Name: auth0-java-mvc-common
Owner: Auth0
Description: Contains common helper classes and api client logic that are used across our Java MVC libraries
Created: 2016-08-08 17:48:45.0
Updated: 2018-04-24 07:31:13.0
Pushed: 2018-04-13 16:36:54.0
Homepage: null
Size: 119
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A Java Jar library that makes easier to integrate Auth0 Authentication on MVC applications.
A few samples are available demonstrating the usage with Java Servlets and Spring:
Via Maven:
endency>
<groupId>com.auth0</groupId>
<artifactId>mvc-auth-commons</artifactId>
<version>1.0.0</version>
pendency>
or Gradle:
ile 'com.auth0:mvc-auth-commons:1.0.0'
POST
.Client Id
, Domain
, and Client Secret
values and use them to configure the controller.AuthenticationController
by using the provided Builder. Read below to learn how to change the default behavior. i.e. using the HS256
Algorithm and Code Grant (default):enticationController controller = AuthenticationController.newBuilder("domain", "client_id", "client_secret")
.build();
AuthenticationController#buildAuthorizeUrl
method. This would normally be done on the component that shows the login page. The builder allows you to customize the parameters requested (i.e. the scope, which by default is openid
) and then obtain the String authorize URL by calling AuthorizeURL#build()
. The builder is not supposed to be reused and a IllegalStateException
will be thrown if the build()
method is called more than once. Redirect the user to this URL and wait for the callback on the given redirectURL
.t the library generate the state/nonce parameters
ng authorizeUrl = authController.buildAuthorizeUrl(request, "https://redirect.uri/here")
.build();
r use custom state/nonce parameters
ng authorizeUrl = authController.buildAuthorizeUrl(request, "https://redirect.uri/here")
.withState("state")
.withNonce("nonce")
.build();
ou can also specify custom parameters
ng authorizeUrl = authController.buildAuthorizeUrl(request, "https://redirect.uri/here")
.withAudience("https://myapi.me.auth0.com")
.withScope("openid create:photos read:photos")
.withState("state")
.withParameter("name", "value")
.build();
redirectURL
.AuthenticationController#handle
method and expect a Tokens
instance back if everything goes well.Keep in mind that this library will not store any value for you, but you can use the SessionUtils
class as a helper to store key-value data in the request's Session Storage.
{
Tokens tokens = authController.handle(request);
//Use or store the tokens
SessionUtils.set(request, "access_token", tokens.getAccessToken());
tch (IdentityVerificationException e) {
String code = e.getCode();
// Something happened when trying to verify the user id
// Check the code to have an idea of what went wrong
That's it! You have authenticated the user using Auth0.
By default, the Code Grant flow will be preferred over other flows. This is the most secure and recommended way, read more about it here. This means that if the response type contains code
along with other types, Code Grant will still be preferred.
You can change the authentication behavior to use Implicit Grant instead. To do this you'll need to check in your Applications's Settings on the Dashboard which Algorithm is used by the Server to sign the tokens. The default algorithm is HS256
, but it can be changed to RS256
in the “Advanced Settings” section on the “OAuth” tab. Below you'll find some configuration examples:
The token's are signed by the Auth0 Server using the Client Secret
.
enticationController authController = AuthenticationController.newBuilder("domain", "clientId", "clientSecret")
.withResponseType("id_token")
.build();
The tokens are signed using the Private Key. To verify them, the Public Key certificate must be obtained from a trusted source like the well-known.json
file, which can be located locally or hosted by a server. For this example, we will use the one Auth0 hosts for your application. We can obtain it using the application's domain:
rovider jwkProvider = new JwkProviderBuilder("domain").build();
enticationController authController = AuthenticationController.newBuilder("domain", "clientId", "clientSecret")
.withResponseType("id_token")
.withJwkProvider(jwkProvider)
.build();
The JwkProvider
returned from the JwkProviderBuilder
it's cached and rate limited, check it's repository to learn how to customize it.
Once you have created the instance of the AuthenticationController
you can enable HTTP logging for all Requests and Responses if you need to debug a specific endpoint. Keep in mind that this will log everything including sensitive information. Don't use it in production environment.
Controller.setLoggingEnabled(true);
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to:
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.