net.openid.appauth

Class AuthorizationRequest

java.lang.Object

net.openid.appauth.AuthorizationRequest

public class AuthorizationRequest
extends Object

An OAuth2 authorization request.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 4, The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthorizationRequest.Builder Creates instances of AuthorizationRequest.
static class	AuthorizationRequest.Display All spec-defined values for the OpenID Connect 1.0 display parameter.
static class	AuthorizationRequest.Prompt All spec-defined values for the OpenID Connect 1.0 prompt parameter.
static class	AuthorizationRequest.ResponseMode All spec-defined values for the OAuth2 / OpenID Connect response_mode parameter.
static class	AuthorizationRequest.Scope All spec-defined values for the OAuth2 / OpenID Connect 1.0 scope parameter.

Field Summary

Fields

Modifier and Type	Field and Description
Map<String,String>	additionalParameters Additional parameters to be passed as part of the request.
String	clientId The client identifier.
static String	CODE_CHALLENGE_METHOD_PLAIN Plain-text code verifier challenge method.
static String	CODE_CHALLENGE_METHOD_S256 SHA-256 based code verifier challenge method.
String	codeVerifier The proof key for code exchange.
String	codeVerifierChallenge The challenge derived from the code verifier, using the challenge method.
String	codeVerifierChallengeMethod The challenge method used to generate a challenge from the code verifier.
AuthorizationServiceConfiguration	configuration The service’s configuration.
String	display The OpenID Connect 1.0 display parameter.
String	loginHint The OpenID Connect 1.0 login_hint parameter.
String	prompt The OpenID Connect 1.0 prompt parameter.
android.net.Uri	redirectUri The client’s redirect URI.
String	responseMode Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint.
String	responseType The expected response type.
String	scope The optional set of scopes expressed as a space-delimited, case-sensitive string.
String	state An opaque value used by the client to maintain state between the request and callback.

Method Summary

Modifier and Type	Method and Description
Set<String>	getPromptValues() Derives the set of prompt values from the consolidated, space-delimited prompt values in the prompt field.
Set<String>	getScopeSet() Derives the set of scopes from the consolidated, space-delimited scopes in the scope field.
static AuthorizationRequest	jsonDeserialize(org.json.JSONObject json) Reads an authorization request from a JSON string representation produced by jsonSerialize().
static AuthorizationRequest	jsonDeserialize(String jsonStr) Reads an authorization request from a JSON string representation produced by jsonSerializeString().
org.json.JSONObject	jsonSerialize() Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g.
String	jsonSerializeString() Produces a JSON string representation of the authorization request for persistent storage or local transmission (e.g.
android.net.Uri	toUri() Produces a request URI, that can be used to dispath the authorization request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CODE_CHALLENGE_METHOD_S256

public static final String CODE_CHALLENGE_METHOD_S256

SHA-256 based code verifier challenge method.

See Also:

Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.3, Constant Field Values

CODE_CHALLENGE_METHOD_PLAIN

public static final String CODE_CHALLENGE_METHOD_PLAIN

Plain-text code verifier challenge method. This is only used by AppAuth for Android if SHA-256 is not supported on this platform.

See Also:

Proof Key for Code Exchange by OAuth Public Clients (RFC 7636), Section 4.4, Constant Field Values

configuration

@NonNull
public final AuthorizationServiceConfiguration configuration

The service’s configuration. This configuration specifies how to connect to a particular OAuth provider. Configurations may be AuthorizationServiceConfiguration.AuthorizationServiceConfiguration(Uri, Uri, Uri) created manually}, or AuthorizationServiceConfiguration.fetchFromUrl(Uri, AuthorizationServiceConfiguration.RetrieveConfigurationCallback) via an OpenID Connect Discovery Document}.

clientId

@NonNull
public final String clientId

The client identifier.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 4, The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1

display

@Nullable
public final String display

The OpenID Connect 1.0 display parameter. This is a string that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.

See Also:

OpenID Connect Core 1.0, Section 3.1.2.1

loginHint

@Nullable
public final String loginHint

The OpenID Connect 1.0 login_hint parameter. This is a string hint to the Authorization Server about the login identifier the End-User might use to log in, typically collected directly from the user in an identifier-first authentication flow.

See Also:

OpenID Connect Core 1.0, Section 3.1.2.1

prompt

@Nullable
public final String prompt

The OpenID Connect 1.0 prompt parameter. This is a space delimited, case sensitive list of ASCII strings that specifies whether the Authorization Server prompts the End-User for re-authentication and consent.

See Also:

AuthorizationRequest.Prompt, OpenID Connect Core 1.0, Section 3.1.2.1

responseType

@NonNull
public final String responseType

The expected response type.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.1, OpenID Connect Core 1.0, Section 3

redirectUri

@NonNull
public final android.net.Uri redirectUri

The client’s redirect URI.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2

scope

@Nullable
public final String scope

The optional set of scopes expressed as a space-delimited, case-sensitive string.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1.2, The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.3

state

@Nullable
public final String state

An opaque value used by the client to maintain state between the request and callback. If this value is not explicitly set, this library will automatically add state and perform appropriate validation of the state in the authorization response. It is recommended that the default implementation of this parameter be used wherever possible. Typically used to prevent CSRF attacks, as recommended in RFC6819 Section 5.3.5.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 4.1.1, The OAuth 2.0 Authorization Framework (RFC 6749), Section 5.3.5

codeVerifier

@Nullable
public final String codeVerifier

The proof key for code exchange. This is an opaque value used to associate an authorization request with a subsequent code exchange, in order to prevent any eavesdropping party from intercepting and using the code before the original requestor. If PKCE is disabled due to a non-compliant authorization server which rejects requests with PKCE parameters present, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)

codeVerifierChallenge

@Nullable
public final String codeVerifierChallenge

The challenge derived from the code verifier, using the challenge method. If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)

codeVerifierChallengeMethod

@Nullable
public final String codeVerifierChallengeMethod

The challenge method used to generate a challenge from the code verifier. If a code verifier is not being used for this request, this value will be null.

See Also:

AuthorizationRequest.Builder.setCodeVerifier(String), AuthorizationRequest.Builder.setCodeVerifier(String, String, String), Proof Key for Code Exchange by OAuth Public Clients (RFC 7636)

responseMode

@Nullable
public final String responseMode

Instructs the authorization service on the mechanism to be used for returning response parameters from the authorization endpoint. This use of this parameter is not recommended when the response mode that would be requested is the default mode specified for the response type.

See Also:

OpenID Connect Core 1.0, Section 3.1.2.1

additionalParameters

@NonNull
public final Map<String,String> additionalParameters

Additional parameters to be passed as part of the request.

See Also:

The OAuth 2.0 Authorization Framework (RFC 6749), Section 3.1

Method Detail

getScopeSet

@Nullable
public Set<String> getScopeSet()

Derives the set of scopes from the consolidated, space-delimited scopes in the scope field. If no scopes were specified for this request, the method will return null.

getPromptValues

public Set<String> getPromptValues()

Derives the set of prompt values from the consolidated, space-delimited prompt values in the prompt field. If no prompt values were specified for this request, the method will return null.

toUri

@NonNull
public android.net.Uri toUri()

Produces a request URI, that can be used to dispath the authorization request.

jsonSerialize

@NonNull
public org.json.JSONObject jsonSerialize()

Produces a JSON representation of the authorization request for persistent storage or local transmission (e.g. between activities).

jsonSerializeString

public String jsonSerializeString()

Produces a JSON string representation of the authorization request for persistent storage or local transmission (e.g. between activities). This method is just a convenience wrapper for jsonSerialize(), converting the JSON object to its string form.

jsonDeserialize

@NonNull
public static AuthorizationRequest jsonDeserialize(@NonNull
                                                            org.json.JSONObject json)
                                                     throws org.json.JSONException

Reads an authorization request from a JSON string representation produced by jsonSerialize().

Throws:

org.json.JSONException - if the provided JSON does not match the expected structure.

jsonDeserialize

@NonNull
public static AuthorizationRequest jsonDeserialize(@NonNull
                                                            String jsonStr)
                                                     throws org.json.JSONException

Reads an authorization request from a JSON string representation produced by jsonSerializeString(). This method is just a convenience wrapper for jsonDeserialize(JSONObject), converting the JSON string to its JSON object form.

Throws:

org.json.JSONException - if the provided JSON does not match the expected structure.