Package io.meeds.oauth.spi

Interface OAuthProviderProcessor<T extends AccessTokenContext>

All Known Subinterfaces:
GateInFacebookProcessor, GoogleProcessor, LinkedinProcessor, OpenIdProcessor, TwitterProcessor
All Known Implementing Classes:
GateInFacebookProcessorImpl, GoogleProcessorImpl, LinkedinProcessorImpl, OpenIdProcessorImpl, TwitterProcessorImpl
public interface OAuthProviderProcessor<T extends AccessTokenContext>
Processor to call operations on given OAuth provider (Social network)
Author:
Marek Posolda

  • Method Summary

    Modifier and Type
    Method
    Description
    T
    getAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec)
    Obtain needed data from given userProfile and create accessToken from them
    <C> C
    getAuthorizedSocialApiObject(T accessToken, Class<C> socialApiObjectType)
    Return object, which can be used to call some operations on this Social network.
    InteractionState<T>
    processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse)
    Process OAuth workflow for this OAuth provider (social network).
    InteractionState<T>
    processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String scope)
    Possibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)
    void
    removeAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile)
    Remove data about access token from this user profile
    void
    revokeToken(T accessToken)
    Revoke given access token on OAuth provider side, so application is removed from list of supported applications for given user
    void
    saveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec, T accessToken)
    Save accessToken data to given userProfile.
    T
    validateTokenAndUpdateScopes(T accessToken)
    Send request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken.

  • Method Details

    • processOAuthInteraction

      InteractionState<T> processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse) throws IOException, OAuthException, ExecutionException, InterruptedException
      Process OAuth workflow for this OAuth provider (social network). Workflow is finished if returned InteractionState is in state InteractionState.State.FINISH and in this case, InteractionState should also have accessToken filled. If InteractionState is in state InteractionState.State.AUTH, then more redirections are needed. In this case, given HttpServletResponse should be already committed and prepared for redirection.
      Parameters:
      httpRequest -
      httpResponse -
      Returns:
      InteractionState with state of OAuth interaction
      Throws:
      IOException - if IO error occured (for example if httpResponse.sendRedirect failed)
      OAuthException - in case of some other error, which may be specific for this OAuth processor (Details are available in error code) Caller should be able to handle at least OAuthExceptionCode.USER_DENIED_SCOPE which happens when user denied scope (authorization screen in web of given social network)
      ExecutionException
      InterruptedException

    • processOAuthInteraction

      InteractionState<T> processOAuthInteraction(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String scope) throws IOException, OAuthException, ExecutionException, InterruptedException
      Possibility to create new OAuth interaction with custom scope (not just the scope which is provided in configuration of this OAuth processor)
      Parameters:
      httpRequest -
      httpResponse -
      scope - custom scope, which contains all scopes in single String divided by AccessTokenContext.DELIMITER
      Returns:
      Throws:
      IOException
      OAuthException
      ExecutionException
      InterruptedException
      See Also:

    • revokeToken

      void revokeToken(T accessToken) throws OAuthException
      Revoke given access token on OAuth provider side, so application is removed from list of supported applications for given user
      Parameters:
      accessToken - access token to revoke
      Throws:
      OAuthException - with code OAuthExceptionCode.TOKEN_REVOCATION_FAILED if remote revocation of access token failed for some reason

    • validateTokenAndUpdateScopes

      T validateTokenAndUpdateScopes(T accessToken) throws OAuthException
      Send request to OAuth Provider to validate if given access token is valid and ask for scopes, which are available for given accessToken. Returned access token should be always valid and prepared for invoke other operations
      Parameters:
      accessToken - accessToken which will be used to ask OAuthProvider about validation and for available scopes
      Returns:
      accessTokenContext, which will be quite same as the one from accessToken parameter. It could have some info updated (like scopes)
      Throws:
      OAuthException - usually with codes: - OAuthExceptionCode.ACCESS_TOKEN_ERROR if invalid access is used as argument - OAuthExceptionCode.IO_ERROR if IO error occurs

    • getAuthorizedSocialApiObject

      <C> C getAuthorizedSocialApiObject(T accessToken, Class<C> socialApiObjectType)
      Return object, which can be used to call some operations on this Social network. For example "Plus" object for Google+ network
      Parameters:
      accessToken - access token used to initialize object
      socialApiObjectType - Type of object, which we wanted to return. Method will return null if this type is not supported by this processor
      Returns:
      initialized object of required type or null if type wasn't found (supported) by this processor

    • saveAccessTokenAttributesToUserProfile

      void saveAccessTokenAttributesToUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec, T accessToken)
      Save accessToken data to given userProfile. Note that we are not calling any DB save operations, just filling data into given userProfile
      Parameters:
      userProfile - where data about access token will be filled
      codec - to encode some attributes (sensitive data) before save them to user profile
      accessToken - specific access token for this OAuth processor

    • getAccessTokenFromUserProfile

      T getAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile, OAuthCodec codec)
      Obtain needed data from given userProfile and create accessToken from them
      Parameters:
      userProfile - where data from access token will be obtained
      codec - to decode data from userProfile
      Returns:
      accesstoken or null if accessToken is not found in persistent storage

    • removeAccessTokenFromUserProfile

      void removeAccessTokenFromUserProfile(org.exoplatform.services.organization.UserProfile userProfile)
      Remove data about access token from this user profile
      Parameters:
      userProfile - from which data will be removed