SstOAuth2HttpClient

Server Smalltalk Guide : OAuth2.0 and OpenID Connect : SstOAuth2HttpClient

SstOAuth2HttpClient

This subclass of the <SstHttpClient> can be used to send requests to API resources protected with the OAuth2.0 protocol.

Instances of this class are obtained as a result of a succesful authentication through a grant (see subclasses of <SstOAuth2AbstractGrant> or by providing it with existing credentials (<SstOAuth2Credentials>) as well as the client id and secret when necessary. By default, the OAuth2.0 credentials are passed in each request using a Basic Authorization header (recommended).

When a refresh token is provided and expiration time is known, a token refresh request will be performed automatically when necessary. You can also execute the refresh token request explicitly using #doRefreshToken.

Class Methods

newForTransportScheme:withCredentials:clientId:clientSecret:

  Create a new http client for the given transport scheme (see <SstHttpClient> superclass) and configured
     to use the provided OAuth2.0 credentials.
     
     Arguments:
        schemeId    - <String>
        credentials -     <SstOAuth2Credentials> obtained either via the <SstOAuth2AbstractGrant> subclass or deserializaed from JSON
        idString - <String | Undefined> the client id, nil for public clients.
        secretString - <String | Undefined> the client secret, nil for public clients.
    Answers:
        <SstOAuth2HttpClient>

newWithCredentials:clientId:clientSecret:

  Create a new http client with the httpsl transport scheme (see <SstHttpClient> superclass) and configured
     to use the provided OAuth2.0 credentials.
     
     Arguments:
        credentials -     <SstOAuth2Credentials> obtained either via the <SstOAuth2AbstractGrant> subclass or deserializaed from JSON
        idString - <String | Undefined> the client id, nil for public clients.
        secretString - <String | Undefined> the client secret, nil for public clients.
    Answers:
        <SstOAuth2HttpClient>

Instance Methods

canDoRefreshToken

No comment

clientId:

  Set the client id.
     
     Arguments:
        clientIdString - <String>

clientSecret:

  Set the client secret.
     
     Arguments:
        clientSecretString - <String>

doRefreshToken

No comment

oauth2Credentials

  Returns the OAuth2.0 credentials (essentially the access token) this http client uses to access the protected resource endpoints.
     
     Answers:
        <SstOAuth2Credentials>

oauth2Credentials:

  Set the OAuth2.0 credentials (essentially the access token) this http client will use to access the protected resource endpoints.
     
     Arguments:
        aSstOAuth2Credentials - <SstOAuth2Credentials>

useBasicAuth

  Returns value of the setting to use Basic Authentication in both the authorization and access token requests.
     Per default, this is True.
     
     Answers:
        <Boolean>

useBasicAuth:

  Define the setting to use Basic Authentication in the access token request for confidential clients (i.e. using client id and client secret).
     Per default, this is set to true, which is the recommended setting.
     
     When set to false on confidential clients, the authentication parameters (client id and client secret) are sent in the POST body.
     
     Arguments:
        aBoolean - <Boolean>

Last modified date: 01/09/2026