/account-sdk-java

Primary LanguageJavaMIT LicenseMIT

account-sdk-java

Build Status

Java SDK for Schibsted account

Downloading

The SDK is published on Maven Central and available via for example Gradle: implementation 'com.schibsted.account:account-sdk-java:<version>'.

Usage

Full API documentation (javadoc) is available here.

Quickstart guide

All operations are performed via the AuthClient. Instantiate it via the object builder:

import com.schibsted.account.AuthClient;
import com.schibsted.account.ClientCredentials;

AuthClient client = new AuthClient.Builder(
    new ClientCredentials(<client id>, <client secret>),
    AuthClient.Environment.PRE)
   .build();

Request a client token

Using your client credentials you can obtain a client token with the necessary scopes:

import com.schibsted.account.token.AccessToken;

AccessToken accessToken = client.clientCredentialsGrant(<scopes>);

Request user tokens

When you have an OAuth authorization code you can obtain user tokens:

import com.schibsted.account.token.UserTokens;

UserTokens userTokens = client.authorizationCodeGrant(<auth code>, <redirect uri>, <expected nonce>);

If the access token has expired, you can obtain a new one by using the refresh token:

UserTokens refreshed = client.refreshTokenGrant(userTokens.getRefreshToken().getToken());

Introspect tokens

When you receive a token it can be introspected to get the associated authorization data. There are two methods of introspection:

  • "remote introspection": by making an introspection request the authorization data is returned from Schibsted account.
  • "local introspection": by verifying the signature and the tokens validity, the authorization data can be read directly from the claims of the token. Note: Some user tokens - those signed with a symmetric secret key - can not be introspected locally. Only remote introspection is supported for those tokens.