net.openid.appauth

Class AuthorizationRequest

java.lang.Object

net.openid.appauth.AuthorizationRequest

public class AuthorizationRequest
extends Object

An OAuth2 authorization request.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 4, "The OAuth 2.0 Authorization Framework" (RFC 6749), Section 4.1.1

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthorizationRequest.Builder Creates instances of AuthorizationRequest.

Field Summary

Fields

Modifier and Type	Field and Description
Map<String,String>	additionalParameters Additional parameters to be passed as part of the request.
String	clientId The client identifier.
static String	CODE_CHALLENGE_METHOD_PLAIN Plain-text code verifier challenge method.
static String	CODE_CHALLENGE_METHOD_S256 SHA-256 based code verifier challenge method.
String	codeVerifier The proof key for code exchange.
String	codeVerifierChallenge The challenge derived from the code verifier, using the challenge method.
String	codeVerifierChallengeMethod The challenge method used to generate a challenge from the code verifier.
AuthorizationServiceConfiguration	configuration The service's configuration.
Uri	redirectUri The client's redirect URI.
static String	RESPONSE_MODE_FRAGMENT Instructs the authorization server to send response parameters using the fragment portion of the redirect URI.
static String	RESPONSE_MODE_QUERY Instructs the authorization server to send response parameters using the query portion of the redirect URI.
static String	RESPONSE_TYPE_CODE For requesting an authorization code.
static String	RESPONSE_TYPE_TOKEN For requesting an access token via an implicit grant.
String	responseMode Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.
String	responseType The expected response type.
String	scope The optional set of scopes expressed as a space-delimited, case-sensitive string.
static String	SCOPE_ADDRESS A scope for the authenticated user's mailing address.
static String	SCOPE_EMAIL A scope for the authenticated user's email address.
static String	SCOPE_OPENID A scope for OpenID based authorization.
static String	SCOPE_PHONE A scope for the authenticated user's phone number.
static String	SCOPE_PROFILE A scope for the authenticated user's basic profile information.
String	state An opaque value used by the client to maintain state between the request and callback.

Method Summary

Modifier and Type	Method and Description
static AuthorizationRequest	fromJson(JSONObject json) Reads an Authorization request from a JSON representation produced by toJson().
static AuthorizationRequest	fromJson(String jsonStr) Reads an Authorization request from a JSON string representation produced by toJsonString().
Set<String>	getScopeSet() Derives the set of scopes from the consolidated, space-delimited scopes in the scope field.
JSONObject	toJson() Produces a JSON representation of the request for storage or transmission.
String	toJsonString() Produces a JSON string representation of the request for storage or transmission.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESPONSE_MODE_QUERY

public static final String RESPONSE_MODE_QUERY

Instructs the authorization server to send response parameters using the query portion of the redirect URI.

See Also:

"OAuth 2.0 Multiple Response Type Encoding Practices", Section 2.1, Constant Field Values

RESPONSE_MODE_FRAGMENT

public static final String RESPONSE_MODE_FRAGMENT

Instructs the authorization server to send response parameters using the fragment portion of the redirect URI.

See Also:

"OAuth 2.0 Multiple Response Type Encoding Practices", Section 2.1, Constant Field Values

RESPONSE_TYPE_CODE

public static final String RESPONSE_TYPE_CODE

For requesting an authorization code.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.1.1, Constant Field Values

RESPONSE_TYPE_TOKEN

public static final String RESPONSE_TYPE_TOKEN

For requesting an access token via an implicit grant.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.1.1, Constant Field Values

SCOPE_OPENID

public static final String SCOPE_OPENID

A scope for OpenID based authorization.

See Also:

"OpenID Connect Core 1.0", Section 3.1.2.1, Constant Field Values

SCOPE_PROFILE

public static final String SCOPE_PROFILE

A scope for the authenticated user's basic profile information.

See Also:

"OpenID Connect Core 1.0", Section 5.4, Constant Field Values

SCOPE_EMAIL

public static final String SCOPE_EMAIL

A scope for the authenticated user's email address.

See Also:

"OpenID Connect Core 1.0", Section 5.4, Constant Field Values

SCOPE_ADDRESS

public static final String SCOPE_ADDRESS

A scope for the authenticated user's mailing address.

See Also:

"OpenID Connect Core 1.0", Section 5.4, Constant Field Values

SCOPE_PHONE

public static final String SCOPE_PHONE

A scope for the authenticated user's phone number.

See Also:

"OpenID Connect Core 1.0", Section 5.4, Constant Field Values

CODE_CHALLENGE_METHOD_S256

public static final String CODE_CHALLENGE_METHOD_S256

SHA-256 based code verifier challenge method.

See Also:

"Proof Key for Code Exchange by OAuth Public Clients" (RFC 7636), Section 4.4, Constant Field Values

CODE_CHALLENGE_METHOD_PLAIN

public static final String CODE_CHALLENGE_METHOD_PLAIN

Plain-text code verifier challenge method. This is only used by AppAuth for Android if SHA-256 is not supported on this platform.

See Also:

"Proof Key for Code Exchange by OAuth Public Clients" (RFC 7636), Section 4.4, Constant Field Values

configuration

@NonNull
public final AuthorizationServiceConfiguration configuration

The service's configuration. This configuration specifies how to connect to a particular OAuth provider. Configurations may be AuthorizationServiceConfiguration.AuthorizationServiceConfiguration(Uri, Uri) created manually}, or AuthorizationServiceConfiguration.fetchFromUrl(Uri, AuthorizationServiceConfiguration.RetrieveConfigurationCallback) via an OpenID Connect Discovery Document}.

clientId

@NonNull
public final String clientId

The client identifier.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 4, "The OAuth 2.0 Authorization Framework" (RFC 6749), Section 4.1.1

responseType

@NonNull
public final String responseType

The expected response type.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.1.1, "OpenID Connect Core 1.0", Section 3

redirectUri

@NonNull
public final Uri redirectUri

The client's redirect URI.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.1.2

scope

@Nullable
public final String scope

The optional set of scopes expressed as a space-delimited, case-sensitive string.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.3

state

@Nullable
public final String state

An opaque value used by the client to maintain state between the request and callback. If this value is not explicitly set, this library will automatically add state and perform appropriate validation of the state in the authorization response. It is recommended that the default implementation of this parameter be used wherever possible. Typically used to prevent CSRF attacks, as recommended in RFC6819 Section 5.3.5.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 4.1.1, "The OAuth 2.0 Authorization Framework" (RFC 6749), Section 5.3.5

codeVerifier

@Nullable
public final String codeVerifier

The proof key for code exchange. This is an opaque value used to associate an authorization request with a subsequent code exchange, in order to prevent any eavesdropping party from intercepting and using the code before the original requestor. If PKCE is disabled due to a non-compliant authorization server which rejects requests with PKCE parameters present, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), "Proof Key for Code Exchange by OAuth Public Clients" (RFC 7636)

codeVerifierChallenge

@Nullable
public final String codeVerifierChallenge

The challenge derived from the code verifier, using the challenge method. If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), "Proof Key for Code Exchange by OAuth Public Clients" (RFC 7636)

codeVerifierChallengeMethod

@Nullable
public final String codeVerifierChallengeMethod

The challenge method used to generate a challenge from the code verifier. If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), "Proof Key for Code Exchange by OAuth Public Clients" (RFC 7636)

responseMode

@Nullable
public final String responseMode

Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint. This use of this parameter is not recommended when the response mode that would be requested is the default mode specified for the response type.

See Also:

"OpenID Connect Core 1.0", Section 3.1.2.1

additionalParameters

@NonNull
public final Map<String,String> additionalParameters

Additional parameters to be passed as part of the request.

See Also:

"The OAuth 2.0 Authorization Framework" (RFC 6749), Section 3.1

Method Detail

getScopeSet

@Nullable
public Set<String> getScopeSet()

Derives the set of scopes from the consolidated, space-delimited scopes in the scope field. If no scopes were specified for this request, the method will return null.

toJson

@NonNull
public JSONObject toJson()

Produces a JSON representation of the request for storage or transmission.

toJsonString

public String toJsonString()

Produces a JSON string representation of the request for storage or transmission.

fromJson

@NonNull
public static AuthorizationRequest fromJson(@NonNull
                                                     String jsonStr)
                                              throws JSONException

Reads an Authorization request from a JSON string representation produced by toJsonString().

Throws:

JSONException - if the provided JSON does not match the expected structure.

fromJson

@NonNull
public static AuthorizationRequest fromJson(@NonNull
                                                     JSONObject json)
                                              throws JSONException

Reads an Authorization request from a JSON representation produced by toJson().

Throws:

JSONException - if the provided JSON does not match the expected structure.