Package net.openid.appauth

Class AuthorizationRequest

java.lang.Object

net.openid.appauth.AuthorizationRequest

All Implemented Interfaces:

AuthorizationManagementRequest

public class AuthorizationRequest
extends Object
implements AuthorizationManagementRequest

An OAuth2 authorization request.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4 https://tools.ietf.org/html/rfc6749#section-4”, “The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AuthorizationRequest.Builder	Creates instances of AuthorizationRequest.
static class	AuthorizationRequest.Display	All spec-defined values for the OpenID Connect 1.0 display parameter.
static class	AuthorizationRequest.Prompt	All spec-defined values for the OpenID Connect 1.0 prompt parameter.
static class	AuthorizationRequest.ResponseMode	All spec-defined values for the OAuth2 / OpenID Connect response_mode parameter.
static class	AuthorizationRequest.Scope	All spec-defined values for the OAuth2 / OpenID Connect 1.0 scope parameter.

Field Summary

Fields

Modifier and Type	Field	Description
Map<String,String>	additionalParameters	Additional parameters to be passed as part of the request.
JSONObject	claims	Requests that specific Claims be returned.
String	claimsLocales	End-User’s preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.
String	clientId	The client identifier.
static String	CODE_CHALLENGE_METHOD_PLAIN	Plain-text code verifier challenge method.
static String	CODE_CHALLENGE_METHOD_S256	SHA-256 based code verifier challenge method.
String	codeVerifier	The proof key for code exchange.
String	codeVerifierChallenge	The challenge derived from the code verifier, using the challenge method.
String	codeVerifierChallengeMethod	The challenge method used to generate a challenge from the code verifier.
AuthorizationServiceConfiguration	configuration	The service’s configuration.
String	display	The OpenID Connect 1.0 display parameter.
String	loginHint	The OpenID Connect 1.0 login_hint parameter.
String	nonce	String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
String	prompt	The OpenID Connect 1.0 prompt parameter.
Uri	redirectUri	The client’s redirect URI.
String	responseMode	Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.
String	responseType	The expected response type.
String	scope	The optional set of scopes expressed as a space-delimited, case-sensitive string.
String	state	An opaque value used by the client to maintain state between the request and callback.
String	uiLocales	The OpenID Connect 1.0 ui_locales parameter.

Method Summary

Modifier and Type	Method	Description
Set<String>	getClaimsLocales()	Derives the set of claims_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in the claimsLocales field.
Set<String>	getPromptValues()	Derives the set of prompt values from the consolidated, space-delimited prompt values in the prompt field.
Set<String>	getScopeSet()	Derives the set of scopes from the consolidated, space-delimited scopes in the scope field.
String	getState()	An opaque value used by the client to maintain state between the request and callback.
Set<String>	getUiLocales()	Derives the set of ui_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in the uiLocales field.
static AuthorizationRequest	jsonDeserialize(String jsonStr)	Reads an authorization request from a JSON string representation produced by jsonSerializeString().
static AuthorizationRequest	jsonDeserialize(JSONObject json)	Reads an authorization request from a JSON string representation produced by jsonSerialize().
JSONObject	jsonSerialize()	Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g.
String	jsonSerializeString()	Produces a JSON string representation of the request for persistent storage or local transmission (e.g.
Uri	toUri()	Produces a request URI, that can be used to dispatch the authorization request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CODE_CHALLENGE_METHOD_S256

public static final String CODE_CHALLENGE_METHOD_S256

SHA-256 based code verifier challenge method.

See Also:

“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.3 https://tools.ietf.org/html/rfc7636#section-4.3”, Constant Field Values

CODE_CHALLENGE_METHOD_PLAIN

public static final String CODE_CHALLENGE_METHOD_PLAIN

Plain-text code verifier challenge method.

This is only used by AppAuth for Android if SHA-256 is not supported on this platform.

See Also:

“Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.4 https://tools.ietf.org/html/rfc7636#section-4.4”, Constant Field Values

configuration

@NonNull
public final AuthorizationServiceConfiguration configuration

The service’s configuration.

This configuration specifies how to connect to a particular OAuth provider. Configurations may be AuthorizationServiceConfiguration(Uri, Uri, Uri, Uri) created manually}, or AuthorizationServiceConfiguration.fetchFromUrl(Uri, AuthorizationServiceConfiguration.RetrieveConfigurationCallback) via an OpenID Connect Discovery Document}.

clientId

@NonNull
public final String clientId

The client identifier.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4 https://tools.ietf.org/html/rfc6749#section-4”, “The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”

display

@Nullable
public final String display

The OpenID Connect 1.0 display parameter.

This is a string that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.

See Also:

“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

loginHint

@Nullable
public final String loginHint

The OpenID Connect 1.0 login_hint parameter.

This is a string hint to the Authorization Server about the login identifier the End-User might use to log in, typically collected directly from the user in an identifier-first authentication flow.

See Also:

“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

prompt

@Nullable
public final String prompt

The OpenID Connect 1.0 prompt parameter.

This is a space delimited, case sensitive list of ASCII strings that specifies whether the Authorization Server prompts the End-User for re-authentication and consent.

See Also:

AuthorizationRequest.Prompt, “OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

uiLocales

@Nullable
public final String uiLocales

The OpenID Connect 1.0 ui_locales parameter.

This is a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. It represents End-User’s preferred languages and scripts for the user interface.

See Also:

“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

responseType

@NonNull
public final String responseType

The expected response type.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.1 https://tools.ietf.org/html/rfc6749#section-3.1.1”, “OpenID Connect Core 1.0, Section 3 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3”

redirectUri

@NonNull
public final Uri redirectUri

The client’s redirect URI.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2 https://tools.ietf.org/html/rfc6749#section-3.1.2”

scope

@Nullable
public final String scope

The optional set of scopes expressed as a space-delimited, case-sensitive string.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2 https://tools.ietf.org/html/rfc6749#section-3.1.2”, “The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.3 https://tools.ietf.org/html/rfc6749#section-3.3”

state

@Nullable
public final String state

An opaque value used by the client to maintain state between the request and callback.

If this value is not explicitly set, this library will automatically add state and perform appropriate validation of the state in the authorization response. It is recommended that the default implementation of this parameter be used wherever possible. Typically used to prevent CSRF attacks, as recommended in RFC6819 Section 5.3.5.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1 https://tools.ietf.org/html/rfc6749#section-4.1.1”, “The OAuth 2.0 Authorization Framework (RFC 6749), Section 5.3.5 https://tools.ietf.org/html/rfc6749#section-5.3.5”

nonce

@Nullable
public final String nonce

String value used to associate a Client session with an ID Token, and to mitigate replay attacks.

The value is passed through unmodified from the Authentication Request to the ID Token. If this value is not explicitly set, this library will automatically add nonce and perform appropriate validation of the ID Token. It is recommended that the default implementation of this parameter be used wherever possible.

See Also:

“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

codeVerifier

@Nullable
public final String codeVerifier

The proof key for code exchange.

This is an opaque value used to associate an authorization request with a subsequent code exchange, in order to prevent any eavesdropping party from intercepting and using the code before the original requestor. If PKCE is disabled due to a non-compliant authorization server which rejects requests with PKCE parameters present, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), “Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”

codeVerifierChallenge

@Nullable
public final String codeVerifierChallenge

The challenge derived from the code verifier, using the challenge method.

If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), “Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”

codeVerifierChallengeMethod

@Nullable
public final String codeVerifierChallengeMethod

The challenge method used to generate a challenge from the code verifier.

If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), “Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) https://tools.ietf.org/html/rfc7636”

responseMode

@Nullable
public final String responseMode

Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.

This use of this parameter is not recommended when the response mode that would be requested is the default mode specified for the response type.

See Also:

“OpenID Connect Core 1.0, Section 3.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1”

claims

@Nullable
public final JSONObject claims

Requests that specific Claims be returned.

The value is a JSON object listing the requested Claims.

See Also:

“OpenID Connect Core 1.0, Section 5.5 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.5”

claimsLocales

@Nullable
public final String claimsLocales

End-User’s preferred languages and scripts for Claims being returned, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference.

See Also:

“OpenID Connect Core 1.0, Section 5.2 https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.5.2”

additionalParameters

@NonNull
public final Map<String,String> additionalParameters

Additional parameters to be passed as part of the request.

See Also:

“The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1 https://tools.ietf.org/html/rfc6749#section-3.1”

Method Detail

getScopeSet

@Nullable
public Set<String> getScopeSet()

Derives the set of scopes from the consolidated, space-delimited scopes in the scope field.

If no scopes were specified for this request, the method will return null.

getPromptValues

public Set<String> getPromptValues()

Derives the set of prompt values from the consolidated, space-delimited prompt values in the prompt field.

If no prompt values were specified for this request, the method will return null.

getUiLocales

public Set<String> getUiLocales()

Derives the set of ui_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in the uiLocales field.

If no ui_locales values were specified for this request, the method will return null.

getState

@Nullable
public String getState()

Description copied from interface: AuthorizationManagementRequest

An opaque value used by the client to maintain state between the request and callback.

Specified by:

getState in interface AuthorizationManagementRequest

getClaimsLocales

public Set<String> getClaimsLocales()

Derives the set of claims_locales values from the consolidated, space-separated list of BCP47 [RFC5646] language tag values in the claimsLocales field.

If no claims_locales values were specified for this request, the method will return null.

toUri

@NonNull
public Uri toUri()

Produces a request URI, that can be used to dispatch the authorization request.

Specified by:

toUri in interface AuthorizationManagementRequest

jsonSerialize

@NonNull
public JSONObject jsonSerialize()

Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g.

between activities).

Specified by:

jsonSerialize in interface AuthorizationManagementRequest

jsonSerializeString

public String jsonSerializeString()

Produces a JSON string representation of the request for persistent storage or local transmission (e.g.

between activities). This method is just a convenience wrapper for jsonSerialize(), converting the JSON object to its string form.

Specified by:

jsonSerializeString in interface AuthorizationManagementRequest

jsonDeserialize

@NonNull
public static AuthorizationRequest jsonDeserialize(@NonNull
                                                   JSONObject json)
                                            throws JSONException

Reads an authorization request from a JSON string representation produced by jsonSerialize().

Throws:

JSONException - if the provided JSON does not match the expected structure.

jsonDeserialize

@NonNull
public static AuthorizationRequest jsonDeserialize(@NonNull
                                                   String jsonStr)
                                            throws JSONException

Reads an authorization request from a JSON string representation produced by jsonSerializeString().

This method is just a convenience wrapper for jsonDeserialize(JSONObject), converting the JSON string to its JSON object form.

Throws:

JSONException - if the provided JSON does not match the expected structure.