Package com.authlete.common.dto

Class DeviceVerificationRequest

  • All Implemented Interfaces:
    Serializable
    public class DeviceVerificationRequest
extends Object
implements Serializable
    Request to Authlete's /api/device/verification API. The API is used to get information associated with a user code.

    A response from the device authorization endpoint of the authorization server is JSON which contains the following response parameters (excerpted from "3.2. Device Authorization Response" of RFC 8628 OAuth 2.0 Device Authorization Grant).

    parameter description
    device_code REQUIRED. The device verification code.
    user_code REQUIRED. The end-user verification code.
    verification_uri REQUIRED. The end-user verification URI on the authorization server. The URI should be short and easy to remember as end users will be asked to manually type it into their user-agent.
    verification_uri_complete OPTIONAL. A verification URI that includes the "user_code" (or other information with the same function as the "user_code"), designed for non-textual transmission.
    expires_in REQUIRED. The lifetime in seconds of the "device_code" and "user_code".
    interval OPTIONAL. The minimum amount of time in seconds that the client SHOULD wait between polling requests to the token endpoint. If no value is provided, clients MUST use 5 as the default.

    The following is an example of device authorization response. 

     HTTP/1.1 200 OK
 Content-Type: application/json
 Cache-Control: no-store

 {
   "device_code": "GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS",
   "user_code": "WDJB-MJHT",
   "verification_uri": "https://example.com/device",
   "verification_uri_complete":
       "https://example.com/device?user_code=WDJB-MJHT",
   "expires_in": 1800,
   "interval": 5
 }

    After receiving a response from the device authorization endpoint of the authorization server, the client application shows the end-user the user code and the verification URI which are included in the device authorization response. Then, the end-user will access the verification URI using a web browser on another device (typically, a smart phone). In normal implementations, the verification endpoint will return an HTML page with an input form where the end-user inputs a user code. The authorization server will receive a user code from the form.

    After receiving a user code, the authorization server should call Authlete's /api/device/verification API with the user code. The API will return information associated with the user code such as client information and requested scopes. Using the information, the authorization server should generate an HTML page that confirms the end-user's consent and send the page back to the web browser.

    Since:
    2.42
    See Also:
    Serialized Form

    • Constructor Detail

      • DeviceVerificationRequest

        public DeviceVerificationRequest()

    • Method Detail

      • getUserCode

        public String getUserCode()
        Get the user code.
        Returns:
        The user code.

      • setUserCode

        public DeviceVerificationRequest setUserCode​(String userCode)
        Set the user code.
        Parameters:
        userCode - The user code.
        Returns:
        this object.