fusionauth logo
search-interface-symbol
Quickstarts
API Docs
SDK
search-interface-symbol
talk to an expert
Log In
talk to an expert
Navigate to...
  • Welcome
  • Getting Started
    • Getting Started
    • 5-minute Setup Guide
      • Overview
      • Docker
      • Fast Path
      • Sandbox
    • Setup Wizard & First Login
    • Register a User and Login
    • Self-service Registration
    • Start and Stop FusionAuth
    • Core Concepts
      • Overview
      • Users
      • Roles
      • Groups
      • Registrations
      • Applications
      • Tenants
      • Identity Providers
      • Authentication/Authorization
      • Integration Points
    • Example Apps
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • PHP
      • Python
      • Ruby
    • Tutorials
      • Overview
      • Java Spring
      • Python Django
      • Ruby on Rails
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Marketplaces
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Microsoft Azure AD B2C
    • Tutorial
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Editions and Features
    • Key Rotation
    • Licensing
    • Monitoring
    • Prometheus Setup
    • Proxy Setup
    • Reference
      • Overview
      • Configuration
      • CORS
      • Data Types
      • Hosted Login Pages Cookies
      • Known Limitations
      • Password Hashes
    • Releases
    • Roadmap
    • Search And FusionAuth
    • Securing
    • Switch Search Engines
    • Technical Support
    • Troubleshooting
    • Upgrading
    • WebAuthn
  • Login Methods
    • Identity Providers
      • Overview
      • Apple
      • Epic Games
      • External JWT
        • Overview
        • Example
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
        • Overview
        • Amazon Cognito
        • Azure AD
        • Discord
        • Github
        • Okta
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • SAML v2
        • Overview
        • ADFS
        • Azure AD
        • Okta
      • SAML v2 IdP Initiated
        • Overview
        • Okta
      • Xbox
    • OIDC & OAuth 2.0
      • Overview
      • Endpoints
      • Tokens
      • OAuth Modes
      • URL Validation
    • Passwordless
      • Overview
      • Magic Links
      • WebAuthn & Passkeys
    • SAML v2 IdP
      • Overview
      • Google
      • PagerDuty
      • Tableau Cloud
      • Zendesk
  • Developer Guide
    • Overview
    • API Gateways
      • Overview
      • Amazon API Gateway
      • Kong Gateway
      • ngrok Cloud Edge
    • Client Libraries & SDKs
      • Overview
      • Dart
      • Go
      • Java
      • JavaScript
      • .NET Core
      • Node
      • OpenAPI
      • PHP
      • Python
      • React
      • Ruby
      • Typescript
    • Events & Webhooks
      • Overview
      • Writing a Webhook
      • Securing Webhooks
      • Events
        • Overview
        • Audit Log Create
        • Event Log Create
        • JWT Public Key Update
        • JWT Refresh
        • JWT Refresh Token Revoke
        • Kickstart Success
        • Group Create
        • Group Create Complete
        • Group Delete
        • Group Delete Complete
        • Group Update
        • Group Update Complete
        • Group Member Add
        • Group Member Add Complete
        • Group Member Remove
        • Group Member Remove Complete
        • Group Member Update
        • Group Member Update Complete
        • User Action
        • User Bulk Create
        • User Create
        • User Create Complete
        • User Deactivate
        • User Delete
        • User Delete Complete
        • User Email Update
        • User Email Verified
        • User IdP Link
        • User IdP Unlink
        • User Login Failed
        • User Login Id Dup. Create
        • User Login Id Dup. Update
        • User Login New Device
        • User Login Success
        • User Login Suspicious
        • User Password Breach
        • User Password Reset Send
        • User Password Reset Start
        • User Password Reset Success
        • User Password Update
        • User Reactivate
        • User Reg. Create
        • User Reg. Create Complete
        • User Reg. Delete
        • User Reg. Delete Complete
        • User Registration Update
        • User Reg. Update Complete
        • User Reg. Verified
        • User 2FA Method Add
        • User 2FA Method Remove
        • User Update
        • User Update Complete
    • Guides
      • Overview
      • Application Specific Email Templates
      • Authentication Tokens
      • Exposing A Local Instance
      • JSON Web Tokens
      • Key Master
      • Localization and Internationalization
      • Multi-Factor Authentication
      • Multi-Tenant
      • Passwordless
      • Registration-based Email Verification
      • Searching With Elasticsearch
      • Securing Your APIs
      • Silent Mode
      • Single Sign-on
      • Two Factor (pre 1.26)
    • Integrations
      • Overview
      • CleanSpeak
      • Kafka
      • Twilio
    • Plugins
      • Overview
      • Writing a Plugin
      • Custom Password Hashing
    • User Control & Gating
      • Overview
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
  • Customization
    • Email & Templates
      • Overview
      • Configure Email
      • Email Templates
      • Email Variables
      • Message Templates
    • Lambdas
      • Overview
      • Apple Reconcile
      • Client Cred. JWT Populate
      • Epic Games Reconcile
      • External JWT Reconcile
      • Facebook Reconcile
      • Google Reconcile
      • HYPR Reconcile
      • JWT Populate
      • LDAP Connector Reconcile
      • LinkedIn Reconcile
      • Nintendo Reconcile
      • OpenID Connect Reconcile
      • SAML v2 Populate
      • SAML v2 Reconcile
      • SCIM Group Req. Converter
      • SCIM Group Resp. Convtr.
      • SCIM User Req. Converter
      • SCIM User Resp. Converter
      • Self-Service Registration
      • Sony PSN Reconcile
      • Steam Reconcile
      • Twitch Reconcile
      • Twitter Reconcile
      • Xbox Reconcile
    • Messengers
      • Overview
      • Generic Messenger
      • Twilio Messenger
    • Themes
      • Overview
      • Examples
      • Helpers
      • Localization
      • Template Variables
      • Kickstart Custom Theme
  • Premium Features
    • Overview
    • Advanced Registration Forms
    • Advanced Threat Detection
    • Application Specific Themes
    • Breached Password Detection
    • Connectors
      • Overview
      • Generic Connector
      • LDAP Connector
      • FusionAuth Connector
    • Entity Management
    • SCIM
      • Overview
      • Azure AD Client
      • Okta Client
      • SCIM-SDK
    • Self Service Account Mgmt
      • Overview
      • Updating User Data & Password
      • Add Two-Factor Authenticator
      • Add Two-Factor Email
      • Add Two-Factor SMS
      • Add WebAuthn Passkey
      • Customizing
      • Troubleshooting
    • WebAuthn
  • APIs
    • Overview
    • Authentication
    • Errors
    • API Explorer
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM User
      • SCIM Group
      • SCIM EnterpriseUser
      • SCIM Service Provider Config.
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • WebAuthn
    • Webhooks
  • Release Notes

    FusionAuth Java Client Library

    Java Client Library

    The Java client library allows you to integrate FusionAuth with your Java application.

    Source Code:

    • https://github.com/FusionAuth/fusionauth-java-client

    Maven Dependency

    
    <dependency>
      <groupId>io.fusionauth</groupId>
      <artifactId>fusionauth-java-client</artifactId>
      <version>${fusionauth.version}</version>
    </dependency>

    When building your application, utilize the version that corresponds to the version of FusionAuth your running. View all available versions on https://search.maven.org

    Using the FusionAuth and consuming the ClientResponse

    The Java client has two styles of use, the first return a ClientResponse object. This object contains everything that occurred while communicating with the FusionAuth server. If the communication with the server encountered a network issue, the ClientResponse.exception might contain an IOException.

    The following code assumes FusionAuth is running on http://localhost:9011 and uses an API key 6b87a398-39f2-4692-927b-13188a81a9a3, you will need to supply your own API key, and if you are not running FusionAuth locally, your host parameter may be different.

    Here is an example of using the retrieveUserByEmail method to retrieve a User by an email address.

    
    import com.inversoft.error.Errors;
    import io.fusionauth.client.FusionAuthClient;
    import io.fusionauth.domain.User;
    import io.fusionauth.domain.api.UserResponse;
    import com.inversoft.rest.ClientResponse;
    
    public class Example {
      private final FusionAuthClient client;
    
      public Example() {
        client = new FusionAuthClient("6b87a398-39f2-4692-927b-13188a81a9a3", "http://localhost:9011");
      }
    
      public User getUserByEmail(String email) {
        ClientResponse<UserResponse, Errors> response = client.retrieveUserByEmail(email);
        if (response.wasSuccessful()) {
          return response.successResponse.user;
        } else if (response.errorResponse != null) {
          // Error Handling
          Errors errors = response.errorResponse;
        } else if (response.exception != null) {
          // Exception Handling
          Exception exception = response.exception;
        }
    
        return null;
      }
    }

    Using the Lambda Delegate

    The Java Client may also be used along with our Lambda delegate that provides exception handling and allows you to write code assuming a happy path. Here is the same example from above using the lambda delegate:

    
    import com.inversoft.error.Errors;
    import io.fusionauth.client.LambdaDelegate;
    import io.fusionauth.client.FusionAuthClient;
    import io.fusionauth.domain.User;
    import com.inversoft.rest.ClientResponse;
    
    public class Example {
      private final String apiKey = "6b87a398-39f2-4692-927b-13188a81a9a3";
    
      private final String fusionauthURL = "http://localhost:9011";
    
      private final FusionAuthClient client;
    
      private final LambdaDelegate delegate;
    
      public Example(String apiKey, String fusionauthURL) {
        this.client = new FusionAuthClient(apiKey, fusionauthURL);
        this.delegate = new LambdaDelegate(this.client, (r) -> r.successResponse, this::handleError);
      }
    
      public User getUserByEmail(String email) {
        return delegate.execute(c -> c.retrieveUserByEmail("user@example.com")).user;
      }
    
      private <T, U> void handleError(ClientResponse<T, U> clientResponse) {
        if (clientResponse.exception != null) {
          // Handle the exception
          ...
        } else if (clientResponse.errorResponse != null && clientResponse.errorResponse instanceof Errors) {
          // Handle errors
          ...
        }
      }
    }

    As you can see, using the lambda delegate requires less code to handle the success response and the error handling code can be re-used.

    Usage Suggestions

    FusionAuth client libraries are a thin wrapper around the REST API. Client libraries are typically used in two different ways.

    First, they can be used to access the FusionAuth APIs in a familiar format, leveraging language features like auto-completion. When used for this, they can be helpful to script FusionAuth configuration, automate common tasks, and create copies of existing applications, groups and more.

    To use the client libraries effectively in this way, it is helpful to review the source code of the client library and the API documentation, which contains the JSON structure. The API documentation is very thorough about the JSON objects it expects as part of the payload as well as what parameters are required when.

    Second, client libraries can exchange a token to let a user to log in via the Authorization Code Grant. This is a secondary use of these libraries. This process is best done by using a language specific OAuth library, which will work with FusionAuth. Here is a community curated list of such libraries.

    Client libraries do not currently provide higher level functionality such as token management. Here is an open issue detailing some requested higher level functionality. Please feel free to file an issue or upvote this one if you desire it.

    You can always directly call the REST API if the client library functionality doesn’t work for you. All the client libraries use the REST API.

    In general, the request object will either be string parameters or a complex object depending on the type of API call being made. Any request object will be mapped by the library to a JSON object required by the corresponding API method. Examining the API documents for the operations you’re trying to call will therefore be useful, especially if you are using language without static typing.

    The response object will typically contain:

    • a status corresponding to the HTTP status code returned by the API. It may also be -1 if no HTTP request was successfully made

    • a JSON success object if the call succeeded.

    • a JSON error object with an intelligible message if the status code is 4xx or 5xx.

    • an exception object if there was no HTTP request sent or there was no reasonable response from the server.

    PATCH requests

    Available Since Version 1.14.0

    PATCH requests are handled differently than you might expect. PATCH operations allow you to modify only parts of an object in FusionAuth.

    In client libraries with static typing, such as this one for Java, there are no strongly typed objects set as part of a PATCH request. Instead, a hash, dictionary or map object is used. Ensure that you are using multi level dictionaries that create JSON with nested keys, otherwise the PATCH request will fail. This allows use of key value pairs to build a PATCH request.

    For example, if you want to change only the name of an application using PATCH, you would want the JSON that is sent across the wire to look like this:

    Example PATCH Application JSON
    
    {
      "application": {
         "name": "hooli-bought-us"
       }
    }

    If you built a typed application request object and then serialized it, it would contain empty arrays or other default values. This would modify the object you were changing in ways you didn’t expect. This would likely cause the system behave in ways you don’t want.

    By requiring you to build nested key value pairs, the JSON serialization works correctly. This is essentially a limitation of the current implementation in Java and FusionAuth PATCH support.

    For this behavior to work correctly with typed objects, FusionAuth would need to ensure the domain object had no default values, and then instruct the serializer to omit empty objects, empty arrays and other values from the resulting JSON. This would ensure that the PATCH was performed correctly with no unwanted side effects.

    Once support for RFC 7396 lands in FusionAuth, there may be some additional options for configuring a JSON serializer to allow use of typed domain objects for PATCH.

    An alternative that allows you to use typed objects immediately is to perform a retrieve operation, modify the object in memory, and then execute an update operation. These are functionally equivalent to a single PATCH operation.

    Related Posts

    • Tucan uses FusionAuth with CockroachDB

    • Unio self hosts FusionAuth and saves $100k

    • Using Java to manage FusionAuth

    Example apps

    • Java jwt - JWT creation and decoding examples with the fusionauth-jwt library
    • Password encryptors - Example of custom password encryptors to help with user migration
    • Scim client - An example SCIM client using FusionAuth as the SCIM server
    • Spring boot - Uses Spring Boot and OIDC to authenticate users with FusionAuth
    • User and application management - Using the FusionAuth client library to add and remove users and applications
    • Webhook lambda function - Stores FusionAuth webhook events to S3 using the CDK to manage infra

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.

    © 2023 FusionAuth
    How-to
    Blog
    Expert Advice
    Download
    Subscribe for developer updates