001package com.nimbusds.openid.connect.provider.spi.claims; 002 003 004import net.minidev.json.JSONObject; 005import org.checkerframework.checker.nullness.qual.Nullable; 006 007import com.nimbusds.oauth2.sdk.id.ClientID; 008import com.nimbusds.oauth2.sdk.token.AccessToken; 009import com.nimbusds.openid.connect.provider.spi.InvocationContext; 010import com.nimbusds.openid.connect.provider.spi.tokens.TokenEncoderContext; 011import com.nimbusds.openid.connect.sdk.claims.ClaimsTransport; 012 013 014/** 015 * OpenID Connect claims request context. The supplied context parameters can 016 * be used in the processing and accounting of a claims request. 017 */ 018public interface ClaimsSourceRequestContext extends InvocationContext { 019 020 021 /** 022 * Returns the claims transport, if applicable. 023 * 024 * @return {@link ClaimsTransport#USERINFO UserInfo} or 025 * {@link ClaimsTransport#ID_TOKEN ID token}, {@code null} if 026 * the claims source SPI is invoked for another purpose (e.g. 027 * in a {@link TokenEncoderContext}). 028 */ 029 ClaimsTransport getClaimsTransport(); 030 031 032 /** 033 * Returns the optional claims fulfillment data. 034 * 035 * @return The claims fulfillment data, {@code null} if not specified. 036 */ 037 @Nullable JSONObject getClaimsData(); 038 039 040 /** 041 * Returns the identifier of the OAuth 2.0 client (client_id). 042 * 043 * @return The client ID. Not {@code null}. 044 */ 045 ClientID getClientID(); 046 047 048 /** 049 * Returns the client IP address. 050 * 051 * @return The client IP address, {@code null} if not available. 052 */ 053 @Nullable String getClientIPAddress(); 054 055 056 /** 057 * Returns the received and successfully validated UserInfo access 058 * token for the claims request. If a claims request is triggered in a 059 * OpenID Connect implicit and hybrid flows, where the claims are 060 * returned as part of the ID token, an access token is not involved 061 * and hence not returned by this method. 062 * 063 * <p>The claims source may use the UserInfo access token for the 064 * retrieval of aggregated and distributed claims, where the same token 065 * is recognised by the upstream claims providers. See OpenID Connect 066 * Core 1.0, section 5.6. 067 * 068 * @return The UserInfo access token, {@code null} if the claims 069 * request wasn't triggered by a UserInfo request. 070 */ 071 @Nullable AccessToken getUserInfoAccessToken(); 072}