Перейти к содержанию

SignerClient > AuthorizationSession


class AuthorizationSession(url: String, tokenId: String, permissions: List<String>)

Client-side refresh-token authorization

After establishing authorisation session establish(_:) keeps refreshing both access and refresh tokens on demand. In case of refresh token expiration throws and is no longer functional untill a new session is established.

For multiple parallel sessions one should provide distinct tokenId(s) yet stable for every session (e.g. device ID etc.)

  • Note: does not perform periodic refresh while idle, so the session would inevitably expire if not called long enough. One may, however periodicaly call refresh() method



url authorisation service endpoint (HTTP(S))
tokenId authorisation session ID, controls multiple parallel sessions
permissions list of required permissions for this session
val auth = AuthorizationSession(
                url = "https://api-cloud-dev.spatium.io/authorization/v1",
                tokenId = UUID.randomUUID().toString(),
                listOf("read", "secret")

val data = jsonPost(
    mapOf(Pair("request-id", UUID.randomUUID().toString())),
    CredentialsRequest(username = "mario", password = "123456"),


val first = auth.getPermissionToken()



val second = auth.getPermissionToken()

assertFalse(first == second) 


AuthorizationSession [androidJvm]
constructor(url: String, tokenId: String, permissions: List<String>)


Name Summary
establish [androidJvm]
suspend fun establish(securityTokens: List<String>)
Espablish a new authorisation session, replacing the prevoius one, if any.
getPermissionToken [androidJvm]
suspend fun getPermissionToken(): String
Get current permission (access) token
refresh [androidJvm]
suspend fun refresh()
Manually refresh session