OAuth Token Endpoint Client for Java

Description

Client helper for OAuth 2.0 Token endpoint. Supports "Client Credentials" flow with "client_secret", RS256 JWT "client_assertion" and custom grants.

Features

• Client Credentials Grant (2-Legged OAuth)
• "client_secret" authentication
• "private_key_jwt" authentication method as defined in Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants and OpenID Connect Core 1.0
• Custom grant support. I.e. for custom assertion grants.
• Access token caching. Uses in-memory cache by default. Caching key includes all parameters, so it is safe to use with more than one Authorization Server, credential set or OAuth scope list.

This library only interacts with token endpoint and receives access_token. It is not designed to be used for flows involving authorization endpoint

If you need support for other grant types or authentication methods, please check some other implementations.

Getting started

Install with Maven:

<dependency>
    <groupId>com.scalepoint</groupId>
    <artifactId>oauth-token-client</artifactId>
    <version>1.1.1</version>
</dependency>

Obtaining access token from token endpoint is as simple as this:

private_key_jwt

ClientCredentialsGrantTokenClient tokenClient = new ClientCredentialsGrantTokenClient(
                                tokenEndpointUri,
                                new JwtBearerClientAssertionCredentials(
                                    tokenEndpointUri,
                                    clientId,
                                    keyPair
                          ));

String accessToken = tokenClient.getToken("scope1", "scope2");

Check here for how you can load "keyPair" from .jks or .pfx file containing only one certificate and key for test purposes.

client_secret

ClientCredentialsGrantTokenClient tokenClient = new ClientCredentialsGrantTokenClient(
                                tokenEndpointUri,
                                new ClientSecretCredentials(clientId, clientSecret)
                          );

String accessToken = tokenClient.getToken("scope1", "scope2");

Using Proxies

The token client respects the proxy settings in the system properties, e.g. http.proxyHost or http.proxyPort.

However in some cases the OAuth server needs to be accessed through a different proxy than the resource server. In these cases the OAuth server's proxy can be set like this:

String proxyHost = "proxy.example.com"; // ip address works as well
int    proxyPort = 8080;
tokenClient.setProxy(proxyHost, proxyPort);