Class TokenClient


  • public class TokenClient
    extends BaseClient<TokenRequest,​TokenResponse>
    Encapsulates functionality to make token request calls to an authorization server via REST Services.
    Version:
    September 30, 2021
    Author:
    Javier Rojas Blum
    • Constructor Detail

      • TokenClient

        public TokenClient​(String url)
        Constructs a token client by providing a REST url where the token service is located.
        Parameters:
        url - The REST Service location.
    • Method Detail

      • execAuthorizationCode

        public TokenResponse execAuthorizationCode​(String code,
                                                   String redirectUri,
                                                   String clientId,
                                                   String clientSecret)

        Executes the call to the REST Service requesting the authorization and processes the response.

        The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user- agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.

        Before directing the resource owner back to the client with the authorization code, the authorization server authenticates the resource owner and obtains authorization. Because the resource owner only authenticates with the authorization server, the resource owner's credentials are never shared with the client.

        The authorization code provides a few important security benefits such as the ability to authenticate the client, and the transmission of the access token directly to the client without passing it through the resource owner's user-agent, potentially exposing it to others, including the resource owner.

        Parameters:
        code - he authorization code received from the authorization server. This parameter is required.
        redirectUri - The redirection URI. This parameter is required.
        clientId - The client identifier.
        clientSecret - The client secret.
        Returns:
        The token response.
      • execResourceOwnerPasswordCredentialsGrant

        public TokenResponse execResourceOwnerPasswordCredentialsGrant​(String username,
                                                                       String password,
                                                                       String scope,
                                                                       String clientId,
                                                                       String clientSecret)

        Executes the call to the REST Service requesting the authorization and processes the response.

        The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as its device operating system or a highly privileged application. The authorization server should take special care when enabling this grant type, and only allow it when other flows are not viable.

        The grant type is suitable for clients capable of obtaining the resource owner's credentials (username and password, typically using an interactive form). It is also used to migrate existing clients using direct authentication schemes such as HTTP Basic or Digest authentication to OAuth by converting the stored credentials to an access token.

        Parameters:
        username - The resource owner username. This parameter is required.
        password - The resource owner password. This parameter is required.
        scope - The scope of the access request. This parameter is optional.
        clientId - The client identifier.
        clientSecret - The client secret.
        Returns:
        The token response.
      • execClientCredentialsGrant

        public TokenResponse execClientCredentialsGrant​(String scope,
                                                        String clientId,
                                                        String clientSecret)

        Executes the call to the REST Service requesting the authorization and processes the response.

        The client can request an access token using only its client credentials when the client is requesting access to the protected resources under its control, or those of another resource owner which has been previously arranged with the authorization server. The client credentials grant type must only be used by confidential clients.

        Parameters:
        scope - The scope of the access request. This parameter is optional.
        clientId - The client identifier.
        clientSecret - The client secret.
        Returns:
        The token response.
      • execExtensionGrant

        public TokenResponse execExtensionGrant​(String grantTypeUri,
                                                String assertion,
                                                String clientId,
                                                String clientSecret)

        Executes the call to the REST Service requesting the authorization and processes the response.

        The client uses an extension grant type by specifying the grant type using an absolute URI (defined by the authorization server) as the value of the grant_type parameter of the token endpoint, and by adding any additional parameters necessary.

        Parameters:
        grantTypeUri - Absolute URI.
        assertion - Assertion grant type.
        clientId - The client identifier.
        clientSecret - The client secret.
        Returns:
        The token response.
      • execRefreshToken

        public TokenResponse execRefreshToken​(String scope,
                                              String refreshToken,
                                              String clientId,
                                              String clientSecret)

        Executes the call to the REST Service requesting the authorization and processes the response.

        If the authorization server issued a refresh token to the client, the client can make a request to the token endpoint for a new access token.

        Parameters:
        scope - The scope of the access request. This value is optional.
        refreshToken - The refresh token issued to the client. This value is required.
        clientId - The client identifier.
        clientSecret - The client secret.
        Returns:
        The token response.
      • exec

        public TokenResponse exec()
        Executes the call to the REST Service and processes the response.
        Returns:
        The token response.