001package com.nimbusds.openid.connect.provider.spi.tokens; 002 003 004import java.time.Instant; 005import java.util.List; 006import java.util.Map; 007import java.util.Set; 008 009import com.nimbusds.langtag.LangTag; 010import com.nimbusds.oauth2.sdk.Scope; 011import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation; 012import com.nimbusds.oauth2.sdk.id.*; 013import net.minidev.json.JSONObject; 014 015 016/** 017 * Access token authorisation. 018 */ 019public interface AccessTokenAuthorization { 020 021 022 /** 023 * Returns the token subject. 024 * 025 * @return The subject, {@code null} if not specified. 026 */ 027 Subject getSubject(); 028 029 030 /** 031 * Returns the token actor, in impersonation and delegation scenarios. 032 * 033 * @return The actor, {@code null} if not specified. 034 */ 035 Actor getActor(); 036 037 038 /** 039 * Returns the identifier of the client to which the token is issued. 040 * 041 * @return The client identifier, {@code null} if not specified. 042 */ 043 ClientID getClientID(); 044 045 046 /** 047 * Returns the scope of the token. 048 * 049 * @return The scope, {@code null} if not specified. 050 */ 051 Scope getScope(); 052 053 054 /** 055 * Returns the expiration time of the token. 056 * 057 * @return The expiration time, {@code null} if not specified. 058 */ 059 Instant getExpirationTime(); 060 061 062 /** 063 * Returns the issue time of the token. 064 * 065 * @return The issue time, {@code null} if not specified. 066 */ 067 Instant getIssueTime(); 068 069 070 /** 071 * Returns the issuer of the token. 072 * 073 * @return The issuer, {@code null} if not specified. 074 */ 075 Issuer getIssuer(); 076 077 078 /** 079 * Returns the audience list of the token, which may be the logical 080 * names of the intended resource servers. 081 * 082 * @return The audience list, {@code null} if not specified. 083 */ 084 List<Audience> getAudienceList(); 085 086 087 /** 088 * Returns the JSON Web Token (JWT) identifier of the token. 089 * 090 * @return The JWT ID, {@code null} if not specified or applicable. 091 */ 092 JWTID getJWTID(); 093 094 095 /** 096 * Returns the names of the consented OpenID claims to be accessed at 097 * the UserInfo endpoint. 098 * 099 * @return The claim names, {@code null} if not specified. 100 */ 101 Set<String> getClaimNames(); 102 103 104 /** 105 * Returns the preferred locales for the consented OpenID claims. 106 * 107 * @return The preferred claims locales, {@code null} if not specified. 108 */ 109 List<LangTag> getClaimsLocales(); 110 111 112 /** 113 * Returns the preset OpenID claims to be included in the UserInfo 114 * response. 115 * 116 * @return The preset OpenID claims, {@code null} if not specified. 117 */ 118 JSONObject getPresetClaims(); 119 120 121 /** 122 * Returns the optional data for the token. 123 * 124 * @return The optional data, represented as a JSON object, 125 * {@code null} if not specified. 126 */ 127 JSONObject getData(); 128 129 130 /** 131 * Returns the client X.509 certificate confirmation (SHA-256 132 * thumbprint) for mutual TLS. 133 * 134 * @return The client X.509 certificate confirmation, {@code null} if 135 * not specified. 136 */ 137 X509CertificateConfirmation getClientCertificateConfirmation(); 138 139 140 /** 141 * Returns a map of other top-level parameters. 142 * 143 * @return Other top-level parameters, the values should map to JSON 144 * entities, {@code null} if none. 145 */ 146 default Map<String,Object> getOtherTopLevelParameters() { 147 return null; 148 } 149 150 151 /** 152 * Returns the optional claims fulfillment data. 153 * 154 * @return The claims fulfillment data, {@code null} if not specified. 155 */ 156 default JSONObject getClaimsData() { 157 return null; 158 } 159}