Package org.eclipse.lyo.server.oauth.core.token

Interface TokenStrategy

All Known Implementing Classes:
SimpleTokenStrategy
public interface TokenStrategy
Manages and validates OAuth tokens and token secrets. SimpleTokenStrategy is a basic implementation, but you can implement this interface to generate and validate OAuth tokens your own way.
Author:
Samuel Padgett

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    generateAccessToken(OAuthRequest oAuthRequest)
    Generates an access token and token secret and sets it in the accessor in the OAuthRequest.
    void
    generateRequestToken(OAuthRequest oAuthRequest)
    Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
    String
    generateVerificationCode(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken)
    Generates an "unguessable" OAuth verification code.
    String
    getCallback(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken)
    Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows.
    String
    getTokenSecret(jakarta.servlet.http.HttpServletRequest httpRequest, String token)
    Gets the token secret for token to validate signatures.
    boolean
    isRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken)
    Checks with the request token has been authorized by the end user.
    void
    markRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken)
    Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
    void
    validateAccessToken(OAuthRequest oAuthRequest)
    Validates that the access token is valid, throwing an exception if not.
    String
    validateRequestToken(jakarta.servlet.http.HttpServletRequest httpRequest, net.oauth.OAuthMessage message)
    Validates that the request token is valid, throwing an exception if not.
    void
    validateVerificationCode(OAuthRequest oAuthRequest)
    Validates that the verification code is recognized and associated with the request token.

  • Method Details

    • generateRequestToken

      void generateRequestToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      IOException - on errors reading from the request message
      net.oauth.OAuthException - on OAuth problems
      See Also:

    • validateRequestToken

      String validateRequestToken(jakarta.servlet.http.HttpServletRequest httpRequest, net.oauth.OAuthMessage message) throws net.oauth.OAuthException, IOException
      Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.
      Parameters:
      httpRequest - the HTTP request
      message - the OAuth message
      Returns:
      the consumer key associated with the request
      Throws:
      net.oauth.OAuthException - if the tokens are not valid
      IOException - on I/O errors

    • getCallback

      String getCallback(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthException
      Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.
      Parameters:
      httpRequest - the HTTP request
      requestToken - the request token
      Returns:
      the callback URL
      Throws:
      net.oauth.OAuthException - on OAuth problems

    • markRequestTokenAuthorized

      void markRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthException
      Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
      Parameters:
      httpRequest - the servlet request
      requestToken - the request token string
      Throws:
      net.oauth.OAuthException - if the token is not valid
      See Also:

    • isRequestTokenAuthorized

      boolean isRequestTokenAuthorized(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthException
      Checks with the request token has been authorized by the end user.
      Parameters:
      httpRequest - the servlet request
      requestToken - the request token
      Returns:
      answers if the request token is authorized and can be exchanged for an access token
      Throws:
      net.oauth.OAuthException - on OAuth problems
      See Also:

    • generateVerificationCode

      String generateVerificationCode(jakarta.servlet.http.HttpServletRequest httpRequest, String requestToken) throws net.oauth.OAuthException
      Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.
      Parameters:
      httpRequest - the HTTP request
      requestToken - the request token
      Returns:
      a verification code
      Throws:
      net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)

    • validateVerificationCode

      void validateVerificationCode(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)
      IOException - on I/O errors

    • generateAccessToken

      void generateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Generates an access token and token secret and sets it in the accessor in the OAuthRequest. Clears any request tokens set.
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      net.oauth.OAuthException - on OAuth problems
      IOException - on I/O errors
      See Also:

    • validateAccessToken

      void validateAccessToken(OAuthRequest oAuthRequest) throws net.oauth.OAuthException, IOException
      Validates that the access token is valid, throwing an exception if not.
      Parameters:
      oAuthRequest - the OAuth request
      Throws:
      net.oauth.OAuthException - if the token is invalid
      IOException - on I/O errors

    • getTokenSecret

      String getTokenSecret(jakarta.servlet.http.HttpServletRequest httpRequest, String token) throws net.oauth.OAuthException
      Gets the token secret for token to validate signatures.
      Parameters:
      httpRequest - the HTTP request
      token - the token string, either a request token or access token
      Returns:
      the token secret
      Throws:
      net.oauth.OAuthException - on OAuth problems (e.g., the token is invalid)