Integrate the OAuth Implicit Code
This topic describes the Java SDK OAuth Implicit flow integration.
Overview
The Implicit flow is required for apps and websites that have no back end logic on the web server, and everything that is passed between the app or website and the Authorization server which can be viewed using browser development tools.
Use the Implicit Flow for applications that cannot maintain the secrecy of a client secret (for example, browser-based applications).
The application obtains an access token directly in an authorization request (via a redirect), over a secure communication channel, with no intermediate authorization code requested or returned.
Before you begin
- Set up OAuth2 Client Application in your tenant.
Make sure that
Implicitis checked asAuth methodsin theTokenstab. - Refer to CyberArk Identity Java SDK reference for more information on the Java SDK.
Integrate the SDK
Follow the steps below to use this SDK to get the access_token.
Step 1: Configure an OAuthClient instance using the Java SDK
- Import the SDK as specified in the Before you get started section.
- Pass the required parameters to create the
OAuthClientinstance.
import com.cyberark.client.OAuthClient;
// client secret parameter is not required for Implicit grant flow
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_USER_ID);
Step 2: Build the authorize URL
Create an AuthorizeUrlBuilder to authenticate the user with the CyberArk Identity provider. The redirectUri must be white-listed in the Redirect destinations section under the General Usage section of the OAuth client application.
Using the OAuthClient instance, call the following builder methods.
AuthorizeUrlBuilder authorizeUrlBuilder = oauthClient.authorizeUrl(YOUR_REDIRECT_URL)
.setResponseType("token")
.setScope(YOUR_SCOPE);
// To get authorize URL
String authURL = authorizeUrlBuilder.build();
https://YOUR_TENANT_URL/OAuth2/Authorize/YOUR_OAUTH_APPLICATION_ID?redirect_uri=YOUR_REDIRECT_URI&client_id=YOUR_USER_ID&scope=YOUR_SCOPE&response_type=token
Redirect to the authorize URL obtained above and post authentication with CyberArk Identity. In case of unauthentication, receive the access_token as part of the redirected URL mentioned above.
https://YOUR_REDIRECT_URI#access_token=YOUR_ACCESS_TOKEN&token_type=Bearer&expires_in=18000&scope=all
Common Methods
For common methods, such as refreshToken, revokeToken and claims, refer to CyberArk Identity Java SDK reference.
Updated 11 months ago