Trimble Identity SDK for Java
It is core helper library containing primitives and interaction with supported grant type token providers. It is base library for OAuth 2.0 related protocol operations. It provides,
- Discovery of endpoints
- Grant Types Token Providers
- Token Refresh
- Token Validation
- HTTP Client Handler to access a given API with the access token
Getting Started
Installation
Apache Maven
<dependency> <groupId>com.trimble</groupId> <artifactId>trimble-id</artifactId> <version>1.0.0</version></dependency>Gradle
implementation group: 'com.trimble', name: 'trimble-id', version: '1.0.0'Authentication with Trimble Identity
To utilize TID authentication, the calling app must be registered with Trimble Identity. You can conveniently handle the application registration process on Trimble Developer Console
Configure the endpoint
Configure the well-known URL endpoint is used to retrieve the authorization, token and user info endpoints for Trimble OAuth server.
| Stage Well-Known URL | https://stage.id.trimblecloud.com/.well-known/openid-configuration |
|---|---|
| Production Well-Known URL | https://id.trimble.com/.well-known/openid-configuration |
Usage Reference
Fixed Endpoint Provider
This endpoint provider is used to provide a fixed set of endpoints.
Usage
import com.trimble.id.FixedEndpointProvider;
FixedEndpointProvider endpointProvider = new FixedEndpointProvider(URI.create("https://authorization.url"), URI.create("https://token.url"));URI endpoint = endpointProvider.getAuthorizationEndpoint().get();OpenID Endpoint Provider
This endpoint provider is used to retrieve the endpoints from a well-known URL endpoint.
Usage
import com.trimble.id.OpenIdEndpointProvider;
OpenIdEndpointProvider endpointProvider = new OpenIdEndpointProvider(URI.create("https://id.trimble.com/.well-known/openid-configuration"));URI endpoint = endpointProvider.getAuthorizationEndpoint().get();Authorization Code Grant Token Provider
This token provider is used to retrieve an access token using the authorization code grant type.
Usage
import com.trimble.id.AuthorizationCodeGrantTokenProvider;
AuthorizationCodeGrantTokenProvider tokenProvider = new AuthorizationCodeGrantTokenProvider(endpointProvider, "clientId", "https://redirect.url").withClientSecret("clientSecret").withScopes(new String[] { "scope" });
// Launch the browser using this authorizationUriURI authorizationUri = tokenProvider.createAuthorizationUri().get();
// Upon redirection, listen on rediect URI to validate the auth codeboolean validated = tokenProvider.isAuthorizationSuccessful(queryString);
// Once successfully validated, you can retrieve required tokensif (validated) { String accessToken = tokenProvider.getAccessToken().get(); String refreshToken = tokenProvider.getRefreshToken().get(); String idToken = tokenProvider.getIdToken().get();}Authorization Code Grant Token Provider with PKCE
Authorization Code with Proof Key for Code Exchange (PKCE) flow is an extension of the Authorization Code grant flow. However, with PKCE, client secret is not required.
Usage
import com.trimble.id.AuthorizationCodeGrantTokenProvider;
AuthorizationCodeGrantTokenProvider tokenProvider = new AuthorizationCodeGrantTokenProvider(endpointProvider, "clientId", "https://redirect.url").withProofKeyForCodeExchange().withScopes(new String[] { "scope" });
// Launch the browser using this authorizationUriURI authorizationUri = tokenProvider.createAuthorizationUri().get();
// Upon redirection, listen on rediect URI to validate the auth codeboolean validated = tokenProvider.isAuthorizationSuccessful(queryString);
// Once successfully validated, you can retrieve required tokensif (validated) { String accessToken = tokenProvider.getAccessToken().get(); String refreshToken = tokenProvider.getRefreshToken().get(); String idToken = tokenProvider.getIdToken().get();}Client Credential Token Provider
This token provider is used to retrieve an access token using the client credentials grant type.
Usage
import com.trimble.id.ClientCredentialsGrantTokenProvider;
ClientCredentialsGrantTokenProvider tokenProvider = new ClientCredentialsGrantTokenProvider(endpointProvider, "clientId", "clientSecret").withScopes(new String[] { "scope" });String accessToken = tokenProvider.getAccessToken().get();Validated Claimset Provider
A claimset provider that returns a validated claimset.
Usage
import com.trimble.id.ValidatedClaimsetProvider;
ValidatedClaimsetProvider claimsetProvider = new ValidatedClaimsetProvider(keysetProvider);JWTClaimsSet claimset = claimsetProvider.retrieveClaimset(idToken).get();BearerToken HttpClientProvider
It is possible to use the trimble-id library to retrieve an HttpClient with the appropriate authorization header set. This can be used to make requests to the Trimble Cloud Core Platform APIs.
Usage
import com.trimble.id.BearerTokenHttpClientProvider;
BearerTokenHttpClientProvider httpClientProvider = new BearerTokenHttpClientProvider(tokenProvider, baseUri);HttpClient httpClient = this.httpClientProvider.retrieveClient().get();Samples
Please refer a code guided samples for supporeted grant type token providers here
Support
Send email to cloudplatform_support@trimble.com