Package io.vertx.ext.web.handler

Interface OAuth2AuthHandler

All Superinterfaces:

AuthenticationHandler, Handler<RoutingContext>

public interface OAuth2AuthHandler
extends AuthenticationHandler

An auth handler that provides OAuth2 Authentication support. This handler is suitable for AuthCode flows.

Author:

Paulo Lopes

Method Summary

Modifier and Type	Method	Description
static OAuth2AuthHandler	create(Vertx vertx, OAuth2Auth authProvider)	Create a OAuth2 auth handler without host pinning.Most providers will not look to the redirect url but always redirect to the preconfigured callback.
static OAuth2AuthHandler	create(Vertx vertx, OAuth2Auth authProvider, String callbackURL)	Create a OAuth2 auth handler with host pinning.
OAuth2AuthHandler	extraParams(JsonObject extraParams)	Extra parameters needed to be passed while requesting a token.
OAuth2AuthHandler	pkceVerifierLength(int length)	PKCE (RFC 7636) is an extension to the Authorization Code flow to prevent several attacks and to be able to securely perform the OAuth exchange from public clients.
OAuth2AuthHandler	prompt(String prompt)	Indicates the type of user interaction that is required.
OAuth2AuthHandler	setupCallback(Route route)	add the callback handler to a given route.
OAuth2AuthHandler	withScope(String scope)	Return a new instance with the internal state copied from the caller but the scopes to be requested during a token request are unique to the instance.
OAuth2AuthHandler	withScopes(List<String> scopes)	Return a new instance with the internal state copied from the caller but the scopes to be requested during a token request are unique to the instance.

Methods inherited from interface io.vertx.core.Handler

handle

Method Detail

create

static OAuth2AuthHandler create(Vertx vertx,
                                OAuth2Auth authProvider,
                                String callbackURL)

Create a OAuth2 auth handler with host pinning. When no scopes are explicit declared, the default scopes will be looked up from the route metadata under the key scopes which can either be a single String or a List.

Parameters:

vertx - the vertx instance

authProvider - the auth provider to use

callbackURL - the callback URL you entered in your provider admin console, usually it should be something like: https://myserver:8888/callback

Returns:

the auth handler

create

static OAuth2AuthHandler create(Vertx vertx,
                                OAuth2Auth authProvider)

Create a OAuth2 auth handler without host pinning.Most providers will not look to the redirect url but always redirect to the preconfigured callback. So this factory does not provide a callback url. When no scopes are explicit declared, the default scopes will be looked up from the route metadata under the key scopes which can either be a single String or a List.

Parameters:

vertx - the vertx instance

authProvider - the auth provider to use

Returns:

the auth handler

extraParams

OAuth2AuthHandler extraParams(JsonObject extraParams)

Extra parameters needed to be passed while requesting a token.

Parameters:

extraParams - extra optional parameters.

Returns:

self

withScope

OAuth2AuthHandler withScope(String scope)

Return a new instance with the internal state copied from the caller but the scopes to be requested during a token request are unique to the instance. When scopes are applied to the handler, the default scopes from the route metadata will be ignored.

Parameters:

scope - scope.

Returns:

new instance of this interface.

withScopes

OAuth2AuthHandler withScopes(List<String> scopes)

Return a new instance with the internal state copied from the caller but the scopes to be requested during a token request are unique to the instance. When scopes are applied to the handler, the default scopes from the route metadata will be ignored.

Parameters:

scopes - scopes.

Returns:

new instance of this interface.

prompt

OAuth2AuthHandler prompt(String prompt)

Indicates the type of user interaction that is required. Not all providers support this or the full list. Well known values are:

• login will force the user to enter their credentials on that request, negating single-sign on.
• none is the opposite - it will ensure that the user isn't presented with any interactive prompt whatsoever. If the request can't be completed silently via single-sign on, the Microsoft identity platform endpoint will return an interaction_required error.
• consent will trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
• select_account will interrupt single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

Parameters:

prompt - the prompt choice.

Returns:

self

pkceVerifierLength

OAuth2AuthHandler pkceVerifierLength(int length)

PKCE (RFC 7636) is an extension to the Authorization Code flow to prevent several attacks and to be able to securely perform the OAuth exchange from public clients. It was originally designed to protect mobile apps, but its ability to prevent authorization code injection makes it useful for every OAuth client, even web apps that use a client secret.

Parameters:

length - A number between 43 and 128. Or -1 to disable.

Returns:

self

setupCallback

OAuth2AuthHandler setupCallback(Route route)

add the callback handler to a given route.

Parameters:

route - a given route e.g.: /callback

Returns:

self