Authentication And Authorization

Authentication and Authorization

Contents

Before you can use CloudClient, you must follow the OAuth 2.0 authorization code flow to gain access to the content stored in a user’s Verizon Personal Cloud Storage account. This is a two-step process: you must first obtain an authorization code, then exchange the authorization code for an access token and a refresh token.

Authentication and Authorization API Calls

  • getAuthorize - starts the OAuth 2.0 authorization flow.
  • getToken - exchanges the authorization code for an access token after the user has authorized the app.

NOTE: These methods are located in CloudAuthClient class.

Authorization Code

To obtain an authorization code, redirect the user to the URL obtained via a call to CloudClient.getAuthClient().authorizeURI(). The user will be prompted to log on to his or her Verizon Personal Cloud Storage account and asked to grant your app access to his or her Verizon Personal Cloud Storage content. Once the user has granted access, a callback will be made from Verizon Personal Cloud Storage servers to the callback URL you specified when you registered your app. The callback will use one or more of the following query parameters:

Parameter Description
code An authorization code; included when the end user has granted access.
error Included if the end user has not granted access to his or her Verizon Personal Cloud Storage content. The state query parameter can be any value.
state If a state query param was provided in your call to the authorization URI, it will be included in the error parameter.

Access Token

To obtain an access token and a refresh token, use a call to CloudClient.getAuthClient().getAccessToken(). The access and refresh tokens are passed in the form of an OauthTokens object. Your app is responsible for persisting the token values.

In the following code snippet, an authorization code has already been obtained via a call to the the URI returned from authorizeURI() endpoint and a callback. The code shows how the CloudClient object is constructed and how an access token is obtained and persisted in a simple HashMap.

Code Sample

public class Application 
{
    private static CloudApp app = new CloudApp(APP_NAME, CLIENT_ID, CLIENT_SECRET, REDIRECT_URI);

    private static final Map<String, OauthTokens> tokensMap = new HashMap<>();

    public void accessToken(HttpSession session, String authorizationCode)
    {
        CloudClientContext context = new CloudClientContext(app, null);                
        CloudClient client = new CloudClient(context);

        // use authorization code to obtain an access token
        OauthTokens tokens = client.getAuthClient().getAccessToken(authorizationCode);

        // optionally, save your tokens for future use
        tokensMap.put(session.getId(), tokens);    
    }
}

Refreshing Access Token

When an access token expires, you can obtain a new one using a refresh token. In general, this is handled inside the Java SDK framework. However, in order to allow your applications to persist new access tokens, you can set up token callback listeners. The example below shows how to use a token event listener to persist tokens.

Code Sample

public class Application 
    {
    
        // APP_NAME, CLIENT_ID, etc values are specific to each third-party application
        private static CloudApp app = new CloudApp(APP_NAME, CLIENT_ID, CLIENT_SECRET, REDIRECT_URI);
        
        private static final Map<String, CloudClient> clientsBySession = new HashMap<>();
        
        private static final Map<String, OauthTokens> tokensMap = new HashMap<>();
        
        public void accessToken(HttpSession session, String authorizationCode)
        {
            CloudClient client = getClient(session);
            
            // use authorization code to obtain an access token
            client.getAuthClient().getAccessToken(authorizationCode);
        }
        
        private CloudClient getClient(final HttpSession session)
        {
            if (session == null)
                throw new IllegalArgumentException("null http session");
            
            OauthTokens tokens = tokensMap.get(session.getId());
            CloudClientContext context = new CloudClientContext(http, app, tokens);
            CLoudClient client = new CloudClient(context);
            client.addListener(new OauthTokensListener() {
                @Override
                public void updateTokens(OauthTokens oldTokens, OauthTokens newTokens) {
                    tokensMap.put(session.getId(), newTokens);
                }
            });
            return client;
        }
    }

Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.