-
Notifications
You must be signed in to change notification settings - Fork 95
Expand file tree
/
Copy pathPKCEOAuthExample.java
More file actions
84 lines (71 loc) · 3.44 KB
/
PKCEOAuthExample.java
File metadata and controls
84 lines (71 loc) · 3.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package example.auth;
import com.coze.openapi.client.auth.GetPKCEAuthURLResp;
import com.coze.openapi.client.auth.OAuthToken;
import com.coze.openapi.service.auth.PKCEOAuthClient;
import com.coze.openapi.service.auth.TokenAuth;
import com.coze.openapi.service.config.Consts;
import com.coze.openapi.service.service.CozeAPI;
/*
How to effectuate OpenAPI authorization through the OAuth Proof Key for Code Exchange method.
PKCE stands for Proof Key for Code Exchange, and it's an extension to the OAuth 2.0 authorization
code flow designed to enhance security for public clients, such as mobile and single-page
applications.
Firstly, users need to access https://www.coze.com/open/oauth/apps. For the cn environment,
users need to access https://www.coze.cn/open/oauth/apps to create an OAuth App of the type
of Mobile/PC/Single-page application.
The specific creation process can be referred to in the document:
https://www.coze.com/docs/developer_guides/oauth_pkce. For the cn environment, it can be
accessed at https://www.coze.cn/docs/developer_guides/oauth_pkce.
After the creation is completed, the client ID can be obtained.
* */
public class PKCEOAuthExample {
public static void main(String[] args) {
String redirectURI = System.getenv("COZE_PKCE_OAUTH_REDIRECT_URI");
String clientID = System.getenv("COZE_PKCE_OAUTH_CLIENT_ID");
/*
* The default access is api.coze.com, but if you need to access api.coze.cn,
* please use base_url to configure the api endpoint to access
*/
String cozeAPIBase = System.getenv("COZE_API_BASE");
if (cozeAPIBase == null || cozeAPIBase.isEmpty()) {
cozeAPIBase = Consts.COZE_COM_BASE_URL;
}
PKCEOAuthClient oauth =
new PKCEOAuthClient.PKCEOAuthBuilder().clientID(clientID).baseURL(cozeAPIBase).build();
/*
In the SDK, we have wrapped up the code_challenge process of PKCE. Developers only need
to select the code_challenge_method.
* */
GetPKCEAuthURLResp oauthURL =
oauth.genOAuthURL(redirectURI, "states", PKCEOAuthClient.CodeChallengeMethod.S256);
System.out.println(oauthURL);
/*
* The space permissions for which the Access Token is granted can be specified. As following codes:
* oauthURL = oauth.genOAuthURL(redirectURI, "state", PKCEOAuthClient.CodeChallengeMethod.S256, "workspaceID");
* System.out.println(oauthURL);
* */
/*
After the user clicks the authorization consent button, the coze web page will redirect
to the redirect address configured in the authorization link and carry the authorization
code and state parameters in the address via the query string.
Get from the query of the redirect interface: query.get('code')
* */
String code = "mock code";
/*
After obtaining the code after redirection, the interface to exchange the code for a
token can be invoked to generate the coze access_token of the authorized user.
The developer should use code verifier returned by genOAuthURL() method
* */
OAuthToken resp = oauth.getAccessToken(code, redirectURI, oauthURL.getCodeVerifier());
System.out.println(resp);
// use the access token to init Coze client
CozeAPI coze =
new CozeAPI.Builder()
.auth(new TokenAuth(resp.getAccessToken()))
.baseURL(cozeAPIBase)
.build();
// When the token expires, you can also refresh and re-obtain the token
resp = oauth.refreshToken(resp.getRefreshToken());
System.out.println();
}
}