com.fangcloud.sdk.auth

Class YfyWebAuth.Request.Builder

java.lang.Object

com.fangcloud.sdk.auth.YfyWebAuth.Request.Builder

Enclosing class:

YfyWebAuth.Request

public static final class YfyWebAuth.Request.Builder
extends Object

Builder for OAuth2 requests. Use this builder to configure the OAuth authorization flow.

Constructor Summary

Constructors

Constructor and Description
YfyWebAuth.Request.Builder()

Method Summary

Methods

Modifier and Type	Method and Description
YfyWebAuth.Request	build() Returns a new OAuth YfyWebAuth.Request that can be used in YfyWebAuth.YfyWebAuth(YfyRequestConfig) to authorize a user.
YfyWebAuth.Request.Builder	withNoRedirect() Do not redirect the user after authorization has completed (default).
YfyWebAuth.Request.Builder	withRedirectUri(String redirectUri, YfySessionStore sessionStore) Where to redirect the user after authorization has completed.
YfyWebAuth.Request.Builder	withState(String state) Up to 476 bytes of arbitrary data that will be passed back to your redirect URI.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

YfyWebAuth.Request.Builder

public YfyWebAuth.Request.Builder()

Method Detail

withNoRedirect

public YfyWebAuth.Request.Builder withNoRedirect()

Do not redirect the user after authorization has completed (default).

After a user authorizes the app using the authorization URL, a code will be displayed that they must copy and paste into your app. If you want users to be redirected after authorization back to your app, use withRedirectUri(java.lang.String, com.fangcloud.sdk.YfySessionStore) instead. Websites should always provide a redirect URI.

Returns:

this builder

withRedirectUri

public YfyWebAuth.Request.Builder withRedirectUri(String redirectUri,
                                         YfySessionStore sessionStore)

Where to redirect the user after authorization has completed.

This must be the exact URI registered in the App Console; even "localhost" must be listed if it is used for testing. All redirect URIs must be HTTPS except for localhost URIs. If the redirect URI is omitted, the code will be presented directly to the user and they will be invited to enter the information in your app.

The given session store will be used for storing the Cross-Site Request Forgery (CSRF) nonce generated during the authorization flow. To prevent CSRF attacks, YfyWebAuth appends a nonce to each authorization request. When the authorization flow is complete, the returned nonce is compared with the one in the store to ensure the response is valid. A session store must be specified if a redirect URI is set.

Parameters:

redirectUri - URI to redirect authorization response, never null.

sessionStore - Session store to use for storing CSRF nonces across requests, never null.

Returns:

this builder

Throws:

NullPointerException - if either redirectUri or sessionStore is null

withState

public YfyWebAuth.Request.Builder withState(String state)

Up to 476 bytes of arbitrary data that will be passed back to your redirect URI.

Note that YfyWebAuth will always automatically append a nonce to the state to protect against cross-site request forgery. This is true even if no state is provided.

State should only be provided if a redirect URI is provided as well, otherwise build() will throw an IllegalStateException.

Parameters:

state - additional state to pass back to the redirect URI, or null to pass back no additional state.

Returns:

this builder

Throws:

IllegalArgumentException - if state is greater than 476 bytes

build

public YfyWebAuth.Request build()

Returns a new OAuth YfyWebAuth.Request that can be used in YfyWebAuth.YfyWebAuth(YfyRequestConfig) to authorize a user.

Returns:

new OAuth YfyWebAuth.Request configuration.

Throws:

IllegalStateException - if withState(java.lang.String) was called with a non-null value, but no redirect URI was specified.