Package com.inrupt.client.auth

Authentication and Authorization classes for the Inrupt Java Client Libraries.

The Session interface

In the libraries we make use of the Session interface to share authentication and authorization information when working with HTTP clients.

The anonymous session, in comparison, does not keep a cache of access tokens.

    SolidClient client = SolidClient.getClient().session(Session.anonymous());

The session is also used in the authentication/authorization modules and help create a dedicated session for each implementation. Some examples:

    Session session = OpenIdSession.ofIdToken(token);
    Session sessionWithConfig = OpenIdSession.ofIdToken(token, config);
    Session umaSession = UmaSession.of(session);

HTTP challenges

As part of the HTTP Challenge and Response authentication framework, the Challenge class represents a challenge object as represented in a WWW-Authenticate Response Header. An example code is shown next.

    List<Challenge> challenges = WwwAuthenticate.parse(response.headers()
    System.out.println("The Resource Server uses following authentication options: " + challenges);
    System.out.println("The scheme of the first challenge is: " + challenges.get(0).getScheme());
    System.out.println("The realm (or ID provider) of the first challenge is: "
        + challenges.get(0).getParameter("realm"));
    System.out.println("Authorization server: " + challenges.get(0).getParameter("as_uri");

Client credentials

We make use of the Credential class when working with OIDC ID Tokens. Example code is presented next.

    Credential token = new Credential("Bearer", URI.create(ISS), this.token,, URI.create(WEBID), null);
    final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
    Session session = OpenIdSession.ofIdToken(token, config);
    System.out.println("The token is an OpenID token " + session.getCredential(OpenIdSession.ID_TOKEN).isPresent());


The Authenticator is the interface to call if one wants to develop an own authentication logic.

    class TestAuthenticator implements Authenticator {
        {@literal @}Override
        public String getName() {
            return "TEST";

        {@literal @}Override
        public int getPriority() {
            return 1;

        {@literal @}Override
        public CompletionStage<Credential> authenticate(Session session,
            Request request, Set<String> algorithms) {

If one want to make use of DPoP, the DPoP interface makes available the basic methods for generating a proof or creating a DPoP manager for example.

ReactiveAuthorization is the class which will negotiate for a token based on the WWW-Authenticate header and the Authenticator loaded on the classpath.