SignerClient > AuthorizationSession
AuthorizationSession
class AuthorizationSession(url: String, tokenId: String, permissions: List<String>)
Client-side refresh-token authorization
After establishing authorisation session establish(_:) keeps refreshing both access and refresh tokens on demand. In case of refresh token expiration throws and is no longer functional untill a new session is established.
For multiple parallel sessions one should provide distinct tokenId(s) yet stable for every session (e.g. device ID etc.)
- Note: does not perform periodic refresh while idle, so the session would inevitably expire if not called long enough. One may, however periodicaly call
refresh()method
Parameters
androidJvm
| url | authorisation service endpoint (HTTP(S)) |
| tokenId | authorisation session ID, controls multiple parallel sessions |
| permissions | list of required permissions for this session |
val auth = AuthorizationSession(
url = "https://api-cloud-dev.spatium.io/authorization/v1",
tokenId = UUID.randomUUID().toString(),
listOf("read", "secret")
)
val data = jsonPost(
"https://api-cloud-dev.spatium.io/authorization/v1/api/security-factor/credentials",
mapOf(Pair("request-id", UUID.randomUUID().toString())),
CredentialsRequest(username = "mario", password = "123456"),
CredentialsResponse::class.java
)
auth.establish(listOf(data!!.data.securityToken))
val first = auth.getPermissionToken()
Thread.sleep(2_000)
auth.refresh()
val second = auth.getPermissionToken()
assertFalse(first == second)
Constructors
| AuthorizationSession | [androidJvm] constructor(url: String, tokenId: String, permissions: List<String>) |
Functions
| Name | Summary |
|---|---|
| establish | [androidJvm] suspend fun establish(securityTokens: List<String>) Espablish a new authorisation session, replacing the prevoius one, if any. |
| getPermissionToken | [androidJvm] suspend fun getPermissionToken(): String Get current permission (access) token |
| refresh | [androidJvm] suspend fun refresh() Manually refresh session |