Frequently Asked Questions

Q: How should I use this class?

  • You need to first instantiate a SOFA object with the authorization server and the authorization scope.

  • The application then calls the appropriate authenticateWithXxx() method based on the desired OAuth 2.0 authentication method (grant type).

  • From then on, the application can get a valid access token anytime thru getAccessToken() or a ready-to-use HTTP authorization header with getHttpAuthorizationHeader(). If the access token has expired in the meantime, SOFA will transparently call the authorization server again for a refreshed or a new token based on the used grant type.

  • The HTTP authorization header with the access token must then be added to each HTTP request sent to the server holding the protected resource.

Q: Does SOFA need any additional library or jar files?

  • Only one additional library (org.json.JSONObject) is used to parse the returned JSON data from the authorization server. The required class is included in the distribution package.

Q: Is SOFA affected by the Apache Log4j vulnerability?

  • No, SOFA uses the standard Java Logger class which was not affected by this vulnerability.

Q: How can I get support?

  • Support is provided on best-effort basis. You may contact the author thru email at andy.brunner@k43.ch. Please describe your problem as detailed as possible and include the debugging log whenever possible. Note that the log does not include any confidential data.

Last updated