorizationRequest(URI uri,
                    ResponseType rt,
                    ResponseMode rm,
                    ClientID clientID,
                    URI redirectURI,
                    Scope scope,
                    State state)

Creates a new authorisation request.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must not be null.

rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the optional redirect_uri parameter. null if not specified.

scope - The request scope. Corresponds to the optional scope parameter. null if not specified.

state - The state. Corresponds to the recommended state parameter. null if not specified.

AuthorizationRequest

public AuthorizationRequest(URI uri,
                    ResponseType rt,
                    ResponseMode rm,
                    ClientID clientID,
                    URI redirectURI,
                    Scope scope,
                    State state,
                    CodeChallenge codeChallenge,
                    CodeChallengeMethod codeChallengeMethod)

Creates a new authorisation request with PKCE support.

Parameters:

uri - The URI of the authorisation endpoint. May be null if the toHTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest.Method) method will not be used.

rt - The response type. Corresponds to the response_type parameter. Must not be null.

rm - The response mode. Corresponds to the optional response_mode parameter. Use of this parameter is not recommended unless a non-default response mode is requested (e.g. form_post).

clientID - The client identifier. Corresponds to the client_id parameter. Must not be null.

redirectURI - The redirection URI. Corresponds to the optional redirect_uri parameter. null if not specified.

scope - The request scope. Corresponds to the optional scope parameter. null if not specified.

state - The state. Corresponds to the recommended state parameter. null if not specified.

codeChallenge - The code challenge for PKCE, null if not specified.

codeChallengeMethod - The code challenge method for PKCE, null if not specified.

Method Detail

getResponseType

public ResponseType getResponseType()

Gets the response type. Corresponds to the response_type parameter.

Returns:

The response type.

getResponseMode

public ResponseMode getResponseMode()

Gets the optional response mode. Corresponds to the optional response_mode parameter.

Returns:

The response mode, null if not specified.

impliedResponseMode

public ResponseMode impliedResponseMode()

Returns the implied response mode, determined by the optional response_mode parameter, and if that isn't specified, by the response_type.

Returns:

The implied response mode.

getClientID

public ClientID getClientID()

Gets the client identifier. Corresponds to the client_id parameter.

Returns:

The client identifier.

getRedirectionURI

public URI getRedirectionURI()

Gets the redirection URI. Corresponds to the optional redirection_uri parameter.

Returns:

The redirection URI, null if not specified.

getScope

public Scope getScope()

Gets the scope. Corresponds to the optional scope parameter.

Returns:

The scope, null if not specified.

getState

public State getState()

Gets the state. Corresponds to the recommended state parameter.

Returns:

The state, null if not specified.

getCodeChallenge

public CodeChallenge getCodeChallenge()

Returns the code challenge for PKCE.

Returns:

The code challenge, null if not specified.

getCodeChallengeMethod

public CodeChallengeMethod getCodeChallengeMethod()

Returns the code challenge method for PKCE.

Returns:

The code challenge method, null if not specified.

toParameters

public Map<String,String> toParameters()

Returns the parameters for this authorisation request.

Example parameters:

 response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
 

Returns:

The parameters.

toQueryString

public String toQueryString()

Returns the URI query string for this authorisation request.

Note that the '?' character preceding the query string in an URI is not included in the returned string.

Example URI query string:

 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Returns:

The URI query string.

toURI

public URI toURI()

Returns the complete URI representation for this authorisation request, consisting of the authorization endpoint URI with the query string appended.

Example URI:

 https://server.example.com/authorize?
 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Returns:

The URI representation.

toHTTPRequest

public HTTPRequest toHTTPRequest(HTTPRequest.Method method)

Returns the matching HTTP request.

Parameters:

method - The HTTP request method which can be GET or POST. Must not be null.

Returns:

The HTTP request.

toHTTPRequest

public HTTPRequest toHTTPRequest()

Description copied from interface: Request

Returns the matching HTTP request.

Returns:

The HTTP request.

parse

public static AuthorizationRequest parse(Map<String,String> params)
                                  throws ParseException

Parses an authorisation request from the specified parameters.

Example parameters:

 response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
 

Parameters:

params - The parameters. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the parameters couldn't be parsed to an authorisation request.

parse

public static AuthorizationRequest parse(URI uri,
                         Map<String,String> params)
                                  throws ParseException

Parses an authorisation request from the specified parameters.

Example parameters:

 response_type = code
 client_id     = s6BhdRkqt3
 state         = xyz
 redirect_uri  = https://client.example.com/cb
 

Parameters:

uri - The URI of the authorisation endpoint. May be null if the toHTTPRequest() method will not be used.

params - The parameters. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the parameters couldn't be parsed to an authorisation request.

parse

public static AuthorizationRequest parse(String query)
                                  throws ParseException

Parses an authorisation request from the specified URI query string.

Example URI query string:

 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Parameters:

query - The URI query string. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the query string couldn't be parsed to an authorisation request.

parse

public static AuthorizationRequest parse(URI uri,
                         String query)
                                  throws ParseException

Parses an authorisation request from the specified URI query string.

Example URI query string:

 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Parameters:

uri - The URI of the authorisation endpoint. May be null if the toHTTPRequest() method will not be used.

query - The URI query string. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the query string couldn't be parsed to an authorisation request.

parse

public static AuthorizationRequest parse(URI uri)
                                  throws ParseException

Parses an authorisation request from the specified URI.

Example URI:

 https://server.example.com/authorize?
 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Parameters:

uri - The URI. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the URI couldn't be parsed to an authorisation request.

parse

public static AuthorizationRequest parse(HTTPRequest httpRequest)
                                  throws ParseException

Parses an authorisation request from the specified HTTP request.

Example HTTP request (GET):

 https://server.example.com/authorize?
 response_type=code
 &client_id=s6BhdRkqt3
 &state=xyz
 &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
 

Parameters:

httpRequest - The HTTP request. Must not be null.

Returns:

The authorisation request.

Throws:

ParseException - If the HTTP request couldn't be parsed to an authorisation request.