/* * Copyright 2015 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.springframework.social.oauth2; import org.springframework.util.MultiValueMap; /** * A service interface for the OAuth2 flow. * This interface allows you to conduct the "OAuth dance" with a service provider on behalf of a user. * @author Keith Donald * @author Roy Clarkson */ public interface OAuth2Operations { /** * Construct the URL to redirect the user to for authorization via OAuth2's "Authorization Code Grant". * @param parameters authorization parameters needed to build the URL * @return the absolute authorize URL to redirect the user to for authorization */ String buildAuthorizeUrl(OAuth2Parameters parameters); /** * Construct the URL to redirect the user to for authorization. Use of implicit grant * is discouraged unless there is no other option available. Use * {@link #buildAuthorizeUrl(OAuth2Parameters)} instead. * @param grantType specifies whether to use client-side or server-side OAuth flow * @param parameters authorization parameters needed to build the URL * @return the absolute authorize URL to redirect the user to for authorization */ String buildAuthorizeUrl(GrantType grantType, OAuth2Parameters parameters); /** * Construct the URL to redirect the user to for authentication via OAuth2's "Authorization Code Grant". * The authenticate URL differs from the authorizationUrl slightly in that it does not require the user to authorize the app multiple times. * This provides a better user experience for "Sign in with Provider" scenarios. * @param parameters authorization parameters needed to build the URL * @return the absolute authenticate URL to redirect the user to for authorization */ String buildAuthenticateUrl(OAuth2Parameters parameters); /** * Construct the URL to redirect the user to for authentication. The authenticate URL * differs from the authorizationUrl slightly in that it does not require the user to * authorize the app multiple times. This provides a better user experience for * "Sign in with Provider" scenarios. Use of implicit grant is discouraged unless * there is no other option available. Use * {@link #buildAuthenticateUrl(OAuth2Parameters)} instead. * @param grantType specifies whether to use client-side or server-side OAuth flow * @param parameters authorization parameters needed to build the URL * @return the absolute authenticate URL to redirect the user to for authorization */ String buildAuthenticateUrl(GrantType grantType, OAuth2Parameters parameters); /** * Exchange the authorization code for an access grant. * @param authorizationCode the authorization code returned by the provider upon user authorization * @param redirectUri the authorization callback url; this value must match the redirectUri registered with the provider * @param additionalParameters any additional parameters to be sent when exchanging the authorization code for an access grant. Should not be encoded. * @return the access grant. */ AccessGrant exchangeForAccess(String authorizationCode, String redirectUri, MultiValueMap<String, String> additionalParameters); /** * Exchanges user credentials for an access grant using OAuth2's Resource Owner Credentials Grant (aka, "password" grant). * @param username the user's username on the provider * @param password the user's password on the provider * @param additionalParameters any additional parameters to be sent when exchanging the credentials for an access grant. Should not be encoded. * @return the access grant. */ AccessGrant exchangeCredentialsForAccess(String username, String password, MultiValueMap<String, String> additionalParameters); /** * Refreshes a previous access grant. * @param refreshToken the refresh token from the previous access grant. * @param additionalParameters any additional parameters to be sent when refreshing a previous access grant. Should not be encoded. * @return the access grant. */ AccessGrant refreshAccess(String refreshToken, MultiValueMap<String, String> additionalParameters); /** * Retrieves the client access grant using OAuth 2 client password flow. * This is an access grant that is based on the client id and password (a.k.a. client secret). * @return the access grant of the client only (not user related) */ AccessGrant authenticateClient(); /** * Retrieves the client access grant using OAuth 2 client password flow. * This is an access grant that is based on the client id and password (a.k.a. client secret). * @param scope optional scope to get for the access grant * @return the access grant of the client only (not user related) */ AccessGrant authenticateClient(String scope); }