public class GOAuth2
Class for authorization via Google OAuth 2.0.
Authorization occurs when the user accepts permission from a spawned
webpage, but a temporary local webserver recieves the token, so that
the user is not involved in providing the intermediate code to the
application.
OAuth authentication has the concept of scopes, which indicate
what permissions the requesting application is asking for. Such
permissions may include accessing the user email address, calendar,
posting via their Google Plus profile, etc.
After an application first asks for permission for a given set of
scopes, this class stores a cookie with the refresh token. In the
future, when calls are made to getTokenFromCookie, this class quietly
retrieves a new token from Google using the refresh token and uses
that token for authentication.
In the context of GUI, cookies are stored in Java Preferences.
Modifier and Type | Field and Description |
---|---|
BBjString | CharacterEncoding!="UTF-8" Character encoding for authentication requests. Default is UTF-8. |
BBjString | ClientIDProperty!="com.basis.util.goauth2.clientid" Property for the application client id. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the client id, not the value of the client id itself. One should configure their application so it does not allow the user to drop to console. This way, they can not readily capture the client id. |
BBjString | ClientSecretProperty!="com.basis.util.goauth2.clientsecret" Property for the application client secret. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the client secret, not the value of the client secret itself. One should configure their application so it does not allow the user to drop to console. This way, they can not readily capture the client secret. |
BBjNumber | CookieGroup!=null() Specifies type of cookie. (Session, etc.) default is null. |
BBjString | CookieRefreshTokenVariable!="GOAuth2RefreshToken" Indicates the name of the variable that stores the refresh token in the cookie. |
BBjString | CookieScopeVariable!="GOAuth2Scope" Indicates the name of the variable that stores scopes in the cookie. Typically does not need to be modified. |
BBjString | CookieTokenVariable!="GOAuth2Token" Indicates the name of the variable that is used to store the token in the cookie. Typically does not need to be modified. |
BBjString | RedirectURL! URL or URI to which the authorization token will be sent. |
BBjString | RedirectURLProperty!="com.basis.util.goauth2.redirecturl" Property for the application redirect URL. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the redirect URL, not the value of the redirect URL itself. |
BBjString | RequireSSLProperty!="com.basis.util.goauth2.requiressl" Property for the application require SSL when redirecting. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the require SSL, not the value of the require SSL itself. This property will only take effect when the RedirectURLProperty is not set. Its value should be set to true if require ssl. |
BBjVector | Scopes!=BBjAPI().makeVector() scopes for authorization. Starts out as an empty vector. |
BBjNumber | Timeout=120 Authentication timeout in seconds. Default is 120 seconds, 0 means "forever." |
Constructor and Description |
---|
GOAuth2() |
Modifier and Type | Method and Description |
---|---|
BBjString | getBearerTokenFromRefreshToken(BBjString refreshToken!) This method exchanges the refresh token for a bearer token. The bearer token can then be used for future API requests. This method assumes the refresh token was obtained somewhere other than a cookie and therefore does not set a cookie with a refresh token. |
BBjString | getRefreshToken() The authorization refresh token. This is a long term token used to retrieve session tokens. |
BBjString | getToken() The authorization token. |
BBjString | getTokenFromCookie() If a refresh token is stored in a cookie for our current set of permissions, submit the refresh token to get a new token from Google. |
BBjNumber | leg1() Leg 1 constructs a permission request to send to Google, which then will obtain permission from the user. The end result if the user gives permission is an intermediate code value. |
void | leg3(BBjString code!) _break_ In Leg 3, the intermediate code is sent to Google in exchange for an authentication token. Obtaining the authentication token is the end goal of this class. |
BBjString | localhostleg2() Used only for locaalhost authentication, leg 2 looks for an intermediate code that's been sent to the local webserver. (The local webserver is spawned by GOAuth2 -- It won't check for your own local webserver.) |
void | revokeAccess() _break_ Revokes access of the application to the currently signed in user. User will have to grant access to the application via a sign in process again. Any refresh or bearer tokens associated with this session's bearer token will not continue to work. This method sends the following request which can be duplicated in a browser: https://accounts.google.com/o/oauth2/revoke?token=token! |
void | revokeAccess(BBjString token!) Revokes access of the current token!. (token! can be any Google token and need not be associated with the current application.) Any refresh or bearer tokens associated with token! will not continue to honored. This method sends the following request which can be duplicated in a browser: https://accounts.google.com/o/oauth2/revoke?token=token! |
public BBjString CharacterEncoding!="UTF-8"
Character encoding for authentication requests. Default is UTF-8.
public BBjString ClientIDProperty!="com.basis.util.goauth2.clientid"
Property for the application client id. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the client id, not the value of the client id itself. One should configure their application so it does not allow the user to drop to console. This way, they can not readily capture the client id.
public BBjString ClientSecretProperty!="com.basis.util.goauth2.clientsecret"
Property for the application client secret. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the client secret, not the value of the client secret itself. One should configure their application so it does not allow the user to drop to console. This way, they can not readily capture the client secret.
public BBjNumber CookieGroup!=null()
Specifies type of cookie. (Session, etc.) default is null.
public BBjString CookieRefreshTokenVariable!="GOAuth2RefreshToken"
Indicates the name of the variable that stores the refresh token in the cookie.
public BBjString CookieScopeVariable!="GOAuth2Scope"
Indicates the name of the variable that stores scopes in the cookie. Typically does not need to be modified.
public BBjString CookieTokenVariable!="GOAuth2Token"
Indicates the name of the variable that is used to store the token in the cookie. Typically does not need to be modified.
public BBjString RedirectURL!
URL or URI to which the authorization token will be sent.
public BBjString RedirectURLProperty!="com.basis.util.goauth2.redirecturl"
Property for the application redirect URL. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the redirect URL, not the value of the redirect URL itself.
public BBjString RequireSSLProperty!="com.basis.util.goauth2.requiressl"
Property for the application require SSL when redirecting. In the case of several applications using OAuth, this property can be overridden to look for a different property in BBj.properties. Note: This is the name of the property for the require SSL, not the value of the require SSL itself. This property will only take effect when the RedirectURLProperty is not set. Its value should be set to true if require ssl.
public BBjVector Scopes!=BBjAPI().makeVector()
scopes for authorization. Starts out as an empty vector.
public BBjNumber Timeout=120
Authentication timeout in seconds. Default is 120 seconds, 0 means "forever."
public BBjString getBearerTokenFromRefreshToken(BBjString refreshToken!)
This method exchanges the refresh token for a bearer token. The bearer token can then be used for future API requests. This method assumes the refresh token was obtained somewhere other than a cookie and therefore does not set a cookie with a refresh token.
!ERROR=254 if refreshToken! is invalid. In particular, the error message "invalid_grant;quot; points to an invalid refresh token being provided.
public BBjString getRefreshToken()
The authorization refresh token. This is a long term token used to retrieve session tokens.
public BBjString getToken()
The authorization token.
public BBjString getTokenFromCookie()
If a refresh token is stored in a cookie for our current set of permissions, submit the refresh token to get a new token from Google.
public BBjNumber leg1()
Leg 1 constructs a permission request to send to Google, which then will obtain permission from the user. The end result if the user gives permission is an intermediate code value.
public void leg3(BBjString code!) _break_
In Leg 3, the intermediate code is sent to Google in exchange for an authentication token. Obtaining the authentication token is the end goal of this class.
public BBjString localhostleg2()
Used only for locaalhost authentication, leg 2 looks for an intermediate code that's been sent to the local webserver. (The local webserver is spawned by GOAuth2 -- It won't check for your own local webserver.)
!ERROR=254 when an authorization error occurs.
public void revokeAccess() _break_
Revokes access of the application to the currently signed in user. User will have to grant access to the application via a sign in process again. Any refresh or bearer tokens associated with this session's bearer token will not continue to work. This method sends the following request which can be duplicated in a browser: https://accounts.google.com/o/oauth2/revoke?token=token!
!ERROR=254 if nobody is signed in. (token! is null() in that case.)
public void revokeAccess(BBjString token!)
Revokes access of the current token!. (token! can be any Google token and need not be associated with the current application.) Any refresh or bearer tokens associated with token! will not continue to honored. This method sends the following request which can be duplicated in a browser: https://accounts.google.com/o/oauth2/revoke?token=token!
!ERROR=254 if token! was not successfully revoked.