Package com.inrupt.client.auth
Authentication and Authorization classes for the Inrupt Java Client Libraries.
The Session interface
In the libraries we make use of the Session
interface to share authentication and
authorization information when working with HTTP clients.
The anonymous session, in comparison, does not keep a cache of access tokens.
SolidClient client = SolidClient.getClient().session(Session.anonymous());
The session is also used in the authentication/authorization modules and help create a dedicated session for each implementation. Some examples:
Session session = OpenIdSession.ofIdToken(token);
Session sessionWithConfig = OpenIdSession.ofIdToken(token, config);
Session umaSession = UmaSession.of(session);
HTTP challenges
As part of the HTTP Challenge and Response authentication framework, the Challenge
class represents a
challenge object as represented in a WWW-Authenticate Response Header. An example code is shown next.
List<Challenge> challenges = WwwAuthenticate.parse(response.headers()
.firstValue("WWW-Authenticate").get()).getChallenges();
System.out.println("The Resource Server uses following authentication options: " + challenges);
System.out.println("The scheme of the first challenge is: " + challenges.get(0).getScheme());
System.out.println("The realm (or ID provider) of the first challenge is: "
+ challenges.get(0).getParameter("realm"));
System.out.println("Authorization server: " + challenges.get(0).getParameter("as_uri");
Client credentials
We make use of the Credential
class when working with OIDC ID Tokens. Example code is presented next.
Credential token = new Credential("Bearer", URI.create(ISS), this.token,
Instant.now().plusSeconds(3600), URI.create(WEBID), null);
...
final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
.toCompletableFuture().join();
....
Session session = OpenIdSession.ofIdToken(token, config);
System.out.println("The token is an OpenID token " + session.getCredential(OpenIdSession.ID_TOKEN).isPresent());
Authentication
The Authenticator
is the interface to call if one wants to develop an own authentication logic.
class TestAuthenticator implements Authenticator {
{@literal @}Override
public String getName() {
return "TEST";
}
{@literal @}Override
public int getPriority() {
return 1;
}
{@literal @}Override
public CompletionStage<Credential> authenticate(Session session,
Request request, Set<String> algorithms) {
...
}
}
If one want to make use of DPoP, the DPoP
interface makes available the basic
methods for generating a proof or creating a DPoP manager for example.
ReactiveAuthorization
is the class which will negotiate for a token based on the WWW-Authenticate header
and the Authenticator loaded on the classpath.
-
Interface Summary Interface Description Authenticator An interface for handling authentication challenges.DPoP An abstraction for working with OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP).Session An interface for working with session objects. -
Class Summary Class Description Challenge Part of the HTTP Challenge and Response authentication framework, this class represents a challenge object as represented in a WWW-Authenticate Response Header.Credential A credential that can be used with Solid resource servers.ReactiveAuthorization A class for negotiating for a supportedAuthenticationProvider
based on theWWW-Authenticate
headers received from a resource server.