com.authlete.common.dto

Class AuthorizationIssueResponse

java.lang.Object

com.authlete.common.dto.ApiResponse

com.authlete.common.dto.AuthorizationIssueResponse

All Implemented Interfaces:

Serializable

public class AuthorizationIssueResponse
extends ApiResponse

Response from Authlete's /auth/authorization/issue API.

Authlete's /auth/authorization/issue API returns JSON which can be mapped to this class. The service implementation should retrieve the value of "action" from the response and take the following steps according to the value.

INTERNAL_SERVER_ERROR

When the value of "action" is "INTERNAL_SERVER_ERROR", it means that the request from the service implementation (AuthorizationIssueRequest) was wrong or that an error occurred in Authlete.

In either case, from the viewpoint of the client application, it is an error on the server side. Therefore, the service implementation should generate a response to the client application with the HTTP status of "500 Internal Server Error".

getResponseContent() returns a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the service implementation should generate and return to the client application.

 HTTP/1.1 500 Internal Server Error
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

BAD_REQUEST

When the value of "action" is "BAD_REQUEST", it means that the ticket is no longer valid (deleted or expired) and that the reason of the invalidity was probably due to the end-user's too-delayed response to the authorization UI.

The HTTP status of the response returned to the client application should be "400 Bad Request" and the content type should be "application/json" although OAuth 2.0 specification does not mention the format of the error response.

getResponseContent() returns a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the service implementation should generate and return to the client application.

 HTTP/1.1 400 Bad Request
 Content-Type: application/json
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

LOCATION

When the value of "action" is "LOCATION", it means that the response to the client application should be "302 Found" with "Location" header.

getResponseContent() returns a redirect URI which contains (1) an authorization code, an ID token and/or an access token (on success) or (2) an error code (on failure), so it can be used as the value of "Location" header.

The following illustrates the response which the service implementation should generate and return to the client application.

 HTTP/1.1 302 Found
 Location: (The value returned from getResponseContent())
 Cache-Control: no-store
 Pragma: no-cache

FORM

When the value of "action" is "FORM", it means that the response to the client application should be "200 OK" with an HTML which triggers redirection by JavaScript. This happens when the authorization request from the client contains response_mode=form_post request parameter.

getResponseContent() returns an HTML which satisfies the requirements of response_mode=form_post, so it can be used as the entity body of the response.

The following illustrates the response which the service implementation should generate and return to the client application.

 HTTP/1.1 200 OK
 Content-Type: text/html;charset=UTF-8
 Cache-Control: no-store
 Pragma: no-cache

 (The value returned from getResponseContent())

Author:

Takahiko Kawasaki

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthorizationIssueResponse.Action The next action that the service implementation should take.

Constructor Summary

Constructors

Constructor and Description
AuthorizationIssueResponse()

Method Summary

Modifier and Type	Method and Description
String	getAccessToken() Get the access token.
long	getAccessTokenDuration() Get the duration of the access token in seconds.
long	getAccessTokenExpiresAt() Get the date in milliseconds since the Unix epoch at which the access token will expire.
AuthorizationIssueResponse.Action	getAction() Get the next action that the service implementation should take.
String	getAuthorizationCode() Get the newly issued authorization code.
String	getIdToken() Get the newly issued ID token.
String	getJwtAccessToken() Get the newly issued access token in JWT format.
String	getResponseContent() Get the response content which can be used as the entity body of the response returned to the client application.
void	setAccessToken(String accessToken) Set the access token.
void	setAccessTokenDuration(long duration) Set the duration of the access token in seconds.
void	setAccessTokenExpiresAt(long expiresAt) Set the date in milliseconds since the Unix epoch at which the access token will expire.
void	setAction(AuthorizationIssueResponse.Action action) Set the next action that the service implementation should take.
void	setAuthorizationCode(String code) Set the newly issued authorization code.
void	setIdToken(String idToken) Set the newly issued ID token.
void	setJwtAccessToken(String jwtAccessToken) Set the newly issued access token in JWT format.
void	setResponseContent(String content) Set the response content which can be used as the entity body of the response returned to the client application.
String	summarize() Get the summary of this instance.

Methods inherited from class com.authlete.common.dto.ApiResponse

getResultCode, getResultMessage, setResultCode, setResultMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationIssueResponse

public AuthorizationIssueResponse()

Method Detail

getAction

public AuthorizationIssueResponse.Action getAction()

Get the next action that the service implementation should take.

setAction

public void setAction(AuthorizationIssueResponse.Action action)

Set the next action that the service implementation should take.

getResponseContent

public String getResponseContent()

Get the response content which can be used as the entity body of the response returned to the client application.

setResponseContent

public void setResponseContent(String content)

Set the response content which can be used as the entity body of the response returned to the client application.

getAccessToken

public String getAccessToken()

Get the access token. An access token is issued when the response_type request parameter of the authorization request includes token.

If the service is configured to issue JWT-based access tokens, a JWT-based access token is issued additionally. In the case, getJwtAccessToken() returns the JWT-based access token.

Returns:

The newly issued access token. If an access token is not issued, this method returns null.

Since:

1.34

See Also:

getJwtAccessToken()

setAccessToken

public void setAccessToken(String accessToken)

Set the access token.

Parameters:

accessToken - The newly issued access token.

Since:

1.34

getAccessTokenExpiresAt

public long getAccessTokenExpiresAt()

Get the date in milliseconds since the Unix epoch at which the access token will expire.

Returns:

The date at which the access token will expire. If an access token is not issued, this method returns 0.

Since:

1.34

setAccessTokenExpiresAt

public void setAccessTokenExpiresAt(long expiresAt)

Set the date in milliseconds since the Unix epoch at which the access token will expire.

Parameters:

expiresAt - The date at which the access token will expire.

Since:

1.34

getAccessTokenDuration

public long getAccessTokenDuration()

Get the duration of the access token in seconds.

Returns:

The duration of the access token in seconds.

Since:

1.34

setAccessTokenDuration

public void setAccessTokenDuration(long duration)

Set the duration of the access token in seconds.

Parameters:

duration - The duration of the access token in seconds.

Since:

1.34

getIdToken

public String getIdToken()

Get the newly issued ID token. An ID token is issued when the response_type request parameter of the authorization request includes id_token.

Returns:

The newly issued ID token. If an ID token is not issued, this method returns null.

Since:

1.34

setIdToken

public void setIdToken(String idToken)

Set the newly issued ID token.

Parameters:

idToken - The newly issued ID token.

Since:

1.34

getAuthorizationCode

public String getAuthorizationCode()

Get the newly issued authorization code. An authorization code is issued when the response_type request parameter of the authorization request includes code.

Returns:

The newly issued authorization code. If an authorization code is not issued, this method returns null.

Since:

1.34

setAuthorizationCode

public void setAuthorizationCode(String code)

Set the newly issued authorization code.

Parameters:

code - The newly issued authorization code.

Since:

1.34

getJwtAccessToken

public String getJwtAccessToken()

Get the newly issued access token in JWT format.

If the authorization server is configured to issue JWT-based access tokens (= if Service.getAccessTokenSignAlg() returns a non-null value), a JWT-based access token is issued along with the original random-string one.

Regarding the detailed format of the JWT-based access token, see the description of the Service class.

Returns:

The newly issued access token in JWT format. If the service is not configured to issue JWT-based access tokens, this method always returns null.

Since:

2.37

See Also:

getAccessToken()

setJwtAccessToken

public void setJwtAccessToken(String jwtAccessToken)

Set the newly issued access token in JWT format.

Parameters:

jwtAccessToken - The newly issued access token in JWT format.

Since:

2.37

summarize

public String summarize()

Get the summary of this instance.