OAuth2Operations.java example

Explorer
spring-social-master
/*
 * Copyright 2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.social.oauth2;

import org.springframework.util.MultiValueMap;

/**
 * A service interface for the OAuth2 flow.
 * This interface allows you to conduct the "OAuth dance" with a service provider on behalf of a user. 
 * @author Keith Donald
 * @author Roy Clarkson
 */
public interface OAuth2Operations {

	/**
	 * Construct the URL to redirect the user to for authorization via OAuth2's "Authorization Code Grant".
	 * @param parameters authorization parameters needed to build the URL
	 * @return the absolute authorize URL to redirect the user to for authorization
	 */ 
	String buildAuthorizeUrl(OAuth2Parameters parameters);

	/**
	 * Construct the URL to redirect the user to for authorization. Use of implicit grant
	 * is discouraged unless there is no other option available. Use
	 * {@link #buildAuthorizeUrl(OAuth2Parameters)} instead.
	 * @param grantType specifies whether to use client-side or server-side OAuth flow
	 * @param parameters authorization parameters needed to build the URL
	 * @return the absolute authorize URL to redirect the user to for authorization
	 */
	String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters);

	/**
	 * Construct the URL to redirect the user to for authentication via OAuth2's "Authorization Code Grant".
	 * The authenticate URL differs from the authorizationUrl slightly in that it does not require the user to authorize the app multiple times.
	 * This provides a better user experience for "Sign in with Provider" scenarios.
	 * @param parameters authorization parameters needed to build the URL 
	 * @return the absolute authenticate URL to redirect the user to for authorization
	 */ 
	String buildAuthenticateUrl(OAuth2Parameters parameters);

	/**
	 * Construct the URL to redirect the user to for authentication. The authenticate URL
	 * differs from the authorizationUrl slightly in that it does not require the user to
	 * authorize the app multiple times. This provides a better user experience for
	 * "Sign in with Provider" scenarios. Use of implicit grant is discouraged unless
	 * there is no other option available. Use
	 * {@link #buildAuthenticateUrl(OAuth2Parameters)} instead.
	 * @param grantType specifies whether to use client-side or server-side OAuth flow
	 * @param parameters authorization parameters needed to build the URL
	 * @return the absolute authenticate URL to redirect the user to for authorization
	 */
	String buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters);

	/**
	 * Exchange the authorization code for an access grant.
	 * @param authorizationCode the authorization code returned by the provider upon user authorization
	 * @param redirectUri the authorization callback url; this value must match the redirectUri registered with the provider
	 * @param additionalParameters any additional parameters to be sent when exchanging the authorization code for an access grant. Should not be encoded. 
	 * @return the access grant.
	 */
	AccessGrant exchangeForAccess(String authorizationCode, String redirectUri, MultiValueMap<String, String> additionalParameters);

	/**
	 * Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant).
	 * @param username the user's username on the provider
	 * @param password the user's password on the provider
	 * @param additionalParameters any additional parameters to be sent when exchanging the credentials for an access grant. Should not be encoded. 
	 * @return the access grant.
	 */
	AccessGrant exchangeCredentialsForAccess(String username, String password, MultiValueMap<String, String> additionalParameters);

	/**
	 * Refreshes a previous access grant.
	 * @param refreshToken the refresh token from the previous access grant.
	 * @param additionalParameters any additional parameters to be sent when refreshing a previous access grant. Should not be encoded. 
	 * @return the access grant.
	 */
	AccessGrant refreshAccess(String refreshToken, MultiValueMap<String, String> additionalParameters);

	/**
	 * Retrieves the client access grant using OAuth 2 client password flow.
	 * This is an access grant that is based on the client id and password (a.k.a. client secret).
	 * @return the access grant of the client only (not user related)
	 */
	AccessGrant authenticateClient();

	/**
	 * Retrieves the client access grant using OAuth 2 client password flow.
	 * This is an access grant that is based on the client id and password (a.k.a. client secret).
	 * @param scope optional scope to get for the access grant
	 * @return the access grant of the client only (not user related)
	 */
	AccessGrant authenticateClient(String scope);

}