Package com.atlassian.oauth2.provider.api.authorization

Interface AuthorizationService

public interface AuthorizationService
Service for handling 3LO authentication

  • Method Details

    • startAuthorizationFlow

      String startAuthorizationFlow(@Nonnull String clientId, @Nonnull String redirectUri, @Nonnull Scope scope, CodeChallengeMethod codeChallengeMethod, String codeChallenge)
      Creates an authorization request
      Parameters:
      clientId - used for this authorization request
      redirectUri - the redirect uri verified when getting a token
      scope - scope used in authorization flow
      codeChallengeMethod - determines how the code verifier should be validated during PKCE. Passing `null` will disable PKCE for the flow.
      codeChallenge - the code challenge produced by transforming the legitimate code verifier (based on the code challenge method). Can be null if PKCE disabled.
      Returns:
      the code for the session

    • completeAuthorizationFlow

      AuthorizationFlowResult completeAuthorizationFlow(@Nonnull String clientId, @Nonnull String redirectUri, @Nonnull String code)
      Completes authorization flow and returns Authorization if successful
      Parameters:
      clientId - verify same client id used
      redirectUri - verify the same redirect uri as at the start of the flow
      code - verify the same code as generated at the start of the flow
      Returns:
      AuthorizationFlowResult verification result

    • getAuthorization

      Optional<Authorization> getAuthorization(@Nonnull String authorizationCode)
      fetches the Authorization object for the given code
      Parameters:
      authorizationCode - authorization code to lookup
      Returns:
      Authorization object matching the provided code

    • isPkceEnabledForAuthorization

      boolean isPkceEnabledForAuthorization(@Nonnull String authorizationCode)
      Checks if PKCE is enabled for the given authorization request. Mandatory security checks will be performed when enabled.
      Parameters:
      authorizationCode - the code provided by the authorization server
      Returns:
      true if PKCE enabled at the time of the initial authorization request

    • isPkceCodeVerifierValidAgainstAuthorization

      boolean isPkceCodeVerifierValidAgainstAuthorization(@Nonnull String codeVerifier, @Nonnull String authorizationCode)
      Checks if the provided code verifier produces the expected code challenge for the authorization associated with the provided authorization code. Used in the context of PKCE.
      Parameters:
      codeVerifier - the code verifier to check
      authorizationCode - the authorization code
      Returns:
      true if the expected code challenge is produced

    • removeExpiredAuthorizations

      void removeExpiredAuthorizations(@Nonnull Duration expirationPeriod)
      Remove expired authorizations after a expiration period
      Parameters:
      expirationPeriod - the period of time after which we remove authorisations