Source code

001package com.nimbusds.openid.connect.provider.spi.claims;
002
003
004import net.minidev.json.JSONObject;
005import org.checkerframework.checker.nullness.qual.Nullable;
006
007import com.nimbusds.oauth2.sdk.id.ClientID;
008import com.nimbusds.oauth2.sdk.token.AccessToken;
009import com.nimbusds.openid.connect.provider.spi.InvocationContext;
010import com.nimbusds.openid.connect.provider.spi.tokens.TokenEncoderContext;
011import com.nimbusds.openid.connect.sdk.claims.ClaimsTransport;
012
013
014/**
015 * OpenID Connect claims request context. The supplied context parameters can
016 * be used in the processing and accounting of a claims request.
017 */
018public interface ClaimsSourceRequestContext extends InvocationContext {
019        
020        
021        /**
022         * Returns the claims transport, if applicable.
023         *
024         * @return {@link ClaimsTransport#USERINFO UserInfo} or
025         *         {@link ClaimsTransport#ID_TOKEN ID token}, {@code null} if
026         *         the claims source SPI is invoked for another purpose (e.g.
027         *         in a {@link TokenEncoderContext}).
028         */
029        ClaimsTransport getClaimsTransport();
030        
031        
032        /**
033         * Returns the optional claims fulfillment data.
034         *
035         * @return The claims fulfillment data, {@code null} if not specified.
036         */
037        @Nullable JSONObject getClaimsData();
038
039
040        /**
041         * Returns the identifier of the OAuth 2.0 client (client_id).
042         *
043         * @return The client ID. Not {@code null}.
044         */
045        ClientID getClientID();
046        
047        
048        /**
049         * Returns the client IP address.
050         *
051         * @return The client IP address, {@code null} if not available.
052         */
053        @Nullable String getClientIPAddress();
054        
055        
056        /**
057         * Returns the received and successfully validated UserInfo access
058         * token for the claims request. If a claims request is triggered in a
059         * OpenID Connect implicit and hybrid flows, where the claims are
060         * returned as part of the ID token, an access token is not involved
061         * and hence not returned by this method.
062         *
063         * <p>The claims source may use the UserInfo access token for the
064         * retrieval of aggregated and distributed claims, where the same token
065         * is recognised by the upstream claims providers. See OpenID Connect
066         * Core 1.0, section 5.6.
067         *
068         * @return The UserInfo access token, {@code null} if the claims
069         *         request wasn't triggered by a UserInfo request.
070         */
071        @Nullable AccessToken getUserInfoAccessToken();
072}