Skip to content

OAuth2

Jump to bottom
sea edited this page May 17, 2023 · 33 revisions

Additionally to (or instead of) a user based authentication, your webPDF server may accept OAuth2 authorization tokens to establish the permissions of your session.

Such a token may be requested from an authorization provider (currently the webPDF server supports Azure AD and Auth0).

To pass such a token to the wsclient, you must implement the OAuth2Provider accordingly.

The usage is identical for REST and SOAP - hence only REST usage examples shall be provided.

Simplified the following examples both implement the wsclient interface OAuth2Provider and pass an instance of such an AuthProvider to:

SessionFactory.createInstance(sessionContext, authProvider)

REST - Azure AD - using the msal4j library

// ...
try (RestSession<RestDocument> session = SessionFactory.createInstance(sessionContext,
   // An implementation of "OAuth2Provider" is used to provide an access token:
   (azureSession) -> {
      // Request an access token from the Azure authorization provider:
      ConfidentialClientApplication app = null;
      try {
         app = ConfidentialClientApplication.builder(
            "The ID of the client to authorize",
            ClientCredentialFactory.createFromSecret("The client secret")
         )
         .authority("URL of the authority to request authorization from.")
         .build();
      } catch (MalformedURLException ex) {
         // Occurring exceptions can and should be wrapped as AuthResultExceptions. 
         throw new AuthResultException(ex);
      }
      ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
         Collections.singleton("The scope to claim authorization for.")
      ).build();
      CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
      try {
         IAuthenticationResult authenticationResult = future.get();
         // Create and return the OAuth2 access Token.
         return new OAuth2Token(authenticationResult.accessToken());
      } catch (InterruptedException | ExecutionException ex) {
         // Occurring exceptions can and should be wrapped as AuthResultExceptions.
         throw new AuthResultException(ex);
      }
   })) {
   // ...
}

REST - Auth0 - using the auth0 library

// ...
try (RestSession<RestDocument> session = SessionFactory.createInstance(sessionContext,
   // An implementation of "OAuth2Provider" is used to provide an auth0 access token:
   (auth0session) -> {
      // Request an access token from the Auth0 authorization provider:
      AuthAPI auth = new AuthAPI(
         "URL of the authority to request authorization from.",
         "The ID of the client to authorize",
         "The client secret"
      );
      TokenRequest tokenRequest = auth.requestToken("The Audience to aquire the token for.");
      try {
         // Create and return the OAuth2 access Token.
         return new OAuth2Token(tokenRequest.execute().getAccessToken());
      } catch (Auth0Exception ex) {
         // Occurring exceptions can and should be wrapped as AuthResultExceptions.
         throw new AuthResultException(ex);
      }
   })) {
      // ...
}

Neither the webPDF server nor the wsclient library automatically refresh such access tokens and your implementation of OAuth2Provider is also required to recognize the necessity and provide the means to do this.

Clone this wiki locally