Integrate the OAuth Implicit Code

This topic describes the Java SDK OAuth Implicit flow integration.

Overview

The Implicit flow is required for apps and websites that have no back end logic on the web server, and everything that is passed between the app or website and the Authorization server which can be viewed using browser development tools.
Use the Implicit Flow for applications that cannot maintain the secrecy of a client secret (for example, browser-based applications).
The application obtains an access token directly in an authorization request (via a redirect), over a secure communication channel, with no intermediate authorization code requested or returned.

Before you begin

Integrate the SDK

Follow the steps below to use this SDK to get the access_token.

Step 1: Configure an OAuthClient instance using the Java SDK

  • Import the SDK as specified in the Before you get started section.
  • Pass the required parameters to create the OAuthClient instance.
import com.cyberark.client.OAuthClient;

// client secret parameter is not required for Implicit grant flow
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_USER_ID);

Step 2: Build the authorize URL

Create an AuthorizeUrlBuilder to authenticate the user with the CyberArk Identity provider. The redirectUri must be white-listed in the Redirect destinations section under the General Usage section of the OAuth client application.

Using the OAuthClient instance, call the following builder methods.

AuthorizeUrlBuilder authorizeUrlBuilder = oauthClient.authorizeUrl(YOUR_REDIRECT_URL)
    .setResponseType("token")
    .setScope(YOUR_SCOPE);

// To get authorize URL
String authURL = authorizeUrlBuilder.build();
https://YOUR_TENANT_URL/OAuth2/Authorize/YOUR_OAUTH_APPLICATION_ID?redirect_uri=YOUR_REDIRECT_URI&client_id=YOUR_USER_ID&scope=YOUR_SCOPE&response_type=token

Redirect to the authorize URL obtained above and post authentication with CyberArk Identity. In case of unauthentication, receive the access_token as part of the redirected URL mentioned above.

https://YOUR_REDIRECT_URI#access_token=YOUR_ACCESS_TOKEN&token_type=Bearer&expires_in=18000&scope=all

Common Methods

For common methods, such as refreshToken, revokeToken and claims, refer to CyberArk Identity Java SDK reference.