Package com.authlete.jaxrs.spi

Interface DeviceCompleteRequestHandlerSpi

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      String getAcr()
      Get the authentication context class reference (ACR) that was satisfied when the end-user was authenticated.
      String getErrorDescription()
      Get the description of the error.
      URI getErrorUri()
      Get the URI of a document which describes the error in detail.
      com.authlete.common.dto.Property[] getProperties()
      Get extra properties to associate with an access token.
      com.authlete.common.dto.DeviceCompleteRequest.Result getResult()
      Get the result of end-user authentication and authorization.
      String[] getScopes()
      Get scopes to be associated with the access token.
      long getUserAuthenticatedAt()
      Get the time when the end-user was authenticated.
      Object getUserClaim​(String claimName)
      Get the value of a claim of the user.
      String getUserSubject()
      Get the subject (= unique identifier) of the end-user.
      javax.ws.rs.core.Response onInvalidRequest()
      Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is INVALID_REQUEST, which means the API call is invalid and probably, the authorization server implementation has some bugs.
      javax.ws.rs.core.Response onServerError()
      Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is SERVER_ERROR, which means an error occurred on Authlete side.
      javax.ws.rs.core.Response onSuccess()
      Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is SUCCESS, which means the API call has been processed successfully.
      javax.ws.rs.core.Response onUserCodeExpired()
      Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is USER_CODE_EXPIRED, which means the user code has expired.
      javax.ws.rs.core.Response onUserCodeNotExist()
      Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is USER_CODE_NOT_EXIST, which means the user code does not exist.

    • Method Detail

      • getResult

        com.authlete.common.dto.DeviceCompleteRequest.Result getResult()
        Get the result of end-user authentication and authorization.
        Returns:
        The result of end-user authentication and authorization.

      • getUserSubject

        String getUserSubject()
        Get the subject (= unique identifier) of the end-user. It must consist of only ASCII letters and its length must not exceed 100.

        In a typical case, the subject is a primary key or another unique ID of the record that represents the end-user in your user database.

        Returns:
        The subject (= unique identifier) of the end-user.

      • getUserAuthenticatedAt

        long getUserAuthenticatedAt()
        Get the time when the end-user was authenticated.

        This method is called only when getResult() has returned AUTHORIZED.

        Returns:
        The time when the end-user authentication occurred. The number of seconds since Unix epoch (1970-01-01). Return 0 if the time is unknown.

      • getAcr

        String getAcr()
        Get the authentication context class reference (ACR) that was satisfied when the end-user was authenticated.

        If you don't know what ACR is, return null.

        This method is called only when getResult() has returned AUTHORIZED.

        Returns:
        The authentication context class reference (ACR) that was satisfied when the end-user was authenticated.

      • getUserClaim

        Object getUserClaim​(String claimName)
        Get the value of a claim of the user.

        This method may be called multiple times. Note that this method is called only when getResult() has returned AUTHORIZED.

        Parameters:
        claimName - A claim name such as name and family_name. Standard claim names are listed in "5.1. Standard Claims" of OpenID Connect Core 1.0. Java constant values that represent the standard claims are listed in StandardClaims class. The value of claimName does NOT contain a language tag.
        Returns:
        The claim value. null if the claim value of the claim is not available.

      • getScopes

        String[] getScopes()
        Get scopes to be associated with the access token. If this method returns a non-null value, the set of scopes will be used instead of the scopes specified in the original device authorization request.
        Returns:
        Scopes to replace the scopes specified in the original device authorization request with. When null is returned from this method, replacement is not performed.

      • getProperties

        com.authlete.common.dto.Property[] getProperties()
        Get extra properties to associate with an access token.

        This method is expected to return an array of extra properties. The following is an example that returns an array containing one extra property. 

         @Override
 public Property[] getProperties()
 {
     return new Property[] {
         new Property("example_parameter", "example_value")
     };
 }

        Extra properties returned from this method will appear as top-level entries in a JSON response from an authorization server as shown in 5.1. Successful Response in RFC 6749.

        Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to a multidimensional string array, (2) converted to JSON, (3) encrypted by AES/CBC/PKCS5Padding, (4) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.

        Returns:
        Extra properties. If null is returned, any extra property will not be associated.

      • getErrorDescription

        String getErrorDescription()
        Get the description of the error. This corresponds to the error_description property in the response to the client.
        Returns:
        The description of the error.

      • getErrorUri

        URI getErrorUri()
        Get the URI of a document which describes the error in detail. This corresponds to the error_uri property in the response to the client.
        Returns:
        The URI of a document which describes the error in detail.

      • onSuccess

        javax.ws.rs.core.Response onSuccess()
        Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is SUCCESS, which means the API call has been processed successfully. Typically, the authorization server should return a successful response to the web browser the end-user is using.
        Returns:
        A response to the end-user.

      • onInvalidRequest

        javax.ws.rs.core.Response onInvalidRequest()
        Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is INVALID_REQUEST, which means the API call is invalid and probably, the authorization server implementation has some bugs.
        Returns:
        A response to the end-user.

      • onUserCodeExpired

        javax.ws.rs.core.Response onUserCodeExpired()
        Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is USER_CODE_EXPIRED, which means the user code has expired. Typically, the authorization server implementation should tell the end-user that the user code has expired and urge her to re-initiate a device flow.
        Returns:
        A response to the end-user.

      • onUserCodeNotExist

        javax.ws.rs.core.Response onUserCodeNotExist()
        Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is USER_CODE_NOT_EXIST, which means the user code does not exist. Typically, the authorization server implementation should tell the end-user that the user code has been invalidated and urge her to re-initiate a device flow.
        Returns:
        A response to the end-user.

      • onServerError

        javax.ws.rs.core.Response onServerError()
        Return a response to the end-user when the value of action parameter contained in the response from Authlete /api/device/complete API is SERVER_ERROR, which means an error occurred on Authlete side. Typically, the authorization server implementation should tell the end-user that something wrong happened and urge her to re-initiate a device flow.
        Returns:
        A response to the end-user.