Skip to content

Commit

Permalink
Add request options to each API call method.
Browse files Browse the repository at this point in the history
  • Loading branch information
@hidebike712
hidebike712 committed Dec 31, 2024
1 parent a6fd7e0 commit 9e88048
Show file tree
Hide file tree
Showing 48 changed files with 3,774 additions and 1,106 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<authlete-java-common.version>4.1</authlete-java-common.version>
<authlete-java-common.version>4.16</authlete-java-common.version>
<gson.version>2.10.1</gson.version>
<nimbus.version>9.31</nimbus.version>
<jakarta.api.version>3.1.0</jakarta.api.version>
Expand Down
224 changes: 183 additions & 41 deletions src/main/java/com/authlete/jakarta/AccessTokenValidator.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2016-2023 Authlete, Inc.
* Copyright (C) 2016-2025 Authlete, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -24,6 +24,7 @@
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import com.authlete.common.api.AuthleteApi;
import com.authlete.common.api.Options;
import com.authlete.common.dto.IntrospectionRequest;
import com.authlete.common.dto.IntrospectionResponse;
import com.authlete.common.dto.IntrospectionResponse.Action;
Expand Down Expand Up @@ -337,16 +338,8 @@ public AccessTokenValidator(AuthleteApi api)


/**
* Validate an access token. This method is an alias of the
* {@link #validate(Params)} method.
*
* </p>
* When the given access token is not valid, this method throws a
* {@link WebApplicationException}. The response contained in the
* exception complies with the requirements described in <a href=
* "http://tools.ietf.org/html/rfc6750">RFC 6750</a> (The OAuth
* 2.0 Authorization Framework: Bearer Token Usage).
* </p>
* Validate an access token. This method is an alias of
* {@link #validate(String, Options) validate}{@code (accessToken, (Options)null)}.
*
* @param accessToken
* An access token to validate.
Expand All @@ -360,25 +353,38 @@ public AccessTokenValidator(AuthleteApi api)
*/
public AccessTokenInfo validate(String accessToken) throws WebApplicationException
{
Params params = new Params()
.setAccessToken(accessToken)
;

return validate(params);
return validate(accessToken, (Options)null);
}


/**
* Validate an access token. This method is an alias of the
* {@link #validate(Params)} method.
* Validate an access token. This method is an alias of {@link
* #validate(String, String[], Options) validate}{@code (accessToken, null, options)}.
*
* </p>
* When the given access token is not valid, this method throws a
* {@link WebApplicationException}. The response contained in the
* exception complies with the requirements described in <a href=
* "http://tools.ietf.org/html/rfc6750">RFC 6750</a> (The OAuth
* 2.0 Authorization Framework: Bearer Token Usage).
* </p>
* @param accessToken
* An access token to validate.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* Information about the access token.
*
* @throws WebApplicationException
* The access token is invalid. To be concrete, the access
* token does not exist or it has expired.
*
* @since 2.82
*/
public AccessTokenInfo validate(String accessToken, Options options) throws WebApplicationException
{
return validate(accessToken, null, options);
}


/**
* Validate an access token. This method is an alias of
* {@link #validate(String, String[], Options) validate}{@code (accessToken, requiredScopes, null)}.
*
* @param accessToken
* An access token to validate.
Expand All @@ -402,18 +408,93 @@ public AccessTokenInfo validate(String accessToken) throws WebApplicationExcepti
public AccessTokenInfo validate(
String accessToken, String[] requiredScopes) throws WebApplicationException
{
Params params = new Params()
.setAccessToken(accessToken)
.setRequiredScopes(requiredScopes)
;
return validate(accessToken, requiredScopes, null);
}


return validate(params);
/**
* Validate an access token. This method is an alias of
* {@link #validate(String, String[], String, String, Options) validate}{@code
* (accessToken, requiredScopes, null, null, options)}.
*
* @param accessToken
* An access token to validate.
*
* @param requiredScopes
* Scopes that must be associated with the access token.
* {@code null} is okay.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* Information about the access token.
*
* @throws WebApplicationException
* The access token is invalid. To be concrete, one or more of
* the following conditions meet.
* <ol>
* <li>The access token does not exist.
* <li>The access token has expired.
* <li>The access token does not cover the required scopes.
* </ol>
*
* @since 2.82
*/
public AccessTokenInfo validate(
String accessToken, String[] requiredScopes, Options options) throws WebApplicationException
{
return validate(accessToken, requiredScopes, null, null, options);
}


/**
* Validate an access token. This method is an alias of
* {@link #validate(String, String[], String, String, Options) validate}{@code
* (accessToken, requiredScopes, requiredSubject, clientCertificate, null)}.
*
* @param accessToken
* An access token to validate.
*
* @param requiredScopes
* Scopes that must be associated with the access token.
* {@code null} is okay.
*
* @param requiredSubject
* Subject (= user's unique identifier) that must be associated
* with the access token. {@code null} is okay.
*
* @param clientCertificate
* TLS Certificate of the client presented during a call to
* the resource server, used with TLS-bound access tokens.
* Can be {@code null} if no certificate is presented.
*
* @return
* Information about the access token.
*
* @throws WebApplicationException
* The access token is invalid. To be concrete, one or more of
* the following conditions meet.
* <ol>
* <li>The access token does not exist.
* <li>The access token has expired.
* <li>The access token does not cover the required scopes.
* <li>The access token is not associated with the required subject.
* <li>The access token is bound to a client certificate, but the
* presented one does not match.
* </ol>
*/
public AccessTokenInfo validate(
String accessToken, String[] requiredScopes,
String requiredSubject, String clientCertificate) throws WebApplicationException
{
return validate(accessToken, requiredScopes, requiredSubject, clientCertificate, null);
}


/**
* Validate an access token. This method is an alias of the
* {@link #validate(Params)} method.
* {@link #validate(Params, Options)} method.
*
* </p>
* When the given access token is not valid, this method throws a
Expand All @@ -439,6 +520,9 @@ public AccessTokenInfo validate(
* the resource server, used with TLS-bound access tokens.
* Can be {@code null} if no certificate is presented.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* Information about the access token.
*
Expand All @@ -453,10 +537,13 @@ public AccessTokenInfo validate(
* <li>The access token is bound to a client certificate, but the
* presented one does not match.
* </ol>
*
* @since 2.82
*/
public AccessTokenInfo validate(
String accessToken, String[] requiredScopes,
String requiredSubject, String clientCertificate) throws WebApplicationException
String requiredSubject, String clientCertificate, Options options)
throws WebApplicationException
{
Params params = new Params()
.setAccessToken(accessToken)
Expand All @@ -465,12 +552,13 @@ public AccessTokenInfo validate(
.setClientCertificate(clientCertificate)
;

return validate(params);
return validate(params, options);
}


/**
* Validate an access token.
* Validate an access token. This method is an alias of
* {@link #validate(Params, Options) validate}{@code (params, null)}.
*
* @param params
* Parameters needed for access token validation.
Expand All @@ -484,6 +572,29 @@ public AccessTokenInfo validate(
* @since 2.27
*/
public AccessTokenInfo validate(Params params) throws WebApplicationException
{
return validate(params, null);
}


/**
* Validate an access token.
*
* @param params
* Parameters needed for access token validation.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* Information about the access token.
*
* @throws WebApplicationException
* The access token is invalid.
*
* @since 2.82
*/
public AccessTokenInfo validate(Params params, Options options) throws WebApplicationException
{
if (params == null || params.getAccessToken() == null)
{
Expand All @@ -493,7 +604,7 @@ public AccessTokenInfo validate(Params params) throws WebApplicationException

try
{
return process(params);
return process(params, options);
}
catch (WebApplicationException e)
{
Expand All @@ -508,7 +619,8 @@ public AccessTokenInfo validate(Params params) throws WebApplicationException


/**
* Validate an access token.
* Validate an access token. This method is an alias of the
* {@link #validate(IntrospectionRequest, Options) validate}{@code (request, null)}.
*
* @param request
* The request parameters to Authlete's {@code /auth/introspection} API.
Expand All @@ -525,10 +637,37 @@ public AccessTokenInfo validate(Params params) throws WebApplicationException
* @since 2.66
*/
public IntrospectionResponse validate(IntrospectionRequest request) throws WebApplicationException
{
return validate(request, null);
}


/**
* Validate an access token.
*
* @param request
* The request parameters to Authlete's {@code /auth/introspection} API.
*
* @param options
* Request options for {@code /api/auth/introspection} API.
*
* @return
* The response from the Authlete's {@code /auth/introspection} API.
*
* @throws WebApplicationException
* The access token is invalid or something unexpected happened.
* This exception is raised when the {@code action} response parameter
* in the response from the {@code /auth/introspection} API is not
* {@link IntrospectionResponse.Action#OK OK}.
*
* @since 2.82
*/
public IntrospectionResponse validate(
IntrospectionRequest request, Options options) throws WebApplicationException
{
try
{
return process(request);
return process(request, options);
}
catch (WebApplicationException e)
{
Expand All @@ -542,7 +681,8 @@ public IntrospectionResponse validate(IntrospectionRequest request) throws WebAp
}


private AccessTokenInfo process(Params params) throws WebApplicationException

private AccessTokenInfo process(Params params, Options options) throws WebApplicationException
{
// Call Authlete's /api/auth/introspection API.
IntrospectionResponse response = getApiCaller().callIntrospection(
Expand All @@ -552,7 +692,8 @@ private AccessTokenInfo process(Params params) throws WebApplicationException
params.getClientCertificate(),
params.getDpop(),
params.getHtm(),
params.getHtu()
params.getHtu(),
options
);

// Handle the response from the /auth/introspection API.
Expand All @@ -563,10 +704,11 @@ private AccessTokenInfo process(Params params) throws WebApplicationException
}


private IntrospectionResponse process(IntrospectionRequest request) throws WebApplicationException
private IntrospectionResponse process(
IntrospectionRequest request, Options options) throws WebApplicationException
{
// Call Authlete's /api/auth/introspection API.
IntrospectionResponse response = getApiCaller().callIntrospection(request);
IntrospectionResponse response = getApiCaller().callIntrospection(request, options);

// Handle the response from the /auth/introspection API.
handleIntrospectionResponse(response);
Expand Down
Loading

0 comments on commit 9e88048

Please sign in to comment.