Java SDK for Schibsted account
The SDK is published on Maven Central and available via for
example Gradle: implementation 'com.schibsted.account:account-sdk-java:<version>'.
Full API documentation (javadoc) is available here.
All operations are performed via the AuthClient. Instantiate it via the object builder:
import com.schibsted.account.AuthClient;
import com.schibsted.account.ClientCredentials;
AuthClient client = new AuthClient.Builder(
new ClientCredentials(<client id>, <client secret>),
AuthClient.Environment.PRE)
.build();Using your client credentials you can obtain a client token with the necessary scopes:
import com.schibsted.account.token.AccessToken;
AccessToken accessToken = client.clientCredentialsGrant(<scopes>);When you have an OAuth authorization code you can obtain user tokens:
import com.schibsted.account.token.UserTokens;
UserTokens userTokens = client.authorizationCodeGrant(<auth code>, <redirect uri>, <expected nonce>);If the access token has expired, you can obtain a new one by using the refresh token:
UserTokens refreshed = client.refreshTokenGrant(userTokens.getRefreshToken().getToken());When you receive a token it can be introspected to get the associated authorization data. There are two methods of introspection:
- "remote introspection": by making an introspection request the authorization data is returned from Schibsted account.
- "local introspection": by verifying the signature and the tokens validity, the authorization data can be read directly from the claims of the token. Note: Some user tokens - those signed with a symmetric secret key - can not be introspected locally. Only remote introspection is supported for those tokens.