public interface ClientBuilder
The ClientBuilder is used to construct Client instances with Okta credentials,
Proxy and Cache configuration. Understanding caching is extremely important when creating a Client instance, so
please ensure you read the Caching section below.
The simplest usage is to just call the build() method, for example:
Client client =Clients.builder().build();
This will:
OKTA_CLIENT_TOKEN. If either of
these values are present, they override any previously discovered value.okta.client.token. If this value is present, it will override any
previously discovered values.SECURITY NOTICE: While the okta.client.token system property or environment variable OKTA_CLIENT_TOKEN
may be used to represent your API Key Secret as mentioned above, this is not recommended: process listings on a machine
will expose process arguments (like system properties) or environment variables, thus exposing the secret value
to anyone that can read process listings. As always, secret values should never be exposed to anyone other
than the person that owns the API Key.
| Modifier and Type | Method and Description |
|---|---|
ApiClient |
build()
Constructs a new
ApiClient instance based on the ClientBuilder's current configuration state. |
ClientBuilder |
setAuthorizationMode(AuthorizationMode authorizationMode)
Overrides the default (very secure)
Okta SSWS Digest
Authentication Scheme used to authenticate every request sent to the Okta API server.
|
ClientBuilder |
setCacheManager(CacheManager cacheManager)
Sets the
CacheManager that should be used to cache Okta REST resources, reducing round-trips to the
Okta API server and enhancing application performance. |
ClientBuilder |
setClientCredentials(ClientCredentials clientCredentials)
Allows specifying an
ApiKey instance directly instead of relying on the
default location + override/fallback behavior defined in the documentation above. |
ClientBuilder |
setClientId(String clientId)
Allows specifying the client ID instead of relying on the default location + override/fallback behavior defined
in the
documentation above. |
ClientBuilder |
setConnectionTimeout(int timeout)
Sets both the timeout until a connection is established and the socket timeout (i.e.
|
ClientBuilder |
setKid(String kid)
Allows specifying the Key ID (kid) instead of relying on the YAML config.
|
ClientBuilder |
setOAuth2AccessToken(String oAuth2AccessToken)
Allows specifying the user obtained OAuth2 access token to be used by the SDK.
|
ClientBuilder |
setOrgUrl(String baseUrl)
Sets the base URL of the Okta REST API to use.
|
ClientBuilder |
setPrivateKey(InputStream privateKeyInputStream)
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead
of relying on the default location + override/fallback behavior defined
in the
documentation above. |
ClientBuilder |
setPrivateKey(Path privateKeyPath)
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead
of relying on the default location + override/fallback behavior defined
in the
documentation above. |
ClientBuilder |
setPrivateKey(PrivateKey privateKey)
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead
of relying on the default location + override/fallback behavior defined
in the
documentation above. |
ClientBuilder |
setPrivateKey(String privateKey)
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead
of relying on the default location + override/fallback behavior defined
in the
documentation above. |
ClientBuilder |
setProxy(com.okta.commons.http.config.Proxy proxy)
Sets the HTTP proxy to be used when communicating with the Okta API server.
|
ClientBuilder |
setRetryMaxAttempts(int maxAttempts)
Sets the maximum number of attempts to retrying before giving up.
|
ClientBuilder |
setRetryMaxElapsed(int maxElapsed)
Sets the maximum number of seconds to wait when retrying before giving up.
|
ClientBuilder |
setScopes(Set<String> scopes)
Allows specifying a list of scopes directly instead of relying on the
default location + override/fallback behavior defined in the
documentation above. |
static final String DEFAULT_CLIENT_API_TOKEN_PROPERTY_NAME
static final String DEFAULT_CLIENT_CACHE_ENABLED_PROPERTY_NAME
static final String DEFAULT_CLIENT_CACHE_TTL_PROPERTY_NAME
static final String DEFAULT_CLIENT_CACHE_TTI_PROPERTY_NAME
static final String DEFAULT_CLIENT_CACHE_CACHES_PROPERTY_NAME
static final String DEFAULT_CLIENT_ORG_URL_PROPERTY_NAME
static final String DEFAULT_CLIENT_CONNECTION_TIMEOUT_PROPERTY_NAME
static final String DEFAULT_CLIENT_AUTHENTICATION_SCHEME_PROPERTY_NAME
static final String DEFAULT_CLIENT_PROXY_PORT_PROPERTY_NAME
static final String DEFAULT_CLIENT_PROXY_HOST_PROPERTY_NAME
static final String DEFAULT_CLIENT_PROXY_USERNAME_PROPERTY_NAME
static final String DEFAULT_CLIENT_PROXY_PASSWORD_PROPERTY_NAME
static final String DEFAULT_CLIENT_AUTHORIZATION_MODE_PROPERTY_NAME
static final String DEFAULT_CLIENT_ID_PROPERTY_NAME
static final String DEFAULT_CLIENT_SCOPES_PROPERTY_NAME
static final String DEFAULT_CLIENT_PRIVATE_KEY_PROPERTY_NAME
static final String DEFAULT_CLIENT_OAUTH2_ACCESS_TOKEN_PROPERTY_NAME
static final String DEFAULT_CLIENT_KID_PROPERTY_NAME
static final String DEFAULT_CLIENT_REQUEST_TIMEOUT_PROPERTY_NAME
static final String DEFAULT_CLIENT_RETRY_MAX_ATTEMPTS_PROPERTY_NAME
static final String DEFAULT_CLIENT_TESTING_DISABLE_HTTPS_CHECK_PROPERTY_NAME
ClientBuilder setClientCredentials(ClientCredentials clientCredentials)
ApiKey instance directly instead of relying on the
default location + override/fallback behavior defined in the documentation above.
Currently, you should use a com.okta.sdk.impl.api.TokenClientCredentials (if you are NOT using an okta.yaml file)clientCredentials - the token to use to authenticate requests to the Okta API server.ClientBuilder setProxy(com.okta.commons.http.config.Proxy proxy)
Proxy proxy = new Proxy("whatever.domain.com", 443);
Client client = Clients.builder().setProxy(proxy).build();
proxy - the Proxy you need to use.ClientBuilder setCacheManager(CacheManager cacheManager)
CacheManager that should be used to cache Okta REST resources, reducing round-trips to the
Okta API server and enhancing application performance.
Single JVM Applications
If your application runs on a single JVM-based applications, the
CacheManagerBuilder should be sufficient for your needs. You
create a CacheManagerBuilder by using the Caches utility class,
for example:
import static com.okta.sdk.cache.Caches.*;
...
ApiClient client = Clients.builder()...
.setCacheManager(
newCacheManager()
.withDefaultTimeToLive(1, TimeUnit.DAYS) //general default
.withDefaultTimeToIdle(2, TimeUnit.HOURS) //general default
.withCache(forResource(User.class) //User-specific cache settings
.withTimeToLive(1, TimeUnit.HOURS)
.withTimeToIdle(30, TimeUnit.MINUTES))
.withCache(forResource(Group.class) //Group-specific cache settings
.withTimeToLive(2, TimeUnit.HOURS))
.build() //build the CacheManager
)
.build(); //build the Client
The above TTL and TTI times are just examples showing API usage - the times themselves are not recommendations. Choose TTL and TTI times based on your application requirements.
Multi-JVM / Clustered ApplicationsThe default CacheManager instances returned by the
CacheManagerBuilder might not be sufficient for a
multi-instance application that runs on multiple JVMs and/or hosts/servers, as there could be cache-coherency
problems across the JVMs. See the CacheManagerBuilder
JavaDoc for additional information.
In these multi-JVM environments, you will likely want to create a simple CacheManager implementation that wraps your distributed Caching API/product of choice and then plug that implementation in to the Okta SDK via this method. Hazelcast is one known cluster-safe caching product, and the Okta SDK has out-of-the-box support for this as an extension module. See the top-level class JavaDoc for a Hazelcast configuration example.
cacheManager - the CacheManager that should be used to cache Okta REST resources, reducing
round-trips to the Okta API server and enhancing application performance.ClientBuilder setAuthorizationMode(AuthorizationMode authorizationMode)
Client client = Clients.builder()...
// setApiKey, etc...
.setAuthorizationMode(AuthorizationMode.SSWS) //set the SSWS authentication mode
.build(); //build the Client
authorizationMode - mode of authorization for requests to the Okta API server.ClientBuilder setScopes(Set<String> scopes)
documentation above.scopes - set of scopes for which the client requests access.ClientBuilder setPrivateKey(String privateKey)
documentation above.privateKey - either the fully qualified string path to the private key PEM file (or)
the full PEM payload content.ClientBuilder setPrivateKey(Path privateKeyPath)
documentation above.privateKeyPath - representing the path to private key PEM file.ClientBuilder setPrivateKey(InputStream privateKeyInputStream)
documentation above.privateKeyInputStream - representing an InputStream with private key PEM file content.ClientBuilder setPrivateKey(PrivateKey privateKey)
documentation above.privateKey - the PrivateKey instance.ClientBuilder setOAuth2AccessToken(String oAuth2AccessToken)
oAuth2AccessToken - the token string.ClientBuilder setClientId(String clientId)
documentation above.clientId - string representing the client ID.ClientBuilder setKid(String kid)
kid - string representing the Key ID.ClientBuilder setConnectionTimeout(int timeout)
timeout - connection and socket timeout in secondsClientBuilder setOrgUrl(String baseUrl)
https://api.okta.com/v1 - the most common use case for Okta's public SaaS cloud.
Customers using Okta's Enterprise HA cloud might need to configure this to be
https://enterprise.okta.io/v1 for example.
baseUrl - the base URL of the Okta REST API to use.ClientBuilder setRetryMaxElapsed(int maxElapsed)
maxElapsed - retry max elapsed duration in secondsClientBuilder setRetryMaxAttempts(int maxAttempts)
maxAttempts - retry max attemptsCopyright © 2017–2023 Okta. All rights reserved.