eBay OAuth Client Library (Java)
- What is OAuth 2.0
- Supported Languages
- Getting Started
- Library Setup and getting started
- Types of Tokens
- Supported Grant Types for OAuth
- Libraries used
- Developers and Contributors
eBay OAuth client library is a simple and easy-to-use library for integrating with eBay OAuth and designed to be used for OAuth 2.0 specification supported by eBay. There are multiple standard clients that can be used with eBay OAuth, such as Spring OAuth client. However, this library in addition to functioning as a simple eBay OAuth client, helps with additional features such as cached App tokens. There are also future enhancements planned to add id_token support, 'login with eBay' support etc.,
What is OAuth 2.0
This is created as a Maven based Java project and can be used as a dependency in a Java based application or other JVM based languages such as Groovy, Scala etc.,
Current Version : 1.1.0 Add following to <dependencies/> section of your pom.xml as given below
<dependency> <groupId>com.ebay.auth</groupId> <artifactId>ebay-oauth-java-client</artifactId> <version>1.1.0</version> </dependency>
All interactions with this library can be performed using
OAuth2Api oauth2Api = new OAuth2Api();
Library Setup and getting started
Ensure you have a config file in your source code of type YAML. Refer to ebay-config-sample.yaml.
This file would hold all your application credentials such as AppId, DevId, and CertId. Refer to Creating eBay Developer Account for details on how to get these credentials.
Once the file is created, call
CredentialUtil.load(new FileInputStream(<your-config-location>));to load the credentials.
It is recommended to load the credentials during startup time (initialization) to prevent runtime delays.
Once the credentials are loaded, call any operation on
Types of Tokens
There are mainly two types of tokens in usage.
An application token contains an application identity which is generated using
client_credentials grant type. These application tokens are useful for interaction with application specific APIs such as usage statistics etc.,
A user token (access token or refresh token) contains a user identity and the application’s identity. This is usually generated using the
authorization_code grant type or the
refresh_token grant type.
Supported Grant Types for OAuth
All of the regular OAuth 2.0 specifications such as
refresh_token are all supported. Refer to eBay Developer Portal
Grant Type: Client Credentials
This grant type can be performed by simply using
OAuth2Api.getApplicationToken(). Read more about this grant type at oauth-client-credentials-grant
Grant Type: Authorization Code
This grant type can be performed by a two step process. Call
OAuth2Api.generateUserAuthorizationUrl() to get the Authorization URL to redirect the user to. Once the user authenticates and approves the consent, the callback need to be captured by the redirect URL setup by the app and then call
OAuth2Api.exchangeCodeForAccessToken() to get the refresh and access tokens.
Grant Type: Refresh Token
This grant type can be performed by simply using
OAuth2Api.getAccessToken(). Usually access tokens are short lived and if the access token is expired, the caller can use the refresh token to generate a new access token. Read more about it at Using a refresh token to update a user access token
Grant Type: Id Token (OpenID Connect)
This grant type is added to support the OpenID connect protocol for generating an Id token which helps provide identity federation without any API access. This protocol is usually helpful when a functionality such as "Login via eBay" is required without any need for access tokens.
This is a two step process. The URL to redirect the user can be generated via
OAuth2Api.generateIdTokenUrl(). Once the user authenticates to eBay site, the callback redirect URL will be invoked with the id_token as an additional parameter. The validity of the
id_token can be verified and the verified attributes extracted using
EbayIdTokenValidator.validate(). Ensure that only the authorized clientIds are passed to the function to verify if the id_token has been issued to one of those clients only.
This method also verifies the signature, the expiration and issuer of the
id_token before returning back the verified attributes.
||It is also a good practice to send a unique nonce in every request and verify if the id_token has been issued only for that nonce.|
Contributions in terms of patches, features, or comments are always welcome. Refer to CONTRIBUTING for guidelines. Submit Github issues for any feature enhancements, bugs, or documentation problems as well as questions and comments.
Before you commit
The current version of the library is 1.1.0 and supports the following features. 1. OAuth 2.0 specification for Access and Refresh tokens 2. OpenID connect based id_token support
Copyright (c) 2019 eBay Inc.
Use of this source code is governed by a Apache-2.0 license that can be found in the LICENSE file or at https://opensource.org/licenses/Apache-2.0.