Skip to content

Commit cf13c8f

Browse files
author
Yaniv Inbar
committed
api: OAuth 2.0 final standard
https://codereview.appspot.com/7069069/
1 parent 20843d1 commit cf13c8f

4 files changed

Lines changed: 83 additions & 80 deletions

File tree

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleAuthorizationCodeFlow.java

Lines changed: 50 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,32 @@ public class GoogleAuthorizationCodeFlow extends AuthorizationCodeFlow {
7676
*/
7777
private final String accessType;
7878

79+
/**
80+
* @param transport HTTP transport
81+
* @param jsonFactory JSON factory
82+
* @param clientId client identifier
83+
* @param clientSecret client secret
84+
* @param scopes list of scopes to be joined by a space separator (or a single value containing
85+
* multiple space-separated scopes)
86+
*
87+
* @since 1.14
88+
*/
89+
public GoogleAuthorizationCodeFlow(HttpTransport transport, JsonFactory jsonFactory,
90+
String clientId, String clientSecret, Iterable<String> scopes) {
91+
this(new Builder(transport, jsonFactory, clientId, clientSecret, scopes));
92+
}
93+
94+
/**
95+
* @param builder Google authorization code flow builder
96+
*
97+
* @since 1.14
98+
*/
99+
protected GoogleAuthorizationCodeFlow(Builder builder) {
100+
super(builder);
101+
accessType = builder.accessType;
102+
approvalPrompt = builder.approvalPrompt;
103+
}
104+
79105
/**
80106
* @param method method of presenting the access token to the resource server (for example
81107
* {@link BearerToken#authorizationHeaderAccessMethod})
@@ -94,29 +120,17 @@ public class GoogleAuthorizationCodeFlow extends AuthorizationCodeFlow {
94120
* @param approvalPrompt Prompt for consent behavior ({@code "auto"} to request auto-approval or
95121
* {@code "force"} to force the approval UI to show) or {@code null} for the default
96122
* behavior
123+
* @deprecated (scheduled to be removed in 1.15) Use {@link #GoogleAuthorizationCodeFlow(Builder)}
97124
*/
98-
protected GoogleAuthorizationCodeFlow(AccessMethod method,
99-
HttpTransport transport,
100-
JsonFactory jsonFactory,
101-
GenericUrl tokenServerUrl,
102-
HttpExecuteInterceptor clientAuthentication,
103-
String clientId,
104-
String authorizationServerEncodedUrl,
105-
CredentialStore credentialStore,
106-
HttpRequestInitializer requestInitializer,
107-
String scopes,
108-
String accessType,
125+
@Deprecated
126+
protected GoogleAuthorizationCodeFlow(AccessMethod method, HttpTransport transport,
127+
JsonFactory jsonFactory, GenericUrl tokenServerUrl,
128+
HttpExecuteInterceptor clientAuthentication, String clientId,
129+
String authorizationServerEncodedUrl, CredentialStore credentialStore,
130+
HttpRequestInitializer requestInitializer, String scopes, String accessType,
109131
String approvalPrompt) {
110-
super(method,
111-
transport,
112-
jsonFactory,
113-
tokenServerUrl,
114-
clientAuthentication,
115-
clientId,
116-
authorizationServerEncodedUrl,
117-
credentialStore,
118-
requestInitializer,
119-
scopes);
132+
super(method, transport, jsonFactory, tokenServerUrl, clientAuthentication, clientId,
133+
authorizationServerEncodedUrl, credentialStore, requestInitializer, scopes);
120134
this.accessType = accessType;
121135
this.approvalPrompt = approvalPrompt;
122136
}
@@ -125,25 +139,18 @@ protected GoogleAuthorizationCodeFlow(AccessMethod method,
125139
public GoogleAuthorizationCodeTokenRequest newTokenRequest(String authorizationCode) {
126140
// don't need to specify clientId & clientSecret because specifying clientAuthentication
127141
// don't want to specify redirectUri to give control of it to user of this class
128-
return new GoogleAuthorizationCodeTokenRequest(getTransport(),
129-
getJsonFactory(),
130-
getTokenServerEncodedUrl(),
131-
"",
132-
"",
133-
authorizationCode,
134-
"").setClientAuthentication(getClientAuthentication())
142+
return new GoogleAuthorizationCodeTokenRequest(getTransport(), getJsonFactory(),
143+
getTokenServerEncodedUrl(), "", "", authorizationCode, "").setClientAuthentication(
144+
getClientAuthentication())
135145
.setRequestInitializer(getRequestInitializer()).setScopes(getScopes());
136146

137147
}
138148

139149
@Override
140150
public GoogleAuthorizationCodeRequestUrl newAuthorizationUrl() {
141151
// don't want to specify redirectUri to give control of it to user of this class
142-
return new GoogleAuthorizationCodeRequestUrl(getAuthorizationServerEncodedUrl(),
143-
getClientId(),
144-
"",
145-
Collections.singleton(getScopes()))
146-
.setAccessType(accessType)
152+
return new GoogleAuthorizationCodeRequestUrl(getAuthorizationServerEncodedUrl(), getClientId(),
153+
"", Collections.singleton(getScopes())).setAccessType(accessType)
147154
.setApprovalPrompt(approvalPrompt);
148155
}
149156

@@ -177,13 +184,13 @@ public static class Builder extends AuthorizationCodeFlow.Builder {
177184
* Prompt for consent behavior ({@code "auto"} to request auto-approval or {@code "force"} to
178185
* force the approval UI to show) or {@code null} for the default behavior.
179186
*/
180-
private String approvalPrompt;
187+
String approvalPrompt;
181188

182189
/**
183190
* Access type ({@code "online"} to request online access or {@code "offline"} to request
184191
* offline access) or {@code null} for the default behavior.
185192
*/
186-
private String accessType;
193+
String accessType;
187194

188195
/**
189196
* @param transport HTTP transport
@@ -195,13 +202,9 @@ public static class Builder extends AuthorizationCodeFlow.Builder {
195202
*/
196203
public Builder(HttpTransport transport, JsonFactory jsonFactory, String clientId,
197204
String clientSecret, Iterable<String> scopes) {
198-
super(BearerToken.authorizationHeaderAccessMethod(),
199-
transport,
200-
jsonFactory,
201-
new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL),
202-
new ClientParametersAuthentication(clientId, clientSecret),
203-
clientId,
204-
GoogleOAuthConstants.AUTHORIZATION_SERVER_URL);
205+
super(BearerToken.authorizationHeaderAccessMethod(), transport, jsonFactory, new GenericUrl(
206+
GoogleOAuthConstants.TOKEN_SERVER_URL), new ClientParametersAuthentication(
207+
clientId, clientSecret), clientId, GoogleOAuthConstants.AUTHORIZATION_SERVER_URL);
205208
setScopes(Preconditions.checkNotNull(scopes));
206209
}
207210

@@ -214,31 +217,16 @@ public Builder(HttpTransport transport, JsonFactory jsonFactory, String clientId
214217
*/
215218
public Builder(HttpTransport transport, JsonFactory jsonFactory,
216219
GoogleClientSecrets clientSecrets, Iterable<String> scopes) {
217-
super(BearerToken.authorizationHeaderAccessMethod(),
218-
transport,
219-
jsonFactory,
220-
new GenericUrl(GoogleOAuthConstants.TOKEN_SERVER_URL),
221-
new ClientParametersAuthentication(clientSecrets.getDetails().getClientId(),
222-
clientSecrets.getDetails().getClientSecret()),
223-
clientSecrets.getDetails().getClientId(),
224-
GoogleOAuthConstants.AUTHORIZATION_SERVER_URL);
220+
super(BearerToken.authorizationHeaderAccessMethod(), transport, jsonFactory, new GenericUrl(
221+
GoogleOAuthConstants.TOKEN_SERVER_URL), new ClientParametersAuthentication(
222+
clientSecrets.getDetails().getClientId(), clientSecrets.getDetails().getClientSecret()),
223+
clientSecrets.getDetails().getClientId(), GoogleOAuthConstants.AUTHORIZATION_SERVER_URL);
225224
setScopes(Preconditions.checkNotNull(scopes));
226225
}
227226

228227
@Override
229228
public GoogleAuthorizationCodeFlow build() {
230-
return new GoogleAuthorizationCodeFlow(getMethod(),
231-
getTransport(),
232-
getJsonFactory(),
233-
getTokenServerUrl(),
234-
getClientAuthentication(),
235-
getClientId(),
236-
getAuthorizationServerEncodedUrl(),
237-
getCredentialStore(),
238-
getRequestInitializer(),
239-
getScopes(),
240-
accessType,
241-
approvalPrompt);
229+
return new GoogleAuthorizationCodeFlow(this);
242230
}
243231

244232
@Override

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java

Lines changed: 28 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -185,8 +185,25 @@ public class GoogleCredential extends Credential {
185185
* </p>
186186
*/
187187
public GoogleCredential() {
188-
super(BearerToken.authorizationHeaderAccessMethod(), null, null,
189-
GoogleOAuthConstants.TOKEN_SERVER_URL, null, null, null);
188+
this (new Builder());
189+
}
190+
191+
/**
192+
* @param builder Google credential builder
193+
*
194+
* @since 1.14
195+
*/
196+
protected GoogleCredential(Builder builder) {
197+
super(builder);
198+
if (builder.serviceAccountPrivateKey == null) {
199+
Preconditions.checkArgument(builder.serviceAccountId == null
200+
&& builder.serviceAccountScopes == null && builder.serviceAccountUser == null);
201+
} else {
202+
serviceAccountId = Preconditions.checkNotNull(builder.serviceAccountId);
203+
serviceAccountScopes = Preconditions.checkNotNull(builder.serviceAccountScopes);
204+
serviceAccountPrivateKey = builder.serviceAccountPrivateKey;
205+
serviceAccountUser = builder.serviceAccountUser;
206+
}
190207
}
191208

192209
/**
@@ -211,7 +228,9 @@ public GoogleCredential() {
211228
* @param serviceAccountUser email address of the user the application is trying to impersonate in
212229
* the service account flow or {@code null} for none or if not using the service account
213230
* flow
231+
* @deprecated (scheduled to be removed in 1.15) Use {@link #GoogleCredential(Builder)}
214232
*/
233+
@Deprecated
215234
protected GoogleCredential(AccessMethod method, HttpTransport transport, JsonFactory jsonFactory,
216235
String tokenServerEncodedUrl, HttpExecuteInterceptor clientAuthentication,
217236
HttpRequestInitializer requestInitializer, List<CredentialRefreshListener> refreshListeners,
@@ -246,7 +265,9 @@ protected GoogleCredential(AccessMethod method, HttpTransport transport, JsonFac
246265
* flow
247266
* @param clock The clock to use for expiration check
248267
* @since 1.9
268+
* @deprecated (scheduled to be removed in 1.15) Use {@link #GoogleCredential(Builder)}
249269
*/
270+
@Deprecated
250271
protected GoogleCredential(AccessMethod method, HttpTransport transport, JsonFactory jsonFactory,
251272
String tokenServerEncodedUrl, HttpExecuteInterceptor clientAuthentication,
252273
HttpRequestInitializer requestInitializer, List<CredentialRefreshListener> refreshListeners,
@@ -368,22 +389,22 @@ public final String getServiceAccountUser() {
368389
public static class Builder extends Credential.Builder {
369390

370391
/** Service account ID (typically an e-mail address) or {@code null} for none. */
371-
private String serviceAccountId;
392+
String serviceAccountId;
372393

373394
/**
374395
* Space-separated OAuth scopes to use with the the service account flow or {@code null} for
375396
* none.
376397
*/
377-
private String serviceAccountScopes;
398+
String serviceAccountScopes;
378399

379400
/** Private key to use with the the service account flow or {@code null} for none. */
380-
private PrivateKey serviceAccountPrivateKey;
401+
PrivateKey serviceAccountPrivateKey;
381402

382403
/**
383404
* Email address of the user the application is trying to impersonate in the service account
384405
* flow or {@code null} for none.
385406
*/
386-
private String serviceAccountUser;
407+
String serviceAccountUser;
387408

388409
public Builder() {
389410
super(BearerToken.authorizationHeaderAccessMethod());
@@ -392,11 +413,7 @@ public Builder() {
392413

393414
@Override
394415
public GoogleCredential build() {
395-
return new GoogleCredential(getMethod(), getTransport(), getJsonFactory(),
396-
getTokenServerUrl() == null ? null : getTokenServerUrl().build(),
397-
getClientAuthentication(), getRequestInitializer(), getRefreshListeners(),
398-
serviceAccountId, serviceAccountScopes, serviceAccountPrivateKey, serviceAccountUser,
399-
getClock());
416+
return new GoogleCredential(this);
400417
}
401418

402419
@Override

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleRefreshTokenRequest.java

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,8 @@
2828

2929
/**
3030
* Google-specific implementation of the OAuth 2.0 request to refresh an access token using a
31-
* refresh token as specified in <a
32-
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-6">Refreshing an Access
33-
* Token</a>.
31+
* refresh token as specified in <a href="http://tools.ietf.org/html/rfc6749#section-6">Refreshing
32+
* an Access Token</a>.
3433
*
3534
* <p>
3635
* Use {@link GoogleCredential} to access protected resources from the resource server using the

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleTokenResponse.java

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,9 @@
2121

2222
/**
2323
* Google OAuth 2.0 JSON model for a successful access token response as specified in <a
24-
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-5.1">Successful Response</a>,
25-
* including an ID token as specified in <a
26-
* href="http://openid.net/specs/openid-connect-session-1_0.html">OpenID Connect Session Management
27-
* 1.0</a>.
24+
* href="http://tools.ietf.org/html/rfc6749#section-5.1">Successful Response</a>, including an ID
25+
* token as specified in <a href="http://openid.net/specs/openid-connect-session-1_0.html">OpenID
26+
* Connect Session Management 1.0</a>.
2827
*
2928
* <p>
3029
* This response object is the result of {@link GoogleAuthorizationCodeTokenRequest#execute()} and

0 commit comments

Comments
 (0)