Class AuthorizationRequest
- java.lang.Object
-
- net.openid.appauth.AuthorizationRequest
-
- All Implemented Interfaces:
AuthorizationManagementRequest
public class AuthorizationRequest extends Object implements AuthorizationManagementRequest
An OAuth2 authorization request.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4 https://tools.ietf.org/html/rfc6749#section-4”
,“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AuthorizationRequest.Builder
Creates instances ofAuthorizationRequest
.static class
AuthorizationRequest.Display
All spec-defined values for the OpenID Connect 1.0display
parameter.static class
AuthorizationRequest.Prompt
All spec-defined values for the OpenID Connect 1.0prompt
parameter.static class
AuthorizationRequest.ResponseMode
All spec-defined values for the OAuth2 / OpenID Connectresponse_mode
parameter.static class
AuthorizationRequest.Scope
All spec-defined values for the OAuth2 / OpenID Connect 1.0scope
parameter.
-
Field Summary
Fields Modifier and Type Field Description Map<String,String>
additionalParameters
Additional parameters to be passed as part of the request.JSONObject
claims
Requests that specific Claims be returned.String
claimsLocales
End-User’s preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.String
clientId
The client identifier.static String
CODE_CHALLENGE_METHOD_PLAIN
Plain-text code verifier challenge method.static String
CODE_CHALLENGE_METHOD_S256
SHA-256 based code verifier challenge method.String
codeVerifier
The proof key for code exchange.String
codeVerifierChallenge
The challenge derived from thecode verifier
, using thechallenge method
.String
codeVerifierChallengeMethod
The challenge method used to generate achallenge
from thecode verifier
.AuthorizationServiceConfiguration
configuration
The service’sconfiguration
.String
display
The OpenID Connect 1.0display
parameter.String
loginHint
The OpenID Connect 1.0login_hint
parameter.String
nonce
String value used to associate a Client session with an ID Token, and to mitigate replay attacks.String
prompt
The OpenID Connect 1.0prompt
parameter.Uri
redirectUri
The client’s redirect URI.String
responseMode
Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.String
responseType
The expected response type.String
scope
The optional set of scopes expressed as a space-delimited, case-sensitive string.String
state
An opaque value used by the client to maintain state between the request and callback.String
uiLocales
The OpenID Connect 1.0ui_locales
parameter.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<String>
getClaimsLocales()
Derives the set of claims_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in theclaimsLocales
field.Set<String>
getPromptValues()
Derives the set of prompt values from the consolidated, space-delimited prompt values in theprompt
field.Set<String>
getScopeSet()
Derives the set of scopes from the consolidated, space-delimited scopes in thescope
field.String
getState()
An opaque value used by the client to maintain state between the request and callback.Set<String>
getUiLocales()
Derives the set of ui_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in theuiLocales
field.static AuthorizationRequest
jsonDeserialize(String jsonStr)
Reads an authorization request from a JSON string representation produced byjsonSerializeString()
.static AuthorizationRequest
jsonDeserialize(JSONObject json)
Reads an authorization request from a JSON string representation produced byjsonSerialize()
.JSONObject
jsonSerialize()
Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g.String
jsonSerializeString()
Produces a JSON string representation of the request for persistent storage or local transmission (e.g.Uri
toUri()
Produces a request URI, that can be used to dispatch the authorization request.
-
-
-
Field Detail
-
CODE_CHALLENGE_METHOD_S256
public static final String CODE_CHALLENGE_METHOD_S256
SHA-256 based code verifier challenge method.- See Also:
“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.3 https://tools.ietf.org/html/rfc7636#section-4.3”
, Constant Field Values
-
CODE_CHALLENGE_METHOD_PLAIN
public static final String CODE_CHALLENGE_METHOD_PLAIN
Plain-text code verifier challenge method.This is only used by AppAuth for Android if SHA-256 is not supported on this platform.
- See Also:
“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.4 https://tools.ietf.org/html/rfc7636#section-4.4”
, Constant Field Values
-
configuration
@NonNull public final AuthorizationServiceConfiguration configuration
The service’sconfiguration
.This configuration specifies how to connect to a particular OAuth provider. Configurations may be
AuthorizationServiceConfiguration(Uri, Uri, Uri, Uri)
created manually}, orAuthorizationServiceConfiguration.fetchFromUrl(Uri, AuthorizationServiceConfiguration.RetrieveConfigurationCallback)
via an OpenID Connect Discovery Document}.
-
clientId
@NonNull public final String clientId
The client identifier.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4 https://tools.ietf.org/html/rfc6749#section-4”
,“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”
-
display
@Nullable public final String display
The OpenID Connect 1.0display
parameter.This is a string that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.
- See Also:
“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
loginHint
@Nullable public final String loginHint
The OpenID Connect 1.0login_hint
parameter.This is a string hint to the Authorization Server about the login identifier the End-User might use to log in, typically collected directly from the user in an identifier-first authentication flow.
- See Also:
“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
prompt
@Nullable public final String prompt
The OpenID Connect 1.0prompt
parameter.This is a space delimited, case sensitive list of ASCII strings that specifies whether the Authorization Server prompts the End-User for re-authentication and consent.
- See Also:
AuthorizationRequest.Prompt
,“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
uiLocales
@Nullable public final String uiLocales
The OpenID Connect 1.0ui_locales
parameter.This is a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. It represents End-User’s preferred languages and scripts for the user interface.
- See Also:
“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
responseType
@NonNull public final String responseType
The expected response type.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.1 https://tools.ietf.org/html/rfc6749#section-3.1.1”
,“OpenID Connect Core 1.0, Section 3 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3”
-
redirectUri
@NonNull public final Uri redirectUri
The client’s redirect URI.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2 https://tools.ietf.org/html/rfc6749#section-3.1.2”
-
scope
@Nullable public final String scope
The optional set of scopes expressed as a space-delimited, case-sensitive string.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2 https://tools.ietf.org/html/rfc6749#section-3.1.2”
,“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.3 https://tools.ietf.org/html/rfc6749#section-3.3”
-
state
@Nullable public final String state
An opaque value used by the client to maintain state between the request and callback.If this value is not explicitly set, this library will automatically add state and perform appropriate validation of the state in the authorization response. It is recommended that the default implementation of this parameter be used wherever possible. Typically used to prevent CSRF attacks, as recommended in RFC6819 Section 5.3.5.
- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”
,“The OAuth 2.0 Authorization Framework (RFC 6749), Section 5.3.5 https://tools.ietf.org/html/rfc6749#section-5.3.5”
-
nonce
@Nullable public final String nonce
String value used to associate a Client session with an ID Token, and to mitigate replay attacks.The value is passed through unmodified from the Authentication Request to the ID Token. If this value is not explicitly set, this library will automatically add nonce and perform appropriate validation of the ID Token. It is recommended that the default implementation of this parameter be used wherever possible.
- See Also:
“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
codeVerifier
@Nullable public final String codeVerifier
The proof key for code exchange.This is an opaque value used to associate an authorization request with a subsequent code exchange, in order to prevent any eavesdropping party from intercepting and using the code before the original requestor. If PKCE is disabled due to a non-compliant authorization server which rejects requests with PKCE parameters present, this value will be
null
.- See Also:
AuthorizationRequest.Builder.setCodeVerifier(String)
,AuthorizationRequest.Builder.setCodeVerifier(String, String, String)
,“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”
-
codeVerifierChallenge
@Nullable public final String codeVerifierChallenge
The challenge derived from thecode verifier
, using thechallenge method
.If a code verifier is not being used for this request, this value will be
null
.- See Also:
AuthorizationRequest.Builder.setCodeVerifier(String)
,AuthorizationRequest.Builder.setCodeVerifier(String, String, String)
,“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”
-
codeVerifierChallengeMethod
@Nullable public final String codeVerifierChallengeMethod
The challenge method used to generate achallenge
from thecode verifier
.If a code verifier is not being used for this request, this value will be
null
.- See Also:
AuthorizationRequest.Builder.setCodeVerifier(String)
,AuthorizationRequest.Builder.setCodeVerifier(String, String, String)
,“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”
-
responseMode
@Nullable public final String responseMode
Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.This use of this parameter is not recommended when the response mode that would be requested is the default mode specified for the response type.
- See Also:
“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”
-
claims
@Nullable public final JSONObject claims
Requests that specific Claims be returned.The value is a JSON object listing the requested Claims.
- See Also:
“OpenID Connect Core 1.0, Section 5.5 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.5”
-
claimsLocales
@Nullable public final String claimsLocales
End-User’s preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.- See Also:
“OpenID Connect Core 1.0, Section 5.2 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.2”
-
additionalParameters
@NonNull public final Map<String,String> additionalParameters
Additional parameters to be passed as part of the request.- See Also:
“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1 https://tools.ietf.org/html/rfc6749#section-3.1”
-
-
Method Detail
-
getScopeSet
@Nullable public Set<String> getScopeSet()
Derives the set of scopes from the consolidated, space-delimited scopes in thescope
field.If no scopes were specified for this request, the method will return
null
.
-
getPromptValues
public Set<String> getPromptValues()
Derives the set of prompt values from the consolidated, space-delimited prompt values in theprompt
field.If no prompt values were specified for this request, the method will return
null
.
-
getUiLocales
public Set<String> getUiLocales()
Derives the set of ui_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in theuiLocales
field.If no ui_locales values were specified for this request, the method will return
null
.
-
getState
@Nullable public String getState()
Description copied from interface:AuthorizationManagementRequest
An opaque value used by the client to maintain state between the request and callback.- Specified by:
getState
in interfaceAuthorizationManagementRequest
-
getClaimsLocales
public Set<String> getClaimsLocales()
Derives the set of claims_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in theclaimsLocales
field.If no claims_locales values were specified for this request, the method will return
null
.
-
toUri
@NonNull public Uri toUri()
Produces a request URI, that can be used to dispatch the authorization request.- Specified by:
toUri
in interfaceAuthorizationManagementRequest
-
jsonSerialize
@NonNull public JSONObject jsonSerialize()
Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g.between activities).
- Specified by:
jsonSerialize
in interfaceAuthorizationManagementRequest
-
jsonSerializeString
public String jsonSerializeString()
Produces a JSON string representation of the request for persistent storage or local transmission (e.g.between activities). This method is just a convenience wrapper for
jsonSerialize()
, converting the JSON object to its string form.- Specified by:
jsonSerializeString
in interfaceAuthorizationManagementRequest
-
jsonDeserialize
@NonNull public static AuthorizationRequest jsonDeserialize(@NonNull JSONObject json) throws JSONException
Reads an authorization request from a JSON string representation produced byjsonSerialize()
.- Throws:
JSONException
- if the provided JSON does not match the expected structure.
-
jsonDeserialize
@NonNull public static AuthorizationRequest jsonDeserialize(@NonNull String jsonStr) throws JSONException
Reads an authorization request from a JSON string representation produced byjsonSerializeString()
.This method is just a convenience wrapper for
jsonDeserialize(JSONObject)
, converting the JSON string to its JSON object form.- Throws:
JSONException
- if the provided JSON does not match the expected structure.
-
-