Class PushedAuthorizationRequest

java.lang.Object
cloud.opencode.base.oauth2.par.PushedAuthorizationRequest

public class PushedAuthorizationRequest extends Object
Pushed Authorization Request Client (RFC 9126) 推送授权请求客户端(RFC 9126)

Implements the Pushed Authorization Requests (PAR) protocol as defined in RFC 9126. PAR allows clients to push the payload of an authorization request to the authorization server via a direct request, receiving a request_uri in return that can be used as a reference to the authorization request in a subsequent call to the authorization endpoint.

实现 RFC 9126 定义的推送授权请求(PAR)协议。PAR 允许客户端通过直接请求将授权请求的 有效载荷推送到授权服务器,返回一个 request_uri,可以在后续调用授权端点时作为授权请求的引用。

Features | 主要功能:

  • RFC 9126 compliant pushed authorization requests - 符合 RFC 9126 的推送授权请求
  • Push authorization parameters to PAR endpoint - 推送授权参数到 PAR 端点
  • Build authorization URL from PAR response - 从 PAR 响应构建授权 URL
  • Client authentication via client_id and client_secret - 通过 client_id 和 client_secret 进行客户端认证

Usage Examples | 使用示例:

// Create PAR client
// 创建 PAR 客户端
PushedAuthorizationRequest par = new PushedAuthorizationRequest(
    "https://auth.example.com/par",
    "my-client-id",
    "my-client-secret",
    httpClient
);

// Push authorization parameters
// 推送授权参数
Map<String, String> params = Map.of(
    "response_type", "code",
    "redirect_uri", "https://app.example.com/callback",
    "scope", "openid profile",
    "state", "random-state"
);
ParResponse response = par.push(params);

// Build authorization URL
// 构建授权 URL
String authUrl = par.buildAuthorizationUrl(
    "https://auth.example.com/authorize", response, "my-client-id");
// Redirect user to authUrl

Security | 安全性:

  • Thread-safe: Yes (immutable state, delegates to thread-safe HTTP client) - 线程安全: 是(不可变状态,委托给线程安全的 HTTP 客户端)
  • Null-safe: Yes (validates all inputs) - 空值安全: 是(验证所有输入)
  • Requires HTTPS endpoint - 要求 HTTPS 端点
Since:
JDK 25, opencode-base-oauth2 V1.0.3
Author:
Leon Soo www.LeonSoo.com
See Also:
  • Constructor Details

    • PushedAuthorizationRequest

      public PushedAuthorizationRequest(String parEndpoint, String clientId, String clientSecret, OAuth2HttpClient httpClient)
      Create a new Pushed Authorization Request client. 创建新的推送授权请求客户端。
      Parameters:
      parEndpoint - the PAR endpoint URL | PAR 端点 URL
      clientId - the client ID for authentication | 用于认证的客户端 ID
      clientSecret - the client secret for authentication | 用于认证的客户端密钥
      httpClient - the HTTP client to use | 要使用的 HTTP 客户端
      Throws:
      NullPointerException - if any argument is null | 如果任何参数为 null 则抛出
  • Method Details

    • push

      public ParResponse push(Map<String,String> authorizationParams)
      Push authorization parameters to the PAR endpoint. 推送授权参数到 PAR 端点。

      Sends a POST request to the PAR endpoint with the provided authorization parameters along with client credentials. Returns a ParResponse containing the request_uri that can be used in subsequent authorization requests.

      向 PAR 端点发送 POST 请求,包含提供的授权参数和客户端凭据。返回包含 request_uri 的 ParResponse,可用于后续的授权请求。

      Parameters:
      authorizationParams - the authorization parameters to push | 要推送的授权参数
      Returns:
      the PAR response | PAR 响应
      Throws:
      OAuth2Exception - with PAR_FAILED if the request fails | 如果请求失败则抛出 PAR_FAILED
      OAuth2Exception - with PAR_NOT_SUPPORTED if PAR is not supported | 如果 PAR 不被支持则抛出 PAR_NOT_SUPPORTED
      NullPointerException - if authorizationParams is null | 如果 authorizationParams 为 null 则抛出
    • buildAuthorizationUrl

      public static String buildAuthorizationUrl(String authorizationEndpoint, ParResponse parResponse, String clientId)
      Build an authorization URL using the PAR response. 使用 PAR 响应构建授权 URL。

      Constructs the authorization URL that the user should be redirected to. The URL contains the client_id and the request_uri from the PAR response.

      构建用户应该被重定向到的授权 URL。URL 包含 client_id 和来自 PAR 响应的 request_uri。

      Parameters:
      authorizationEndpoint - the authorization endpoint URL | 授权端点 URL
      parResponse - the PAR response containing request_uri | 包含 request_uri 的 PAR 响应
      clientId - the client ID | 客户端 ID
      Returns:
      the authorization URL | 授权 URL
      Throws:
      NullPointerException - if any argument is null | 如果任何参数为 null 则抛出