Thread-safe OAuth 2.0 authorization code callback servlet using the jakarta namespace to process
the authorization code or error response from authorization page redirect.
This is designed to simplify the flow in which an end-user authorizes your web application to
access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect
the end-user to an authorization page. If the end-user grants authorization, they will be
redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the
#onSuccess will be called. Similarly, if the end-user grants authorization, they will be
redirected to this servlet and #onError will be called.
Sample usage:
publicclassServletCallbackSampleextendsAbstractAuthorizationCodeCallbackServlet{@OverrideprotectedvoidonSuccess(HttpServletRequestreq,HttpServletResponseresp,Credentialcredential)throwsServletException,IOException{resp.sendRedirect("/");}@OverrideprotectedvoidonError(HttpServletRequestreq,HttpServletResponseresp,AuthorizationCodeResponseUrlerrorResponse)throwsServletException,IOException{// handle error}@OverrideprotectedStringgetRedirectUri(HttpServletRequestreq)throwsServletException,IOException{GenericUrlurl=newGenericUrl(req.getRequestURL().toString());url.setRawPath("/oauth2callback");returnurl.build();}@OverrideprotectedAuthorizationCodeFlowinitializeFlow()throwsIOException{returnnewAuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),newNetHttpTransport(),newGsonFactory(),newGenericUrl("https://server.example.com/token"),newBasicAuthentication("s6BhdRkqt3","7Fjfp0ZBr1KtDRbnfVdmIw"),"s6BhdRkqt3","https://server.example.com/authorize").setCredentialStore(newJdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))).build();}@OverrideprotectedStringgetUserId(HttpServletRequestreq)throwsServletException,IOException{// return user ID}}
Returns the user ID for the given HTTP servlet request. This identifies your application's user
and is used to assign and persist credentials to that user. Most commonly, this will be a user
id stored in the session or even the session id itself.
Loads the authorization code flow to be used across all HTTP servlet requests (only called
during the first HTTP servlet request with an authorization code).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Class AbstractAuthorizationCodeCallbackServlet (1.39.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.39.0 (latest)](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.38.2](/java/docs/reference/google-oauth-client/1.38.2/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.37.0](/java/docs/reference/google-oauth-client/1.37.0/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.36.0](/java/docs/reference/google-oauth-client/1.36.0/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.34.1](/java/docs/reference/google-oauth-client/1.34.1/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.33.3](/java/docs/reference/google-oauth-client/1.33.3/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet)\n- [1.32.1](/java/docs/reference/google-oauth-client/1.32.1/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet) \n\n public abstract class AbstractAuthorizationCodeCallbackServlet extends HttpServlet\n\nThread-safe OAuth 2.0 authorization code callback servlet using the jakarta namespace to process\nthe authorization code or error response from authorization page redirect.\n\nThis is designed to simplify the flow in which an end-user authorizes your web application to\naccess their protected data. The main servlet class extends [AbstractAuthorizationCodeServlet](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeServlet) which if the end-user credentials are not found, will redirect\nthe end-user to an authorization page. If the end-user grants authorization, they will be\nredirected to this servlet that extends [AbstractAuthorizationCodeCallbackServlet](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet) and the\n[#onSuccess](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeCallbackServlet_onSuccess_) will be called. Similarly, if the end-user grants authorization, they will be\nredirected to this servlet and [#onError](/java/docs/reference/google-oauth-client/latest/com.google.api.client.extensions.servlet.auth.oauth2.jakarta.AbstractAuthorizationCodeCallbackServlet#com_google_api_client_extensions_servlet_auth_oauth2_jakarta_AbstractAuthorizationCodeCallbackServlet_onError_) will be called.\n\nSample usage: \n\n\n public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {\n\n @Override\n protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)\n throws ServletException, IOException {\n resp.sendRedirect(\"/\");\n }\n\n @Override\n protected void onError(\n HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)\n throws ServletException, IOException {\n // handle error\n }\n\n @Override\n protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {\n GenericUrl url = new GenericUrl(req.getRequestURL().toString());\n url.setRawPath(\"/oauth2callback\");\n return url.build();\n }\n\n @Override\n protected AuthorizationCodeFlow initializeFlow() throws IOException {\n return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),\n new NetHttpTransport(),\n new GsonFactory(),\n new GenericUrl(\"https://server.example.com/token\"),\n new BasicAuthentication(\"s6BhdRkqt3\", \"7Fjfp0ZBr1KtDRbnfVdmIw\"),\n \"s6BhdRkqt3\",\n \"https://server.example.com/authorize\").setCredentialStore(\n new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory(\"transactions-optional\")))\n .build();\n }\n\n @Override\n protected String getUserId(HttpServletRequest req) throws ServletException, IOException {\n // return user ID\n }\n }\n \nInheritance\n-----------\n\n[java.lang.Object](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html) \\\u003e jakarta.servlet.GenericServlet \\\u003e jakarta.servlet.http.HttpServlet \\\u003e AbstractAuthorizationCodeCallbackServlet \n\nInherited Members\n-----------------\n\njakarta.servlet.GenericServlet.destroy() \njakarta.servlet.GenericServlet.getInitParameter(java.lang.String) \njakarta.servlet.GenericServlet.getInitParameterNames() \njakarta.servlet.GenericServlet.getServletConfig() \njakarta.servlet.GenericServlet.getServletContext() \njakarta.servlet.GenericServlet.getServletInfo() \njakarta.servlet.GenericServlet.getServletName() \njakarta.servlet.GenericServlet.init() \njakarta.servlet.GenericServlet.init(jakarta.servlet.ServletConfig) \njakarta.servlet.GenericServlet.log(java.lang.String) \njakarta.servlet.GenericServlet.log(java.lang.String,java.lang.Throwable) \njakarta.servlet.http.HttpServlet.doDelete(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doGet(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doHead(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doOptions(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doPost(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doPut(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.doTrace(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \njakarta.servlet.http.HttpServlet.getLastModified(jakarta.servlet.http.HttpServletRequest) \njakarta.servlet.http.HttpServlet.service(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse) \njakarta.servlet.http.HttpServlet.service(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse) \n[Object.clone()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--) \n[Object.equals(Object)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-) \n[Object.finalize()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--) \n[Object.getClass()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--) \n[Object.hashCode()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--) \n[Object.notify()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--) \n[Object.notifyAll()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--) \n[Object.toString()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--) \n[Object.wait()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--) \n[Object.wait(long)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-) \n[Object.wait(long,int)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-)\n\nConstructors\n------------\n\n### AbstractAuthorizationCodeCallbackServlet()\n\n public AbstractAuthorizationCodeCallbackServlet()\n\nMethods\n-------\n\n### doGet(HttpServletRequest req, HttpServletResponse resp)\n\n protected final void doGet(HttpServletRequest req, HttpServletResponse resp)\n\n**Overrides** \njakarta.servlet.http.HttpServlet.doGet(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)\n\n### getRedirectUri(HttpServletRequest req)\n\n protected abstract String getRedirectUri(HttpServletRequest req)\n\nReturns the redirect URI for the given HTTP servlet request.\n\n### getUserId(HttpServletRequest req)\n\n protected abstract String getUserId(HttpServletRequest req)\n\nReturns the user ID for the given HTTP servlet request. This identifies your application's user\nand is used to assign and persist credentials to that user. Most commonly, this will be a user\nid stored in the session or even the session id itself.\n\n### initializeFlow()\n\n protected abstract AuthorizationCodeFlow initializeFlow()\n\nLoads the authorization code flow to be used across all HTTP servlet requests (only called\nduring the first HTTP servlet request with an authorization code).\n\n### onError(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)\n\n protected void onError(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)\n\nHandles an error to the authorization, such as when an end user denies authorization.\n\nDefault implementation is to do nothing, but subclasses should override and implement.\nSample implementation:\n\nresp.sendRedirect(\"/denied\");\n\n### onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)\n\n protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)\n\nHandles a successfully granted authorization.\n\nDefault implementation is to do nothing, but subclasses should override and implement.\nSample implementation:\n\nresp.sendRedirect(\"/granted\");"]]