Interface AuthorizeRestWebService
-
- All Known Implementing Classes:
AuthorizeRestWebServiceImpl
public interface AuthorizeRestWebServiceProvides interface for request authorization through REST web services.
An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token.
- Version:
- October 7, 2019
- Author:
- Javier Rojas Blum
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description jakarta.ws.rs.core.ResponserequestAuthorizationGet(java.lang.String scope, java.lang.String responseType, java.lang.String clientId, java.lang.String redirectUri, java.lang.String state, java.lang.String responseMode, java.lang.String nonce, java.lang.String display, java.lang.String prompt, java.lang.Integer maxAge, java.lang.String uiLocales, java.lang.String idTokenHint, java.lang.String loginHint, java.lang.String acrValues, java.lang.String amrValues, java.lang.String request, java.lang.String requestUri, java.lang.String sessionId, java.lang.String originHeaders, java.lang.String codeChallenge, java.lang.String codeChallengeMethod, java.lang.String customResponseHeaders, java.lang.String claims, java.lang.String authReqId, jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.ws.rs.core.SecurityContext securityContext)Requests authorization.jakarta.ws.rs.core.ResponserequestAuthorizationPost(java.lang.String scope, java.lang.String responseType, java.lang.String clientId, java.lang.String redirectUri, java.lang.String state, java.lang.String responseMode, java.lang.String nonce, java.lang.String display, java.lang.String prompt, java.lang.Integer maxAge, java.lang.String uiLocales, java.lang.String idTokenHint, java.lang.String loginHint, java.lang.String acrValues, java.lang.String amrValues, java.lang.String request, java.lang.String requestUri, java.lang.String sessionId, java.lang.String originHeaders, java.lang.String codeChallenge, java.lang.String codeChallengeMethod, java.lang.String customResponseHeaders, java.lang.String claims, java.lang.String authReqId, jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.ws.rs.core.SecurityContext securityContext)
-
-
-
Method Detail
-
requestAuthorizationGet
@GET @Path("/authorize") @Produces("text/plain") jakarta.ws.rs.core.Response requestAuthorizationGet(@QueryParam("scope") java.lang.String scope, @QueryParam("response_type") java.lang.String responseType, @QueryParam("client_id") java.lang.String clientId, @QueryParam("redirect_uri") java.lang.String redirectUri, @QueryParam("state") java.lang.String state, @QueryParam("response_mode") java.lang.String responseMode, @QueryParam("nonce") java.lang.String nonce, @QueryParam("display") java.lang.String display, @QueryParam("prompt") java.lang.String prompt, @QueryParam("max_age") java.lang.Integer maxAge, @QueryParam("ui_locales") java.lang.String uiLocales, @QueryParam("id_token_hint") java.lang.String idTokenHint, @QueryParam("login_hint") java.lang.String loginHint, @QueryParam("acr_values") java.lang.String acrValues, @QueryParam("amr_values") java.lang.String amrValues, @QueryParam("request") java.lang.String request, @QueryParam("request_uri") java.lang.String requestUri, @QueryParam("session_id") java.lang.String sessionId, @QueryParam("origin_headers") java.lang.String originHeaders, @QueryParam("code_challenge") java.lang.String codeChallenge, @QueryParam("code_challenge_method") java.lang.String codeChallengeMethod, @QueryParam("custom_response_headers") java.lang.String customResponseHeaders, @QueryParam("claims") java.lang.String claims, @QueryParam("auth_req_id") java.lang.String authReqId, @Context jakarta.servlet.http.HttpServletRequest httpRequest, @Context jakarta.servlet.http.HttpServletResponse httpResponse, @Context jakarta.ws.rs.core.SecurityContext securityContext)Requests authorization.- Parameters:
scope- The scope of the access request.responseType- The response type informs the authorization server of the desired response type: code, token, id_token a combination of them. The response type parameter is mandatory.clientId- The client identifier.redirectUri- Redirection URIstate- An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter should be used for preventing cross-site request forgery.responseMode- Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED when the Response Mode that would be requested is the default mode specified for the Response Type.nonce- A string value used to associate a user agent session with an ID Token, and to mitigate replay attacks.display- An ASCII string value that specifies how the Authorization Server displays the authentication page to the End-User.prompt- A space delimited list of ASCII strings that can contain the values login, consent, select_account, and none.maxAge- Maximum Authentication Age. Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated.uiLocales- End-User's preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.idTokenHint- Previously issued ID Token passed to the Authorization Server as a hint about the End-User's current or past authenticated session with the Client.loginHint- Hint to the Authorization Server about the login identifier the End-User might use to log in (if necessary).acrValues- Requested Authentication Context Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference.amrValues- Requested Authentication Methods References. JSON array of strings that are identifiers for authentication methods used in the authentication. For instance, values might indicate that both password and OTP authentication methods were used. The definition of particular values to be used in the amr Claim is beyond the scope of this specification.The amr value is an array of case sensitive strings.request- A JWT encoded OpenID Request Object.requestUri- An URL that points to an OpenID Request Object.sessionId- session idoriginHeaders-codeChallenge- PKCE code challengecodeChallengeMethod- PKCE code challenge methodauthReqId- A unique identifier to identify the CIBA authentication request made by the Client.httpRequest- http requestsecurityContext- An injectable interface that provides access to security related information.- Returns:
When the responseType parameter is set to code:
If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the redirection URI using the application/x-www-form-urlencoded format:
- code
- The authorization code generated by the authorization server.
- state
- If the state parameter was present in the client authorization request. The exact value received from the client.
When the responseType parameter is set to token:
If the resource owner grants the access request, the authorization server issues an access token and delivers it to the client by adding the following parameters to the fragment component of the redirection URI using the application/x-www-form-urlencoded format.
- access_token
- The access token issued by the authorization server.
- token_type
- The type of the token issued. Value is case insensitive.
- expires_in
- The lifetime in seconds of the access token. For example, the value 3600 denotes that the access token will expire in one hour from the time the response was generated.
- scope
- The scope of the access token.
- state
- If the state parameter was present in the client authorization request. The exact value received from the client.
-
requestAuthorizationPost
@POST @Path("/authorize") @Produces("text/plain") jakarta.ws.rs.core.Response requestAuthorizationPost(@FormParam("scope") java.lang.String scope, @FormParam("response_type") java.lang.String responseType, @FormParam("client_id") java.lang.String clientId, @FormParam("redirect_uri") java.lang.String redirectUri, @FormParam("state") java.lang.String state, @QueryParam("response_mode") java.lang.String responseMode, @FormParam("nonce") java.lang.String nonce, @FormParam("display") java.lang.String display, @FormParam("prompt") java.lang.String prompt, @FormParam("max_age") java.lang.Integer maxAge, @FormParam("ui_locales") java.lang.String uiLocales, @FormParam("id_token_hint") java.lang.String idTokenHint, @FormParam("login_hint") java.lang.String loginHint, @FormParam("acr_values") java.lang.String acrValues, @FormParam("amr_values") java.lang.String amrValues, @FormParam("request") java.lang.String request, @FormParam("request_uri") java.lang.String requestUri, @FormParam("session_id") java.lang.String sessionId, @FormParam("origin_headers") java.lang.String originHeaders, @QueryParam("code_challenge") java.lang.String codeChallenge, @QueryParam("code_challenge_method") java.lang.String codeChallengeMethod, @QueryParam("custom_response_headers") java.lang.String customResponseHeaders, @QueryParam("claims") java.lang.String claims, @QueryParam("auth_req_id") java.lang.String authReqId, @Context jakarta.servlet.http.HttpServletRequest httpRequest, @Context jakarta.servlet.http.HttpServletResponse httpResponse, @Context jakarta.ws.rs.core.SecurityContext securityContext)
-
-