OAuth2KtorClient
class OAuth2KtorClient(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, loadClientAttestationJwt: suspend () -> String? = null, signClientAttestationPop: SignJwtFun<JsonWebToken>? = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderNone()), signDpop: SignJwtFun<JsonWebToken> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), dpopAlgorithm: JwsAlgorithm = JwsAlgorithm.Signature.ES256, val oAuth2Client: OAuth2Client, randomSource: RandomSource = RandomSource.Secure)(source)
Implements the client side of OAuth2
Supported features:
Constructors
Link copied to clipboard
constructor(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, loadClientAttestationJwt: suspend () -> String? = null, signClientAttestationPop: SignJwtFun<JsonWebToken>? = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderNone()), signDpop: SignJwtFun<JsonWebToken> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), dpopAlgorithm: JwsAlgorithm = JwsAlgorithm.Signature.ES256, oAuth2Client: OAuth2Client, randomSource: RandomSource = RandomSource.Secure)
Properties
Functions
Link copied to clipboard
suspend fun applyAuthnForToken(oauthMetadata: OAuth2AuthorizationServerMetadata, popAudience: String, resourceUrl: String, httpMethod: HttpMethod, useDpop: Boolean, dpopNonce: String? = null): HttpRequestBuilder.() -> Unit
Sets the appropriate headers when accessing a token endpoint, i.e., performs client authentication, also sign DPoP proof when useDpop is set.
Link copied to clipboard
suspend fun applyToken(tokenResponse: TokenResponseParameters, resourceUrl: String, httpMethod: HttpMethod, dpopNonce: String? = null): HttpRequestBuilder.() -> Unit
Sets the appropriate headers when accessing resourceUrl, by reading data from tokenResponse, i.e. HttpHeaders.Authorization and probably HttpHeaders.DPoP.
Link copied to clipboard
suspend fun requestTokenWithAuthCode(oauthMetadata: OAuth2AuthorizationServerMetadata, url: String, authorizationServer: String, state: String, scope: String? = null, authorizationDetails: Set<OpenIdAuthorizationDetails>? = null): KmmResult<TokenResponseWithDpopNonce>
Uses the auth code to request an access token.
Link copied to clipboard
suspend fun requestTokenWithPreAuthorizedCode(oauthMetadata: OAuth2AuthorizationServerMetadata, authorizationServer: String, preAuthorizedCode: String, transactionCode: String?, scope: String?, authorizationDetails: Set<OpenIdAuthorizationDetails>): KmmResult<TokenResponseWithDpopNonce>
Uses a pre-authorized code from the authorization server to request an access token.
Link copied to clipboard
suspend fun requestTokenWithRefreshToken(oauthMetadata: OAuth2AuthorizationServerMetadata, credentialIssuer: String, refreshToken: String, scope: String?, authorizationDetails: Set<OpenIdAuthorizationDetails>): KmmResult<TokenResponseWithDpopNonce>
Uses the refresh token to request a new access token.
Link copied to clipboard
suspend fun requestTokenWithTokenExchange(oauthMetadata: OAuth2AuthorizationServerMetadata, authorizationServer: String, subjectToken: String, resource: String?): KmmResult<TokenResponseWithDpopNonce>
Uses an access token from another client to request a new access token, see RFC8693 OAuth 2.0 Token Exchange.
Link copied to clipboard
suspend fun startAuthorization(oauthMetadata: OAuth2AuthorizationServerMetadata, authorizationServer: String, state: String = uuid4().toString(), issuerState: String? = null, authorizationDetails: Set<OpenIdAuthorizationDetails>? = null, scope: String? = null): KmmResult<OAuth2KtorClient.OpenUrlForAuthnRequest>
Builds the authorization request (AuthenticationRequestParameters) to start authentication at the authorization server.