Class DefaultClientBuilder
- All Implemented Interfaces:
ClientBuilder
The default ClientBuilder
implementation. This looks for configuration files
in the following locations and order of precedence (last one wins).
- classpath:com/okta/sdk/config/okta.properties
- classpath:com/okta/sdk/config/okta.yaml
- classpath:okta.properties
- classpath:okta.yaml
- ~/.okta/okta.yaml
- Environment Variables (with dot notation converted to uppercase + underscores)
- System Properties
- Programmatically
- Since:
- 0.5.0
-
Field Summary
Fields inherited from interface com.okta.sdk.client.ClientBuilder
DEFAULT_CLIENT_API_TOKEN_PROPERTY_NAME, DEFAULT_CLIENT_AUTHENTICATION_SCHEME_PROPERTY_NAME, DEFAULT_CLIENT_AUTHORIZATION_MODE_PROPERTY_NAME, DEFAULT_CLIENT_CACHE_CACHES_PROPERTY_NAME, DEFAULT_CLIENT_CACHE_ENABLED_PROPERTY_NAME, DEFAULT_CLIENT_CACHE_TTI_PROPERTY_NAME, DEFAULT_CLIENT_CACHE_TTL_PROPERTY_NAME, DEFAULT_CLIENT_CONNECTION_TIMEOUT_PROPERTY_NAME, DEFAULT_CLIENT_ID_PROPERTY_NAME, DEFAULT_CLIENT_KID_PROPERTY_NAME, DEFAULT_CLIENT_OAUTH2_ACCESS_TOKEN_PROPERTY_NAME, DEFAULT_CLIENT_ORG_URL_PROPERTY_NAME, DEFAULT_CLIENT_PRIVATE_KEY_PROPERTY_NAME, DEFAULT_CLIENT_PROXY_HOST_PROPERTY_NAME, DEFAULT_CLIENT_PROXY_PASSWORD_PROPERTY_NAME, DEFAULT_CLIENT_PROXY_PORT_PROPERTY_NAME, DEFAULT_CLIENT_PROXY_USERNAME_PROPERTY_NAME, DEFAULT_CLIENT_REQUEST_TIMEOUT_PROPERTY_NAME, DEFAULT_CLIENT_RETRY_MAX_ATTEMPTS_PROPERTY_NAME, DEFAULT_CLIENT_SCOPES_PROPERTY_NAME, DEFAULT_CLIENT_TESTING_DISABLE_HTTPS_CHECK_PROPERTY_NAME
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionbuild()
Constructs a newApiClient
instance based on the ClientBuilder's current configuration state.protected org.apache.hc.client5.http.impl.classic.HttpClientBuilder
createHttpClientBuilder
(ClientConfiguration clientConfig) Override to customize the client, allowing one to add additional interceptors.protected org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder
createHttpClientConnectionManagerBuilder
(ClientConfiguration clientConfig) Override to customize the connection manager, allowing the increase of max connectionsprotected org.apache.hc.client5.http.config.RequestConfig.Builder
createHttpRequestConfigBuilder
(ClientConfiguration clientConfig) Override to customize the request configsetAuthorizationMode
(AuthorizationMode authorizationMode) Overrides the default (very secure) Okta SSWS Digest Authentication Scheme used to authenticate every request sent to the Okta API server.setCacheManager
(CacheManager cacheManager) Sets theCacheManager
that should be used to cache Okta REST resources, reducing round-trips to the Okta API server and enhancing application performance.setClientCredentials
(ClientCredentials clientCredentials) Allows specifying anApiKey
instance directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setClientId
(String clientId) Allows specifying the client ID instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setConnectionTimeout
(int timeout) Sets both the timeout until a connection is established and the socket timeout (i.e.setCustomJwtSigner
(UnaryOperator<byte[]> jwtSigner, String algorithm) Allows specifying a custom signer for signing JWT token, instead of using a locally stored private key.Allows specifying the Key ID (kid) instead of relying on the YAML config.setOAuth2AccessToken
(String oAuth2AccessToken) Allows specifying the user obtained OAuth2 access token to be used by the SDK.Sets the base URL of the Okta REST API to use.setPrivateKey
(InputStream privateKeyStream) Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setPrivateKey
(String privateKey) Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setPrivateKey
(Path privateKeyPath) Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setPrivateKey
(PrivateKey privateKey) Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.setProxy
(com.okta.commons.http.config.Proxy proxy) Sets the HTTP proxy to be used when communicating with the Okta API server.setRetryMaxAttempts
(int maxAttempts) Sets the maximum number of attempts to retrying before giving up.setRetryMaxElapsed
(int maxElapsed) Sets the maximum number of seconds to wait when retrying before giving up.Allows specifying a list of scopes directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.
-
Constructor Details
-
DefaultClientBuilder
public DefaultClientBuilder()
-
-
Method Details
-
setProxy
Description copied from interface:ClientBuilder
Sets the HTTP proxy to be used when communicating with the Okta API server. For example:Proxy proxy = new Proxy("whatever.domain.com", 443); Client client =
Clients
.builder().setProxy(proxy).build();- Specified by:
setProxy
in interfaceClientBuilder
- Parameters:
proxy
- theProxy
you need to use.- Returns:
- the ClientBuilder instance for method chaining.
-
setCacheManager
Description copied from interface:ClientBuilder
Sets theCacheManager
that should be used to cache Okta REST resources, reducing round-trips to the Okta API server and enhancing application performance. Single JVM ApplicationsIf your application runs on a single JVM-based applications, the
CacheManagerBuilder
should be sufficient for your needs. You create aCacheManagerBuilder
by using theCaches
utility class, for example:import static com.okta.sdk.cache.Caches.*; ... ApiClient client = Clients.builder()... .setCacheManager(
newCacheManager()
.withDefaultTimeToLive(1, TimeUnit.DAYS) //general default .withDefaultTimeToIdle(2, TimeUnit.HOURS) //general default .withCache(forResource
(User.class) //User-specific cache settings .withTimeToLive(1, TimeUnit.HOURS) .withTimeToIdle(30, TimeUnit.MINUTES)) .withCache(forResource
(Group.class) //Group-specific cache settings .withTimeToLive(2, TimeUnit.HOURS)) .build() //build the CacheManager ) .build(); //build the ClientThe above TTL and TTI times are just examples showing API usage - the times themselves are not recommendations. Choose TTL and TTI times based on your application requirements.
Multi-JVM / Clustered ApplicationsThe default
CacheManager
instances returned by theCacheManagerBuilder
might not be sufficient for a multi-instance application that runs on multiple JVMs and/or hosts/servers, as there could be cache-coherency problems across the JVMs. See theCacheManagerBuilder
JavaDoc for additional information.In these multi-JVM environments, you will likely want to create a simple CacheManager implementation that wraps your distributed Caching API/product of choice and then plug that implementation in to the Okta SDK via this method. Hazelcast is one known cluster-safe caching product, and the Okta SDK has out-of-the-box support for this as an extension module. See the top-level class JavaDoc for a Hazelcast configuration example.
- Specified by:
setCacheManager
in interfaceClientBuilder
- Parameters:
cacheManager
- theCacheManager
that should be used to cache Okta REST resources, reducing round-trips to the Okta API server and enhancing application performance.- Returns:
- the ClientBuilder instance for method chaining
-
setConnectionTimeout
Description copied from interface:ClientBuilder
Sets both the timeout until a connection is established and the socket timeout (i.e. a maximum period of inactivity between two consecutive data packets). A timeout value of zero is interpreted as an infinite timeout.- Specified by:
setConnectionTimeout
in interfaceClientBuilder
- Parameters:
timeout
- connection and socket timeout in seconds- Returns:
- the ClientBuilder instance for method chaining
-
setClientCredentials
Description copied from interface:ClientBuilder
Allows specifying anApiKey
instance directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
. Currently, you should use a com.okta.sdk.impl.api.TokenClientCredentials (if you are NOT using an okta.yaml file)- Specified by:
setClientCredentials
in interfaceClientBuilder
- Parameters:
clientCredentials
- the token to use to authenticate requests to the Okta API server.- Returns:
- the ClientBuilder instance for method chaining.
-
setRetryMaxElapsed
Description copied from interface:ClientBuilder
Sets the maximum number of seconds to wait when retrying before giving up.- Specified by:
setRetryMaxElapsed
in interfaceClientBuilder
- Parameters:
maxElapsed
- retry max elapsed duration in seconds- Returns:
- the ClientBuilder instance for method chaining
-
setRetryMaxAttempts
Description copied from interface:ClientBuilder
Sets the maximum number of attempts to retrying before giving up.- Specified by:
setRetryMaxAttempts
in interfaceClientBuilder
- Parameters:
maxAttempts
- retry max attempts- Returns:
- the ClientBuilder instance for method chaining
-
build
Description copied from interface:ClientBuilder
Constructs a newApiClient
instance based on the ClientBuilder's current configuration state.- Specified by:
build
in interfaceClientBuilder
- Returns:
- a new
ApiClient
instance based on the ClientBuilder's current configuration state.
-
createHttpClientBuilder
protected org.apache.hc.client5.http.impl.classic.HttpClientBuilder createHttpClientBuilder(ClientConfiguration clientConfig) Override to customize the client, allowing one to add additional interceptors.- Parameters:
clientConfig
- the current ClientConfiguration- Returns:
- an
HttpClientBuilder
initialized with default configuration
-
createHttpRequestConfigBuilder
protected org.apache.hc.client5.http.config.RequestConfig.Builder createHttpRequestConfigBuilder(ClientConfiguration clientConfig) Override to customize the request config- Parameters:
clientConfig
- the current clientConfig- Returns:
- a
RequestConfig.Builder
initialized with default configuration
-
createHttpClientConnectionManagerBuilder
protected org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder createHttpClientConnectionManagerBuilder(ClientConfiguration clientConfig) Override to customize the connection manager, allowing the increase of max connections- Parameters:
clientConfig
- the current clientConfig- Returns:
- a
PoolingHttpClientConnectionManagerBuilder
initialized with default configuration
-
setOrgUrl
Description copied from interface:ClientBuilder
Sets the base URL of the Okta REST API to use. If unspecified, this value defaults tohttps://api.okta.com/v1
- the most common use case for Okta's public SaaS cloud.Customers using Okta's Enterprise HA cloud might need to configure this to be
https://enterprise.okta.io/v1
for example.- Specified by:
setOrgUrl
in interfaceClientBuilder
- Parameters:
baseUrl
- the base URL of the Okta REST API to use.- Returns:
- the ClientBuilder instance for method chaining
-
setAuthorizationMode
Description copied from interface:ClientBuilder
Overrides the default (very secure) Okta SSWS Digest Authentication Scheme used to authenticate every request sent to the Okta API server.Client client = Clients.builder()... // setApiKey, etc... .setAuthorizationMode(AuthorizationMode.SSWS) //set the SSWS authentication mode .build(); //build the Client
- Specified by:
setAuthorizationMode
in interfaceClientBuilder
- Parameters:
authorizationMode
- mode of authorization for requests to the Okta API server.- Returns:
- the ClientBuilder instance for method chaining.
-
setScopes
Description copied from interface:ClientBuilder
Allows specifying a list of scopes directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setScopes
in interfaceClientBuilder
- Parameters:
scopes
- set of scopes for which the client requests access.- Returns:
- the ClientBuilder instance for method chaining.
-
setPrivateKey
Description copied from interface:ClientBuilder
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setPrivateKey
in interfaceClientBuilder
- Parameters:
privateKey
- either the fully qualified string path to the private key PEM file (or) the full PEM payload content.- Returns:
- the ClientBuilder instance for method chaining.
-
setPrivateKey
Description copied from interface:ClientBuilder
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setPrivateKey
in interfaceClientBuilder
- Parameters:
privateKeyPath
- representing the path to private key PEM file.- Returns:
- the ClientBuilder instance for method chaining.
-
setPrivateKey
Description copied from interface:ClientBuilder
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setPrivateKey
in interfaceClientBuilder
- Parameters:
privateKeyStream
- representing an InputStream with private key PEM file content.- Returns:
- the ClientBuilder instance for method chaining.
-
setPrivateKey
Description copied from interface:ClientBuilder
Allows specifying the private key (PEM file) path (for private key jwt authentication) directly instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setPrivateKey
in interfaceClientBuilder
- Parameters:
privateKey
- thePrivateKey
instance.- Returns:
- the ClientBuilder instance for method chaining.
-
setCustomJwtSigner
Description copied from interface:ClientBuilder
Allows specifying a custom signer for signing JWT token, instead of using a locally stored private key.- Specified by:
setCustomJwtSigner
in interfaceClientBuilder
- Parameters:
jwtSigner
- the JWT signer instance.- Returns:
- the ClientBuilder instance for method chaining.
-
setClientId
Description copied from interface:ClientBuilder
Allows specifying the client ID instead of relying on the default location + override/fallback behavior defined in thedocumentation above
.- Specified by:
setClientId
in interfaceClientBuilder
- Parameters:
clientId
- string representing the client ID.- Returns:
- the ClientBuilder instance for method chaining.
-
setOAuth2AccessToken
Description copied from interface:ClientBuilder
Allows specifying the user obtained OAuth2 access token to be used by the SDK. The SDK will NOT obtain access token automatically (using the supplied private key) when this is set.- Specified by:
setOAuth2AccessToken
in interfaceClientBuilder
- Parameters:
oAuth2AccessToken
- the token string.- Returns:
- the ClientBuilder instance for method chaining.
-
setKid
Description copied from interface:ClientBuilder
Allows specifying the Key ID (kid) instead of relying on the YAML config.- Specified by:
setKid
in interfaceClientBuilder
- Parameters:
kid
- string representing the Key ID.- Returns:
- the ClientBuilder instance for method chaining.
-
getClientConfiguration
-