//identityserver.haapi.android.sdk/se.curity.identityserver.haapi.android.sdk/HaapiTokenManager

HaapiTokenManager

android jvm

class HaapiTokenManager(config: HaapiTokenManager.Config) : Closeable

HaapiTokenManager instances obtain, store, and use the access tokens required on any access to HAAPI, including performing the attestation protocol required to authenticate the client application.

The recommended way to create a HaapiTokenManager instance in Kotlin is to use the constructor parameterized by an initialization function.


    val tokenEndpointUri: URI = ...  
    val clientId: String = ...  
    val haapiTokenManager = HaapiTokenManager(tokenEndpointUri, clientId) {  
        keyStoreAlias = "the-alias-for-the-key-store-entry-where-keys-are-stored"  
        // other configuration properties are available  
    }

Both the token endpoint URI and the client ID are mandatory configuration properties without default values.

The recommended way to create a HaapiTokenManager instance in Java is to use HaapiTokenManager.Builder


    URI tokenEndpointUri = ...  
    String clientId = ...  
    HaapiTokenManager tokenManager = new HaapiTokenManager.Builder(tokenEndpointUri, clientId)  
        .setKeyStoreAlias("the-alias-for-the-key-store-entry-where-keys-are-stored")  
        // other setters are available  
        .build()

There cannot be more than one active HaapiTokenManager instance using the same key store entry alias. An IllegalArgumentException exception is thrown when a HaapiTokenManager instance is created and there is already one active instance with the same key store entry alias. The used alias can be configured when creating the instance. The property HaapiTokenManager.config provides visibility on the configured alias.

A HaapiTokenManager instance can be closed via the HaapiTokenManager.close method. This will remove the stored key pairs and allow other instances to use the same alias. When trying to use the access token of a closed HaapiTokenManager an IllegalStateException is thrown. Note that a call to HaapiTokenManager.close may block if the instance is being used.

A HaapiTokenManager can be used to configure an OkHTTP interceptor (see se.curity.identityserver.haapi.android.sdk.okhttp.OkHttpUtils) or to directly provide the access token and proof token needed on a request that uses DPoP. The last option is provided by the getDPoPTokensFor method and allows a token manager to be used with any HTTP client library.

HaapiTokenManager uses HttpURLConnection instances to communicate with Curity Identity Server, namely to perform the attestation protocol and retrieve access tokens. These connections can be customized via the Config.connectionProvider property, i.e, by providing a provider function that given an URL returns a properly configured HttpURLConnection. Use cases for this are: configuring SSL/TLS behaviour, using HTTP proxies, adding headers.

The recommended way of using HaapiTokenManager is to have a singleton instance used by the client application during its complete lifetime. Creating more than one instance is only required in rather advanced use cases, such as when the same application uses more than one authorization server.


    // at file level  
    val theGlobalTokenManager = HaapiTokenManager(tokenEndpointUri, clientId) {  
        keyStoreAlias = "alias-for-the-global-token-manager"  
        // other configuration properties are available  
    }

Constructors

Name Summary
HaapiTokenManager
android jvm

fun HaapiTokenManager(tokenEndpointUri: URI, clientId: String, init: HaapiTokenManager.MutableConfig.() -> Unit = {})Use this constructor to create a new HaapiTokenManager instance.
| HaapiTokenManager|

android jvm

fun HaapiTokenManager(config: HaapiTokenManager.Config)

Types

Name Summary
Builder
android jvm


Content
class Builder(tokenEndpointUri: URI, clientId: String)

more info


Builder-style class, designed to be used from Java source code.


| Config|
android jvm


Content
class Config(tokenEndpointUri: URI, clientId: String, isAllowedUri: UriPredicate, keyStoreAlias: String, minTokenTtl: Duration, connectionProvider: HttpURLConnectionProvider)

more info


Immutable configuration.


| MutableConfig|
android jvm


Content
class MutableConfig(tokenEndpointUri: URI, clientId: String)

more info


Mutable configuration.


Functions

Name Summary
clear
android jvm


Content
fun clear()

more info


Clears any stored tokens and associated keys.


| close|
android jvm


Content
open override fun close()

more info


Closes this token manager instance, freeing the used key store entry.


| equals|
android jvm


Content
open operator fun equals(other: Any?): Boolean


| getDPoPTokensFor|

android jvm


Content
fun getDPoPTokensFor(method: String, uri: URI): DPoPAccessAndProofTokens

more info


Returns valid access token and associated DPoP information.


| hashCode|
android jvm


Content
open fun hashCode(): Int


| toString|

android jvm


Content
open fun toString(): String


Properties

Name Summary
config
android jvm

val config: HaapiTokenManager.ConfigRead-only configuration exposing the configuration used when building the instance.