Class MutableAccessTokenAuthorization
- java.lang.Object
-
- com.nimbusds.openid.connect.provider.spi.tokens.MutableAccessTokenAuthorization
-
- All Implemented Interfaces:
AccessTokenAuthorization
public final class MutableAccessTokenAuthorization extends Object implements AccessTokenAuthorization
Mutable access token authorisation.
-
-
Constructor Summary
Constructors Constructor Description MutableAccessTokenAuthorization()
Creates a new empty mutable access token authorisation.MutableAccessTokenAuthorization(AccessTokenAuthorization source)
Creates a new mutable access token authorisation from the specified one.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description @Nullable com.nimbusds.oauth2.sdk.id.Actor
getActor()
Returns the access token actor, in impersonation and delegation scenarios.@Nullable List<com.nimbusds.oauth2.sdk.id.Audience>
getAudienceList()
Returns the audience list of the access token, which may be the logical names of the intended resource servers.@Nullable Set<String>
getClaimNames()
Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.@Nullable net.minidev.json.JSONObject
getClaimsData()
Returns the optional OpenID claims fulfillment data.@Nullable List<com.nimbusds.langtag.LangTag>
getClaimsLocales()
Returns the preferred locales for the consented OpenID claims.@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation
getClientCertificateConfirmation()
Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.@Nullable com.nimbusds.oauth2.sdk.id.ClientID
getClientID()
Returns the identifier of the client to which the access token is issued.@Nullable net.minidev.json.JSONObject
getData()
Returns the optional data for the access token.@Nullable Instant
getExpirationTime()
Returns the expiration time of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Issuer
getIssuer()
Returns the issuer of the access token.@Nullable Instant
getIssueTime()
Returns the issue time of the access token.@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation
getJWKThumbprintConfirmation()
Returns the JWK SHA-256 thumbprint confirmation for DPoP.@Nullable com.nimbusds.oauth2.sdk.id.JWTID
getJWTID()
Returns the JSON Web Token (JWT) identifier of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Subject
getLocalSubject()
Returns the access token local subject.@Nullable Map<String,Object>
getOtherTopLevelParameters()
Returns a map of other top-level parameters.@Nullable net.minidev.json.JSONObject
getPresetClaims()
Returns the preset OpenID claims to be included in the UserInfo response.@Nullable com.nimbusds.oauth2.sdk.Scope
getScope()
Returns the scope of the access token.@Nullable com.nimbusds.oauth2.sdk.id.Subject
getSubject()
Returns the access token subject.@Nullable String
getSubjectSessionKey()
Returns the associated subject (end-user) session key (session ID with omitted HMAC).@Nullable com.nimbusds.openid.connect.sdk.SubjectType
getSubjectType()
Returns the access token subject type.String
toString()
MutableAccessTokenAuthorization
withActor(@Nullable com.nimbusds.oauth2.sdk.id.Actor act)
Sets the access token actor, in impersonation and delegation scenarios.MutableAccessTokenAuthorization
withAudienceList(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList)
Sets the audience list of the access token, which may be the logical names of the intended resource servers.MutableAccessTokenAuthorization
withClaimNames(@Nullable Set<String> claimNames)
Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.MutableAccessTokenAuthorization
withClaimsData(@Nullable net.minidev.json.JSONObject claimsData)
Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.MutableAccessTokenAuthorization
withClaimsLocales(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales)
Sets the preferred locales for the consented OpenID claims.MutableAccessTokenAuthorization
withClientCertificateConfirmation(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t)
Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.MutableAccessTokenAuthorization
withClientID(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID)
Sets the identifier of the client to which the access token is issued.MutableAccessTokenAuthorization
withData(@Nullable net.minidev.json.JSONObject data)
Sets the optional data for the access token.MutableAccessTokenAuthorization
withExpirationTime(@Nullable Instant exp)
Sets the expiration time of the access token.MutableAccessTokenAuthorization
withIssuer(@Nullable com.nimbusds.oauth2.sdk.id.Issuer iss)
Sets the issuer of the access token.MutableAccessTokenAuthorization
withIssueTime(@Nullable Instant iat)
Sets the issue time of the access token.MutableAccessTokenAuthorization
withJWKThumbprintConfirmation(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt)
Sets the JWK SHA-256 thumbprint confirmation for DPoP.MutableAccessTokenAuthorization
withJWTID(@Nullable com.nimbusds.oauth2.sdk.id.JWTID jti)
Sets the JSON Web Token (JWT) identifier of the access token.MutableAccessTokenAuthorization
withLocalSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject)
Sets the access token local (system) subject.MutableAccessTokenAuthorization
withOtherTopLevelParameters(@Nullable Map<String,Object> params)
Sets the other top-level parameters.MutableAccessTokenAuthorization
withPresetClaims(@Nullable net.minidev.json.JSONObject presetClaims)
Sets the preset OpenID claims to be included in the UserInfo response.MutableAccessTokenAuthorization
withScope(@Nullable com.nimbusds.oauth2.sdk.Scope scope)
Sets the scope of the access token.MutableAccessTokenAuthorization
withSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub)
Sets the access token subject.MutableAccessTokenAuthorization
withSubjectSessionkey(@Nullable String subjectSessionKey)
Sets the associated subject (end-user) session key (session ID with omitted HMAC).MutableAccessTokenAuthorization
withSubjectType(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType)
Sets the access token subject type.
-
-
-
Constructor Detail
-
MutableAccessTokenAuthorization
public MutableAccessTokenAuthorization()
Creates a new empty mutable access token authorisation.
-
MutableAccessTokenAuthorization
public MutableAccessTokenAuthorization(AccessTokenAuthorization source)
Creates a new mutable access token authorisation from the specified one.- Parameters:
source
- The source access token authorisation. Must not benull
.
-
-
Method Detail
-
withSubject
public MutableAccessTokenAuthorization withSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject sub)
Sets the access token subject.- Parameters:
sub
- The subject,null
if not specified.- Returns:
- This object.
-
getSubject
public @Nullable com.nimbusds.oauth2.sdk.id.Subject getSubject()
Description copied from interface:AccessTokenAuthorization
Returns the access token subject.- Specified by:
getSubject
in interfaceAccessTokenAuthorization
- Returns:
- The subject,
null
if not specified.
-
withActor
public MutableAccessTokenAuthorization withActor(@Nullable com.nimbusds.oauth2.sdk.id.Actor act)
Sets the access token actor, in impersonation and delegation scenarios.- Parameters:
act
- The actor,null
if not specified.- Returns:
- This object.
-
getActor
public @Nullable com.nimbusds.oauth2.sdk.id.Actor getActor()
Description copied from interface:AccessTokenAuthorization
Returns the access token actor, in impersonation and delegation scenarios.- Specified by:
getActor
in interfaceAccessTokenAuthorization
- Returns:
- The actor,
null
if not specified.
-
withClientID
public MutableAccessTokenAuthorization withClientID(@Nullable com.nimbusds.oauth2.sdk.id.ClientID clientID)
Sets the identifier of the client to which the access token is issued.- Parameters:
clientID
- The client identifier,null
if not specified.- Returns:
- This object.
-
getClientID
public @Nullable com.nimbusds.oauth2.sdk.id.ClientID getClientID()
Description copied from interface:AccessTokenAuthorization
Returns the identifier of the client to which the access token is issued.- Specified by:
getClientID
in interfaceAccessTokenAuthorization
- Returns:
- The client identifier,
null
if not specified.
-
withScope
public MutableAccessTokenAuthorization withScope(@Nullable com.nimbusds.oauth2.sdk.Scope scope)
Sets the scope of the access token.- Parameters:
scope
- The scope,null
if not specified.- Returns:
- This object.
-
getScope
public @Nullable com.nimbusds.oauth2.sdk.Scope getScope()
Description copied from interface:AccessTokenAuthorization
Returns the scope of the access token.- Specified by:
getScope
in interfaceAccessTokenAuthorization
- Returns:
- The scope,
null
if not specified.
-
withExpirationTime
public MutableAccessTokenAuthorization withExpirationTime(@Nullable Instant exp)
Sets the expiration time of the access token.- Parameters:
exp
- The expiration time,null
if not specified.- Returns:
- This object.
-
getExpirationTime
public @Nullable Instant getExpirationTime()
Description copied from interface:AccessTokenAuthorization
Returns the expiration time of the access token.- Specified by:
getExpirationTime
in interfaceAccessTokenAuthorization
- Returns:
- The expiration time,
null
if not specified.
-
withIssueTime
public MutableAccessTokenAuthorization withIssueTime(@Nullable Instant iat)
Sets the issue time of the access token.- Parameters:
iat
- The issue time,null
if not specified.- Returns:
- This object.
-
getIssueTime
public @Nullable Instant getIssueTime()
Description copied from interface:AccessTokenAuthorization
Returns the issue time of the access token.- Specified by:
getIssueTime
in interfaceAccessTokenAuthorization
- Returns:
- The issue time,
null
if not specified.
-
withIssuer
public MutableAccessTokenAuthorization withIssuer(@Nullable com.nimbusds.oauth2.sdk.id.Issuer iss)
Sets the issuer of the access token.- Parameters:
iss
- The issuer,null
if not specified.- Returns:
- This object.
-
getIssuer
public @Nullable com.nimbusds.oauth2.sdk.id.Issuer getIssuer()
Description copied from interface:AccessTokenAuthorization
Returns the issuer of the access token.- Specified by:
getIssuer
in interfaceAccessTokenAuthorization
- Returns:
- The issuer,
null
if not specified.
-
withAudienceList
public MutableAccessTokenAuthorization withAudienceList(@Nullable List<com.nimbusds.oauth2.sdk.id.Audience> audList)
Sets the audience list of the access token, which may be the logical names of the intended resource servers.- Parameters:
audList
- The audience list,null
if not specified.- Returns:
- This object.
-
getAudienceList
public @Nullable List<com.nimbusds.oauth2.sdk.id.Audience> getAudienceList()
Description copied from interface:AccessTokenAuthorization
Returns the audience list of the access token, which may be the logical names of the intended resource servers.- Specified by:
getAudienceList
in interfaceAccessTokenAuthorization
- Returns:
- The audience list,
null
if not specified.
-
withSubjectType
public MutableAccessTokenAuthorization withSubjectType(@Nullable com.nimbusds.openid.connect.sdk.SubjectType subjectType)
Sets the access token subject type.- Parameters:
subjectType
- The subject type,null
if not specified (may implypublic
).- Returns:
- This object.
-
getSubjectType
public @Nullable com.nimbusds.openid.connect.sdk.SubjectType getSubjectType()
Description copied from interface:AccessTokenAuthorization
Returns the access token subject type.- Specified by:
getSubjectType
in interfaceAccessTokenAuthorization
- Returns:
- The subject type,
null
if not specified (may implypublic
).
-
withLocalSubject
public MutableAccessTokenAuthorization withLocalSubject(@Nullable com.nimbusds.oauth2.sdk.id.Subject localSubject)
Sets the access token local (system) subject.- Parameters:
localSubject
- The local (system) subject,null
if not specified or for a pairwisesubject type
that couldn't be reversed.- Returns:
- This object.
-
getLocalSubject
public @Nullable com.nimbusds.oauth2.sdk.id.Subject getLocalSubject()
Description copied from interface:AccessTokenAuthorization
Returns the access token local subject. Equals theAccessTokenAuthorization.getSubject()
value unless thesubject type
is pairwise.Use this method if there is a need to get the local (system) subject for an access token which subject was made pairwise for its audience (resource server).
Note, an access token which subject is made pairwise must not have its local subject exposed in introspection responses intended for the token audience!
- Specified by:
getLocalSubject
in interfaceAccessTokenAuthorization
- Returns:
- The local subject,
null
if not specified or for a pairwisesubject type
that couldn't be reversed.
-
withJWTID
public MutableAccessTokenAuthorization withJWTID(@Nullable com.nimbusds.oauth2.sdk.id.JWTID jti)
Sets the JSON Web Token (JWT) identifier of the access token.- Parameters:
jti
- The JWT ID,null
if not specified or applicable.- Returns:
- This object.
-
getJWTID
public @Nullable com.nimbusds.oauth2.sdk.id.JWTID getJWTID()
Description copied from interface:AccessTokenAuthorization
Returns the JSON Web Token (JWT) identifier of the access token.- Specified by:
getJWTID
in interfaceAccessTokenAuthorization
- Returns:
- The JWT ID,
null
if not specified or applicable.
-
withClaimNames
public MutableAccessTokenAuthorization withClaimNames(@Nullable Set<String> claimNames)
Sets the names of the consented OpenID claims to be accessed at the UserInfo endpoint.- Parameters:
claimNames
- The claim names,null
if not specified.- Returns:
- This object.
-
getClaimNames
public @Nullable Set<String> getClaimNames()
Description copied from interface:AccessTokenAuthorization
Returns the names of the consented OpenID claims to be accessed at the UserInfo endpoint.- Specified by:
getClaimNames
in interfaceAccessTokenAuthorization
- Returns:
- The claim names,
null
if not specified.
-
withClaimsLocales
public MutableAccessTokenAuthorization withClaimsLocales(@Nullable List<com.nimbusds.langtag.LangTag> claimsLocales)
Sets the preferred locales for the consented OpenID claims.- Parameters:
claimsLocales
- The preferred claims locales,null
if not specified.- Returns:
- This object.
-
getClaimsLocales
public @Nullable List<com.nimbusds.langtag.LangTag> getClaimsLocales()
Description copied from interface:AccessTokenAuthorization
Returns the preferred locales for the consented OpenID claims.- Specified by:
getClaimsLocales
in interfaceAccessTokenAuthorization
- Returns:
- The preferred claims locales,
null
if not specified.
-
withPresetClaims
public MutableAccessTokenAuthorization withPresetClaims(@Nullable net.minidev.json.JSONObject presetClaims)
Sets the preset OpenID claims to be included in the UserInfo response.- Parameters:
presetClaims
- The preset OpenID claims,null
if not specified.- Returns:
- This object.
-
getPresetClaims
public @Nullable net.minidev.json.JSONObject getPresetClaims()
Description copied from interface:AccessTokenAuthorization
Returns the preset OpenID claims to be included in the UserInfo response.- Specified by:
getPresetClaims
in interfaceAccessTokenAuthorization
- Returns:
- The preset OpenID claims,
null
if not specified.
-
withClaimsData
public MutableAccessTokenAuthorization withClaimsData(@Nullable net.minidev.json.JSONObject claimsData)
Sets the OpenID claims fulfillment data for the claims source at the UserInfo endpoint.- Parameters:
claimsData
- The OpenID claims fulfillment data,null
if not specified.- Returns:
- This object.
-
getClaimsData
public @Nullable net.minidev.json.JSONObject getClaimsData()
Description copied from interface:AccessTokenAuthorization
Returns the optional OpenID claims fulfillment data.- Specified by:
getClaimsData
in interfaceAccessTokenAuthorization
- Returns:
- The OpenID claims fulfillment data,
null
if not specified.
-
withSubjectSessionkey
public MutableAccessTokenAuthorization withSubjectSessionkey(@Nullable String subjectSessionKey)
Sets the associated subject (end-user) session key (session ID with omitted HMAC).- Parameters:
subjectSessionKey
- The subject session key,null
if not available.
-
getSubjectSessionKey
public @Nullable String getSubjectSessionKey()
Description copied from interface:AccessTokenAuthorization
Returns the associated subject (end-user) session key (session ID with omitted HMAC).- Specified by:
getSubjectSessionKey
in interfaceAccessTokenAuthorization
- Returns:
- The subject session key,
null
if not available.
-
withData
public MutableAccessTokenAuthorization withData(@Nullable net.minidev.json.JSONObject data)
Sets the optional data for the access token.- Parameters:
data
- The optional data, represented as a JSON object,null
if not specified.- Returns:
- This object.
-
getData
public @Nullable net.minidev.json.JSONObject getData()
Description copied from interface:AccessTokenAuthorization
Returns the optional data for the access token.- Specified by:
getData
in interfaceAccessTokenAuthorization
- Returns:
- The optional data, represented as a JSON object,
null
if not specified.
-
withClientCertificateConfirmation
public MutableAccessTokenAuthorization withClientCertificateConfirmation(@Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation cnfX5t)
Sets the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.- Parameters:
cnfX5t
- The client X.509 certificate confirmation,null
if none.- Returns:
- This object.
-
getClientCertificateConfirmation
public @Nullable com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation getClientCertificateConfirmation()
Description copied from interface:AccessTokenAuthorization
Returns the client X.509 certificate confirmation (SHA-256 thumbprint) for mutual TLS.- Specified by:
getClientCertificateConfirmation
in interfaceAccessTokenAuthorization
- Returns:
- The client X.509 certificate confirmation,
null
if none.
-
withJWKThumbprintConfirmation
public MutableAccessTokenAuthorization withJWKThumbprintConfirmation(@Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation cnfJkt)
Sets the JWK SHA-256 thumbprint confirmation for DPoP.- Parameters:
cnfJkt
- The JWK thumbprint confirmation,null
if none.- Returns:
- This object.
-
getJWKThumbprintConfirmation
public @Nullable com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation getJWKThumbprintConfirmation()
Description copied from interface:AccessTokenAuthorization
Returns the JWK SHA-256 thumbprint confirmation for DPoP.- Specified by:
getJWKThumbprintConfirmation
in interfaceAccessTokenAuthorization
- Returns:
- The JWK thumbprint confirmation,
null
if none.
-
withOtherTopLevelParameters
public MutableAccessTokenAuthorization withOtherTopLevelParameters(@Nullable Map<String,Object> params)
Sets the other top-level parameters.- Parameters:
params
- Other top-level parameters, the values should map to JSON entities,null
if none.- Returns:
- This object.
-
getOtherTopLevelParameters
public @Nullable Map<String,Object> getOtherTopLevelParameters()
Description copied from interface:AccessTokenAuthorization
Returns a map of other top-level parameters.- Specified by:
getOtherTopLevelParameters
in interfaceAccessTokenAuthorization
- Returns:
- Other top-level parameters, the values should map to JSON
entities,
null
if none.
-
-