com.auth0

Class NonceUtils

java.lang.Object

com.auth0.NonceUtils

public class NonceUtils
extends Object

Convenience Utils methods for manipulating the nonce key/value pair held in state param Used for CSRF protection - should always be sent with login request

We assign on login, and remove on successful callback completion callback request is checked for validity by correctly matching state in http request with state held in storage (library uses http session)

By using a nonce attribute in the state request param, we can also add additional attributes as needed such as externalRedirectURL for SSO scenarios etc

Field Summary

Fields

Modifier and Type	Field and Description
static String	NONCE_KEY

Constructor Summary

Constructors

Constructor and Description
NonceUtils()

Method Summary

Modifier and Type	Method and Description
static void	addNonceToStorage(javax.servlet.http.HttpServletRequest req)
static boolean	matchesNonceInStorage(javax.servlet.http.HttpServletRequest req, String stateFromRequest)
static void	removeNonceFromStorage(javax.servlet.http.HttpServletRequest req)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NONCE_KEY

public static final String NONCE_KEY

See Also:

Constant Field Values

Constructor Detail

NonceUtils

public NonceUtils()

Method Detail

addNonceToStorage

public static void addNonceToStorage(javax.servlet.http.HttpServletRequest req)

removeNonceFromStorage

public static void removeNonceFromStorage(javax.servlet.http.HttpServletRequest req)

matchesNonceInStorage

public static boolean matchesNonceInStorage(javax.servlet.http.HttpServletRequest req,
                                            String stateFromRequest)