Package com.inrupt.client.auth

package com.inrupt.client.auth

Authentication and Authorization classes for the Inrupt Java Client Libraries.

The Session interface

In the libraries we make use of the Session interface to share authentication and authorization information when working with HTTP clients.

The anonymous session, by contrast, does not keep a cache of access tokens.

    SolidClient client = SolidClient.getClient().session(Session.anonymous());

The session is also used in the authentication/authorization modules and helps create a dedicated session for each implementation. Some examples:

    Session openidSession = OpenIdSession.ofIdToken(token);
    Session openidSessionWithConfig = OpenIdSession.ofIdToken(token, config);
    Session accessGrantSession = AccessGrantSession.ofAccessGrant(openidSession, accessGrant);

HTTP challenges

As part of the HTTP Challenge and Response authentication framework, the Challenge class represents a challenge object as represented in a WWW-Authenticate Response Header. An example code is shown next.

    List<Challenge> challenges = WwwAuthenticate.parse(response.headers()
    System.out.println("The Resource Server uses following authentication options: " + challenges);
    System.out.println("The scheme of the first challenge is: " + challenges.get(0).getScheme());
    System.out.println("The realm (or ID provider) of the first challenge is: "
        + challenges.get(0).getParameter("realm"));
    System.out.println("Authorization server: " + challenges.get(0).getParameter("as_uri");

Client credentials

We make use of the Credential class when working with OIDC ID Tokens. Example code is presented next.

    Credential token = new Credential("Bearer", URI.create(ISS), this.token,, URI.create(WEBID), null);
    final Optional<Credential> credential = session.authenticate(null, Collections.emptySet())
    Session session = OpenIdSession.ofIdToken(token, config);
    System.out.println("The token is an OpenID token " + session.getCredential(OpenIdSession.ID_TOKEN).isPresent());


The Authenticator is the interface to call if you want to develop your own authentication logic.

    class TestAuthenticator implements Authenticator {
        {@literal @}Override
        public String getName() {
            return "TEST";

        {@literal @}Override
        public int getPriority() {
            return 1;

        {@literal @}Override
        public CompletionStage<Credential> authenticate(Session session,
            Request request, Set<String> algorithms) {

If you want to make use of DPoP, the DPoP interface makes available the basic methods for generating a proof or creating a DPoP manager, for example.

ReactiveAuthorization is the class which will negotiate for a token based on the WWW-Authenticate header and the Authenticator loaded on the classpath.

  • Class
    An interface for handling authentication challenges.
    Part of the HTTP Challenge and Response authentication framework, this class represents a challenge object as represented in a WWW-Authenticate Response Header.
    A credential that can be used with Solid resource servers.
    An abstraction for working with OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP).
    A class for negotiating for a supported AuthenticationProvider based on the WWW-Authenticate headers received from a resource server.
    An interface for working with session objects.