Class AuthenticationCallbackRequest

  • All Implemented Interfaces:
    Serializable

    public class AuthenticationCallbackRequest
    extends Object
    implements Serializable
    Authentication request from Authlete to a service implementation.

    After a client application accesses the authorization endpoint which Authlete provides for the service (/api/auth/authorization/direct/{service-api-key}) and an end-user of the service tries end-user authentication at the UI displayed at the authorization endpoint (by inputting his/her login ID and password to the input fields or by signing in an SNS such as Facebook), Authlete makes an authentication callback request to the authentication callback endpoint of the service. This class represents the format of the request.

    When the end-user tried end-user authentication by inputting his/her credentials to the input fields of the form, id and password in this authentication callback request are the values that the end-user has input.

    On the other hand, when the end-user tried end-user authentication by signing in an SNS such as Facebook, id represents the subject (unique identifier) of the end-user in the SNS and password has no meaning. In this case, sns and accessToken are not null. accessToken in this request is the value of the access token issued by the SNS which an implementation of an authentication callback endpoint may use as necessary.

    Some notes specific to respective SNSes.

    Facebook

    The value of id is unique to each Facebook application and cannot be used across different applications. If you need the third party ID, make an API call to /me endpoint with fields=third_party_id and access_token={accessToken}. See the API document of Facebook for details.

    The value of rawTokenResponse is in the form of application/x-www-form-urlencoded (not application/json). This is a violation against RFC 6749 (OAuth 2.0).

    The value of refreshToken is empty.

    The value of expiresIn is the value of expires in the response from the token endpoint of Facebook.

    Since:
    1.1
    Author:
    Takahiko Kawasaki
    See Also:
    Serialized Form
    • Constructor Detail

      • AuthenticationCallbackRequest

        public AuthenticationCallbackRequest()
    • Method Detail

      • getServiceApiKey

        public long getServiceApiKey()
        Get the API key of the target service.

        This property is always set when Authlete makes a request.

        Returns:
        The API key of the target service.
      • setServiceApiKey

        public AuthenticationCallbackRequest setServiceApiKey​(long apiKey)
        Set the API key of the target service.
        Parameters:
        apiKey - The API key of the target service.
        Returns:
        this object.
      • getClientId

        public long getClientId()
        Get the ID of the client application that triggered this authentication request.

        This property is always set when Authlete makes a request.

        Returns:
        The ID of the client application.
      • setClientId

        public AuthenticationCallbackRequest setClientId​(long clientId)
        Set the ID of the client application that triggered this authentication request.
        Parameters:
        clientId - The ID of the client application.
        Returns:
        this object.
      • getId

        public String getId()
        Get the ID of the end-user to authenticate.

        When the value of sns property is null, this property holds the value of the login ID that the end-user has entered to the login ID field in the UI of the authorization endpoint (/api/auth/authorization/direct/{service-api-key}), or the value of username request parameter to the token endpoint (/api/auth/token/direct/{service-api-key}) in the case of Resource Owner Password Credentials flow.

        On the other hand, if sns property is not null, this property holds the subject (= unique identifier) of the end-user in the SNS.

        This property is always set when Authlete makes a request.

        Returns:
        The ID of the end-user to authenticate.
      • setId

        public AuthenticationCallbackRequest setId​(String id)
        Set the ID of the end-user to authenticate.
        Parameters:
        id - The ID of the end-user to authenticate.
        Returns:
        this object.
      • getPassword

        public String getPassword()
        Get the password of the end-user to authenticate.

        This property holds the value of the password that the end-user has entered to the password field in the UI of the authorization endpoint (/api/auth/authorization/direct/{service-api-key}), or the value of password request parameter to the token endpoint (/api/auth/token/direct/{service-api-key}) in the case of Resource Owner Password Credentials flow.

        If sns property is null, it is ensured that this property is not null. In such a case, authentication should be performed on the pair of id property and this password property. On the other hand, if sns property is not null, this property has no meaning, because authentication has been performed by the SNS.

        Returns:
        The password of the end-user to authenticate.
      • setPassword

        public AuthenticationCallbackRequest setPassword​(String password)
        Set the password of the end-user to authenticate.
        Parameters:
        password - The password of the end-user to authenticate.
        Returns:
        this object.
      • getClaims

        public String[] getClaims()
        Get the list of claims requested by a client application.

        A claim is a piece of information about an end-user. Some standard claim names such as given_name and email are defined in "5.1. Standard Claims" in OpenID Connect Core 1.0. A service implementation should extract data corresponding to the claims from its database and return them to Authlete. The data will be embedded in an ID token.

        Note that a claim name may be followed by #locale. For example, family_name#ja. See "5.2. Claims Languages and Scripts" in OpenID Connect Core 1.0 for details.

        This property is null when claim data are not necessary (= when an ID token is not necessary to be generated).

        Returns:
        The list of claims requested by a client application.
      • setClaims

        public AuthenticationCallbackRequest setClaims​(String[] claims)
        Set the list of claims requested by a client application.
        Parameters:
        claims - The list of claims requested by a client application.
        Returns:
        this object.
      • getClaimsLocales

        public String[] getClaimsLocales()
        Get the list of locales for claims.

        This property holds the value of claims_locales request parameter contained in an authorization request. The values are the end-user's preferred languages and scripts for claims. See "5.2. Claims Languages and Scripts" in OpenID Connect Core 1.0 for details.

        This property is null when claim data are not necessary (= when an ID token is not necessary to be generated).

        Returns:
        The list of locales for claims.
      • setClaimsLocales

        public AuthenticationCallbackRequest setClaimsLocales​(String[] claimsLocales)
        Set the list of locales for claims.
        Parameters:
        claimsLocales - The list of locales for claims.
        Returns:
        this object.
      • getSns

        public Sns getSns()
        Get the SNS that the end-user used for social login.
        Returns:
        The SNS that the end-user used for social login. null is returned if the end-user did not use social login.
        Since:
        1.3
      • setSns

        public AuthenticationCallbackRequest setSns​(Sns sns)
        Set the SNS that the end-user used for social login.
        Parameters:
        sns - The SNS that the end-user used for social login.
        Returns:
        this object.
        Since:
        1.3
      • getAccessToken

        public String getAccessToken()
        Get the access token returned by the SNS which the end-user used for social login.
        Returns:
        The access token returned by the SNS. null is returned when social login was not used.
        Since:
        1.3
      • setAccessToken

        public AuthenticationCallbackRequest setAccessToken​(String accessToken)
        Set the access token returned by the SNS which the end-user used for social login.
        Parameters:
        accessToken - The access token returned by the SNS.
        Returns:
        this object.
        Since:
        1.3
      • getRefreshToken

        public String getRefreshToken()
        Get the refresh token returned by the SNS which the end-user used for social login.
        Returns:
        The refresh token returned by the SNS. null is returned when social login was not used or if the SNS did not return a refresh token.
        Since:
        1.3
      • setRefreshToken

        public AuthenticationCallbackRequest setRefreshToken​(String refreshToken)
        Set the refresh token returned by the SNS which the end-user used for social login.
        Parameters:
        refreshToken - The refresh token returned by the SNS.
        Returns:
        this object.
        Since:
        1.3
      • getExpiresIn

        public long getExpiresIn()
        Get the lifetime of the access token in seconds.
        Returns:
        The lifetime of the access token in seconds. 0 is returned when social login was not used of if the SNS did not return information about lifetime of the access token.
        Since:
        1.3
      • setExpiresIn

        public AuthenticationCallbackRequest setExpiresIn​(long expiresIn)
        Set the lifetime of the access token in seconds.
        Parameters:
        expiresIn - The lifetime of the access token in seconds.
        Returns:
        this object.
        Since:
        1.3
      • getRawTokenResponse

        public String getRawTokenResponse()
        Get the raw response from the token endpoint of the SNS.

        If the SNS complies with RFC 6749, the format is JSON. Note that Facebook returns application/x-www-form-urlencoded.

        Returns:
        The raw response from the token endpoint of the SNS.
        Since:
        1.3
      • setRawTokenResponse

        public AuthenticationCallbackRequest setRawTokenResponse​(String response)
        Set the raw response from the token endpoint of the SNS.
        Parameters:
        response - The raw response from the token endpoint of the SNS.
        Returns:
        this object.
        Since:
        1.3