Package com.sodius.oslc.client.oauth

Class OAuthHeaders

  • public class OAuthHeaders
extends Object
    Defines headers used to perform authentication challenges between OSLC applications.
    Since:
    1.9.0

    • Field Detail

      • X_COM_SODIUS_OAUTH_DANCE_AUTO_START

        public static final String X_COM_SODIUS_OAUTH_DANCE_AUTO_START
        A request header whose boolean value controls the OAuth dance made for accessing an OSLC remote resource from the OAuth client.

        By default, if the client has not yet an OAuth token to access the remote application (i.e. the user hasn't yet authenticated), it will automatically start the OAuth dance. This means it will ask the remote application to generate an OAuth request token and to provide the authorization URL. Setting this header value to false makes the client to immediately return HTTP 401 in that case, without starting the OAuth dance and without even reaching the OSLC remote application. This can notably be interesting when requesting a Compact view of a linked OSLC resource, as the user navigates to a page and is not actively requesting anything yet, so an OAuth challenge is not immediately triggered.

        This header might be set by front-end to instruct its server not to auto start an OAuth dance. On server side, this header should be set as a boolean attribute on the Resource object for the OslcClient to use it, as we don't want the header to be sent to remote application.

        Since:
        1.14.0
        See Also:
        Constant Field Values

      • X_COM_SODIUS_OAUTH_REDIRECT_LOCATION

        public static final String X_COM_SODIUS_OAUTH_REDIRECT_LOCATION
        The response header returned by SodiusWillert applications when a request requires a login to a remote OSLC friend application.
        See Also:
        Constant Field Values

      • X_COM_SODIUS_OAUTH_DOWNSTREAM_REDIRECT_LOCATION

        public static final String X_COM_SODIUS_OAUTH_DOWNSTREAM_REDIRECT_LOCATION
        The response header returned by SodiusWillert applications when a request requires a login to a third-party application (i.e: not an OSLC friend).
        See Also:
        Constant Field Values

      • X_COM_SODIUS_OAUTH_APPROVAL_MODULE_LOCATION

        public static final String X_COM_SODIUS_OAUTH_APPROVAL_MODULE_LOCATION
        The response header returned by SodiusWillert applications when a request for creating a friend requires a provisional consumer key.
        Since:
        1.11.0
        See Also:
        Constant Field Values

      • X_COM_IBM_TEAM_REPOSITORY_WEB_AUTH_MSG

        public static final String X_COM_IBM_TEAM_REPOSITORY_WEB_AUTH_MSG
        The response header returned by a Jazz application when the response status is HTTP 200 and content is a login form, to indicate user authentication is required.
        See Also:
        Constant Field Values

      • X_JAZZ_WEB_OAUTH_URL

        public static final String X_JAZZ_WEB_OAUTH_URL
        The response header returned by a Jazz application when a request requires an authentication to a third-party. It contains the URL to log into the third-party application.

        SodiusWillert applications should also include this response header, along with the WWW_AUTHENTICATE_DOWNSTREAM header if:

        1. the original request comes from a Jazz application
        2. the original request does not accept the HTML media type
        3. the SodiusWillert application has to request another Jazz application and receives an authentication challenge with this header
        Typical use case: the SodiusWillert application receives a request with a config context containing a global configuration URL. In this case the SodiusWillert application has to query the Jazz GCM application to resolve the configuration context.
        See Also:
        Constant Field Values