Package com.inrupt.client.uma

package com.inrupt.client.uma

User Managed Access support for the Inrupt Java Client Libraries.

UMA builds on the OAuth 2.0 authorization framework, defining a mechanism by which a client can iteratively negotiate for an access token.

UmaClient helps in the interaction with different endpoints, to construct helper requests for authentication and to negotiate for a token.

Discovering the UMA configuration

    URI asUri = URI.create("https://example.example/as_uri");
    UmaClient client = new UmaClient();
    Metadata metadata = client.metadata(asUri).toCompletableFuture().join();

    System.out.println("Token endpoint is: " + metadata.tokenEndpoint);
    System.out.println("JWKs endpoint is: " + metadata.jwksUri);
 

Negotiating for a token

UMA defines an OAuth 2.0 profile by which applications can negotiate for an access token through an iterative claims gathering process.

    URI asUri = URI.create("https://example.example/as_uri");
    UmaClient client = new UmaClient();
    Metadata metadata = client.metadata(asUri).toCompletableFuture().join();
    String idToken = "oidc-id-token";
    String ticket = "ticket-need-info-oidc-requirement";
    TokenRequest req = new TokenRequest(ticket, null, null, null, null);

    TokenResponse token = client.metadata(asUri)
        .thenCompose(metadata ->
            client.token(metadata.tokenEndpoint, req, needInfo ->
                CompletableFuture.completedFuture(ClaimToken.of(idToken, ID_TOKEN_CLAIM_TOKEN_FORMAT))))
        .toCompletableFuture().join();

    System.out.println("Access token is:" + token.accessToken);
    System.out.println("Token type is:" + token.tokenType);
 

Interpreting different token negotiation problems

    URI asUri = URI.create("https://example.example/as_uri");
    UmaClient client = new UmaClient();
    Metadata metadata = client.metadata(asUri).toCompletableFuture().join();
    String idToken = "oidc-id-token";
    String ticket = "ticket-need-info-oidc-requirement";
    TokenRequest req = new TokenRequest(ticket, null, null, null, null);

    final CompletionException err = assertThrows(CompletionException.class, client.metadata(asUri)
                .thenCompose(metadata ->
                    client.token(metadata.tokenEndpoint, req, needInfo -> {
                            throw new UmaException("Unable to negotiate a simple token");
                        }))
                .toCompletableFuture()::join);

    if (err.getCause() instanceof RequestDeniedException) {
        System.out.println("Encountered a request denied");
    }
    if (err.getCause() instanceof InvalidScopeException) {
        System.out.println("An invalid scope was provided");
    }
 

Related Packages

Package	Description
com.inrupt.client	Application interfaces for the Inrupt Java Client Libraries.

Class	Description
ClaimGatheringHandler	A handler capable of gathering claims for a given type, from a given issuer.
ClaimToken	A class representing an UMA claim token and the associated type value.
ErrorResponse	A concrete error response class from the UMA server.
InvalidGrantException	An invalid grant error from the UMA server.
InvalidScopeException	An invalid scope error from the UMA server.
Metadata	A class representing an UMA discovery document.
NeedInfo	A class representing a need_info error response from an UMA server.
RequestDeniedException	A request denied error from the UMA server.
RequiredClaims	A class representing the required claims that are part of an UMA interactive exchange.
TokenRequest	An UMA token request class.
TokenResponse	An UMA token response class.
UmaAuthenticationProvider	An authentication mechanism that makes use of User Managed Access (UMA) authorization servers.
UmaClient	An UMA client implmentation.
UmaException	A runtime exception for use with UMA-related errors.